### 简要描述:
盗取cookie咯
### 详细说明:
问题出现在http://mall.zoomla.cn/,也就是 Zoomla!逐浪CMS网店管理系统
在 站内短消息 处内容和主题都没有过滤,导致xss的触发
如图发送xss语句给abc123用户
[<img src="https://images.seebug.org/upload/201408/081647191dbbf33d3e029446398ec210bf0b2582.jpg" alt="QQ图片20140808164705.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/081647191dbbf33d3e029446398ec210bf0b2582.jpg)
分别弹框和获取用户cookie
我们换成abc123用户看看
[<img src="https://images.seebug.org/upload/201408/081649481b7877bf302e5b25d036d03bbcc96ba7.jpg" alt="QQ图片20140808164925.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/081649481b7877bf302e5b25d036d03bbcc96ba7.jpg)
并没有触发,别急,阅读看看
[<img src="https://images.seebug.org/upload/201408/08165031b795be46fe225b90a7391a0a18d5ae92.jpg" alt="QQ图片20140808165016.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/08165031b795be46fe225b90a7391a0a18d5ae92.jpg)
触发了,看看代码
[<img src="https://images.seebug.org/upload/201408/08165136d767302e6843f199120d01dfdf37ee13.jpg" alt="QQ图片20140808165129.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/08165136d767302e6843f199120d01dfdf37ee13.jpg)
分别两处都没过滤哦
获取到的cookie
[<img src="https://images.seebug.org/upload/201408/0816521512f8e8fa9a613f2c87ffd3904e617be6.jpg" alt="QQ图片20140808165203.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/0816521512f8e8fa9a613f2c87ffd3904e617be6.jpg)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201408/0816521512f8e8fa9a613f2c87ffd3904e617be6.jpg" alt="QQ图片20140808165203.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201408/0816521512f8e8fa9a613f2c87ffd3904e617be6.jpg)
暂无评论