DESTOON B2B网站管理系统V5.0多处存储型xss(有点鸡肋)

### 简要描述： ..... ### 详细说明： 直接在http://demo.destoon.com/v5.0上弄的。 存储型Xss一：商务便签存在存储型xss [<img src="https://images.seebug.org/upload/201401/0919522115e26ac28a4a8fcc433a09abc6a75997.jpg" alt="aa.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/0919522115e26ac28a4a8fcc433a09abc6a75997.jpg) 查看源码 [<img src="https://images.seebug.org/upload/201401/09195543db27f94d9b608af42f697185316268fb.jpg" alt="bb.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/09195543db27f94d9b608af42f697185316268fb.jpg) 存储型Xss二：添加商友分类 [<img src="https://images.seebug.org/upload/201401/0919590910b206133d0836a60fe36d3e004f9fc3.jpg" alt="cc.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/0919590910b206133d0836a60fe36d3e004f9fc3.jpg) 查看源码 [<img src="https://images.seebug.org/upload/201401/092000474a5a5deab9bfff5e4538f738cff9f808.jpg" alt="uu.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/092000474a5a5deab9bfff5e4538f738cff9f808.jpg) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201401/092002049e7c8d81b7efca1241fb59b61a58ffc8.jpg" alt="ww.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/092002049e7c8d81b7efca1241fb59b61a58ffc8.jpg) [<img src="https://images.seebug.org/upload/201401/092003025209456b7560ace8d9091838f2206a57.jpg" alt="uu0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/092003025209456b7560ace8d9091838f2206a57.jpg)