### 简要描述:
最新版本会员中心广告预定处xss
### 详细说明:
会员中心广告预定处储存XSS 但是跟 [WooYun: DESTOON存储型xss漏洞可盲打后台](http://www.wooyun.org/bugs/wooyun-2013-037839) 不同的是 前者是管理员审核即可打到cookie 后者是需要审核完毕后 到广告管理处点击那则广告的修改才可触发
图1:
[<img src="https://images.seebug.org/upload/201402/251740304d785fea18923464a08eaef90c5501ff.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/251740304d785fea18923464a08eaef90c5501ff.jpg)
图2:
[<img src="https://images.seebug.org/upload/201402/251740167558418dde51bbf3be51923788e60b23.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/251740167558418dde51bbf3be51923788e60b23.jpg)
图3
[<img src="https://images.seebug.org/upload/201402/25174007f20efacfeb295112d1eb2c7c3d219bd4.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/25174007f20efacfeb295112d1eb2c7c3d219bd4.jpg)
图4
[<img src="https://images.seebug.org/upload/201402/25173956cbcdaffebc0447b807d52e0427af7cbd.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/25173956cbcdaffebc0447b807d52e0427af7cbd.jpg)
图5
[<img src="https://images.seebug.org/upload/201402/251739435762c677eab008aa36981c3be24fea38.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/251739435762c677eab008aa36981c3be24fea38.jpg)
看关键字那里,对比图4,已经发生变化,说明已经触发了代码!
[<img src="https://images.seebug.org/upload/201402/25173921933553f9da8e1b81cfbe49e6b7f42c7a.jpg" alt="6.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/25173921933553f9da8e1b81cfbe49e6b7f42c7a.jpg)
已经成功打到cookie
[<img src="https://images.seebug.org/upload/201402/251739113e3b736eaec4ab5aca7ee6ac39ef9688.jpg" alt="7.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201402/251739113e3b736eaec4ab5aca7ee6ac39ef9688.jpg)
### 漏洞证明:
见上
京公网安备 11010502034610号
暂无评论