### 简要描述:
KPPW开源威客系统 存储型XSS
### 详细说明:
我们先来注册一个帐号
然后发布商品
[<img src="https://images.seebug.org/upload/201409/1011515840e493da2e95e7ac65ad18c9962329ee.png" alt="图片1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/1011515840e493da2e95e7ac65ad18c9962329ee.png)
[<img src="https://images.seebug.org/upload/201409/101152043ac33005b9dce7dc94b60111125abf42.png" alt="图片2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/101152043ac33005b9dce7dc94b60111125abf42.png)
然后下一步进行抓包
在添加的图片这修改下。
如下图
[<img src="https://images.seebug.org/upload/201409/10115224ed41e55ede36a190c0d8e8d14d3fa539.png" alt="图片3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/10115224ed41e55ede36a190c0d8e8d14d3fa539.png)
[<img src="https://images.seebug.org/upload/201409/10115234e60fb87486ea97df61face8e85f13257.png" alt="图片4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/10115234e60fb87486ea97df61face8e85f13257.png)
### 漏洞证明:
效果如下
[<img src="https://images.seebug.org/upload/201409/10115303c49f72f2bc53b95e8d7700b88dde60e0.png" alt="图片5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/10115303c49f72f2bc53b95e8d7700b88dde60e0.png)
[<img src="https://images.seebug.org/upload/201409/101153106cbd62d0b3d1a03469abfe0312111211.png" alt="图片6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/101153106cbd62d0b3d1a03469abfe0312111211.png)
[<img src="https://images.seebug.org/upload/201409/10115315728e00dea14f927b1be881da658b8d77.png" alt="图片7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/10115315728e00dea14f927b1be881da658b8d77.png)
京公网安备 11010502034610号
暂无评论