### 简要描述:
Kesion网校系统存在多处通用漏洞 demo演示
### 详细说明:
共有两处XSS漏洞 可盲打用户、管理员
第一处1#
http://e.kesion.com/ask/
问答频道内容处过滤不严导致XSS漏洞
[<img src="https://images.seebug.org/upload/201505/041111152a4ed02ed327e371f6b458c63a2815c9.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/041111152a4ed02ed327e371f6b458c63a2815c9.jpg)
内容处写入我们的XSS 用户浏览时就会执行
http://e.kesion.com/ask/q-342.html
[<img src="https://images.seebug.org/upload/201505/04111257a2f6b722caed18c87b88211edc34380b.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/04111257a2f6b722caed18c87b88211edc34380b.jpg)
[<img src="https://images.seebug.org/upload/201505/04111403aadf4f117ff7189e92dd158bc04e3df2.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/04111403aadf4f117ff7189e92dd158bc04e3df2.jpg)
### 漏洞证明:
第二处#
第二处XSS漏洞出现在资料下载页面的评论处
http://e.kesion.com/model/view.aspx?m_id=3&id=4374
[<img src="https://images.seebug.org/upload/201505/04111440423a7ad1803a00cb6251a1acb9385e31.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/04111440423a7ad1803a00cb6251a1acb9385e31.jpg)
当用户在访问http://e.kesion.com/model/view.aspx?m_id=3&id=4374页面时就会执行
[<img src="https://images.seebug.org/upload/201505/04111542bf4765a90b363bf56cb057e52603fcb0.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/04111542bf4765a90b363bf56cb057e52603fcb0.jpg)
[<img src="https://images.seebug.org/upload/201505/0411161912ae68b8678451d5169e9dfcd836bfb6.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201505/0411161912ae68b8678451d5169e9dfcd836bfb6.jpg)
匿名
京公网安备 11010502034610号
全部评论 (1)