### 简要描述:
RT-听说分开提交漏洞会降低人品,打包提交会给俩$$!
### 详细说明:
1.提问处xss跨站
```
地址:http://demo.kesion.com/ask/q.asp?id=115
```
[<img src="https://images.seebug.org/upload/201409/21130137d12cdb1a7f0b9074876aff75c5595a49.jpg" alt="xss代码证明2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130137d12cdb1a7f0b9074876aff75c5595a49.jpg)
[<img src="https://images.seebug.org/upload/201409/211255488c9f207b4b1f80d672867083c00db2eb.jpg" alt="提问xss证明.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211255488c9f207b4b1f80d672867083c00db2eb.jpg)
2.回答处xss跨站
正文直接输入跨站代码就可以!
[<img src="https://images.seebug.org/upload/201409/21130216273707e2c60e97636f01db96a401de04.jpg" alt="回答xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130216273707e2c60e97636f01db96a401de04.jpg)
3.个人空间博文xss跨站(标题处写入xss跨站代码)
[<img src="https://images.seebug.org/upload/201409/21130403cddc3b705ee3cd5250e99dc802fa145d.jpg" alt="我的博文xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130403cddc3b705ee3cd5250e99dc802fa145d.jpg)
[<img src="https://images.seebug.org/upload/201409/211304080a350ef0df0ce896a030ba6f208cc2b7.jpg" alt="博文xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211304080a350ef0df0ce896a030ba6f208cc2b7.jpg)
4.个人空间圈子N处xss跨站(公告、名称、圈子发表话题等)
[<img src="https://images.seebug.org/upload/201409/21130530fc965254f9309076ca7ab2d7986379b0.jpg" alt="ff圈子xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130530fc965254f9309076ca7ab2d7986379b0.jpg)
公告和名称处!
[<img src="https://images.seebug.org/upload/201409/2113053699594771734a7aee7a94106d3f710247.jpg" alt="ff圈子xss证明.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2113053699594771734a7aee7a94106d3f710247.jpg)
圈子里面发表话题直接插入代码!
[<img src="https://images.seebug.org/upload/201409/21130548e009923fa7c49aa853c0e43401f266d8.jpg" alt="ff圈子话题xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130548e009923fa7c49aa853c0e43401f266d8.jpg)
5.个人空间我的音乐xss跨站(歌手名字处写入代码)
[<img src="https://images.seebug.org/upload/201409/21130727270ff658ffae286f9b269f3046e3e9db.jpg" alt="001.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130727270ff658ffae286f9b269f3046e3e9db.jpg)
[<img src="https://images.seebug.org/upload/201409/21130749e20e3bda98e25dac60f8c3f985d4f1ba.jpg" alt="我的音乐xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130749e20e3bda98e25dac60f8c3f985d4f1ba.jpg)
6.后续更多 有待挖掘~~
### 漏洞证明:
KesionCMS 万能建站系统 X1.0 官网demo演示系统!
前台注册个帐号! 随便做了下测试,继续深入估计会有更多的洞~
测试浏览器:firefox 32.0.2
1.提问处xss跨站
```
地址:http://demo.kesion.com/ask/q.asp?id=115
```
[<img src="https://images.seebug.org/upload/201409/21130137d12cdb1a7f0b9074876aff75c5595a49.jpg" alt="xss代码证明2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130137d12cdb1a7f0b9074876aff75c5595a49.jpg)
[<img src="https://images.seebug.org/upload/201409/211255488c9f207b4b1f80d672867083c00db2eb.jpg" alt="提问xss证明.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211255488c9f207b4b1f80d672867083c00db2eb.jpg)
2.回答处xss跨站
正文直接输入跨站代码就可以!
[<img src="https://images.seebug.org/upload/201409/21130216273707e2c60e97636f01db96a401de04.jpg" alt="回答xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130216273707e2c60e97636f01db96a401de04.jpg)
3.个人空间博文xss跨站(标题处写入xss跨站代码)
[<img src="https://images.seebug.org/upload/201409/21130403cddc3b705ee3cd5250e99dc802fa145d.jpg" alt="我的博文xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130403cddc3b705ee3cd5250e99dc802fa145d.jpg)
[<img src="https://images.seebug.org/upload/201409/211304080a350ef0df0ce896a030ba6f208cc2b7.jpg" alt="博文xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/211304080a350ef0df0ce896a030ba6f208cc2b7.jpg)
4.个人空间圈子N处xss跨站(公告、名称、圈子发表话题等)
[<img src="https://images.seebug.org/upload/201409/21130530fc965254f9309076ca7ab2d7986379b0.jpg" alt="ff圈子xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130530fc965254f9309076ca7ab2d7986379b0.jpg)
公告和名称处!
[<img src="https://images.seebug.org/upload/201409/2113053699594771734a7aee7a94106d3f710247.jpg" alt="ff圈子xss证明.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/2113053699594771734a7aee7a94106d3f710247.jpg)
圈子里面发表话题直接插入代码!
[<img src="https://images.seebug.org/upload/201409/21130548e009923fa7c49aa853c0e43401f266d8.jpg" alt="ff圈子话题xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130548e009923fa7c49aa853c0e43401f266d8.jpg)
5.个人空间我的音乐xss跨站(歌手名字处写入代码)
[<img src="https://images.seebug.org/upload/201409/21130727270ff658ffae286f9b269f3046e3e9db.jpg" alt="001.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130727270ff658ffae286f9b269f3046e3e9db.jpg)
[<img src="https://images.seebug.org/upload/201409/21130749e20e3bda98e25dac60f8c3f985d4f1ba.jpg" alt="我的音乐xss.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201409/21130749e20e3bda98e25dac60f8c3f985d4f1ba.jpg)
6.后续更多 有待挖掘~~
京公网安备 11010502034610号
暂无评论