### 简要描述:
某cms支付漏洞1元钱任意买呢 还有几处xss吧
### 详细说明:
1.来选几件商品加入购物车来吧 下面直接修改数量为0就好了
[<img src="https://images.seebug.org/upload/201507/27001037fb58dceca053ac977a4f5164aacc800d.jpg" alt="11.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/27001037fb58dceca053ac977a4f5164aacc800d.jpg)
[<img src="https://images.seebug.org/upload/201507/27001103b0a0a0302b3022c4a8ad38b0cfde8a10.jpg" alt="22.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/27001103b0a0a0302b3022c4a8ad38b0cfde8a10.jpg)
支付了 都来到支付界面了我就不支付了小瘪三没钱
[<img src="https://images.seebug.org/upload/201507/270011534a54528085d6e213c1c3e4d9c95e38d5.jpg" alt="111.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270011534a54528085d6e213c1c3e4d9c95e38d5.jpg)
[<img src="https://images.seebug.org/upload/201507/270011141d60f74c70aff616dc91e510cfeb0cdf.jpg" alt="11.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270011141d60f74c70aff616dc91e510cfeb0cdf.jpg)
//下面是xss咯
在编辑器这块插入 经过base64位加密的xss弹窗咯嘛
[<img src="https://images.seebug.org/upload/201507/270013267395e94f97ff9575549fb0f674bae054.png" alt="2222.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270013267395e94f97ff9575549fb0f674bae054.png)
//之后你懂的
[<img src="https://images.seebug.org/upload/201507/27001348e249bbf12501feb6b41a7b60247f325e.jpg" alt="11111.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/27001348e249bbf12501feb6b41a7b60247f325e.jpg)
插入恶意js经过编码用户访问 cookie必须来
下一处就收获地址这块的 需要闭合一下 提交订单后 后台访问应该会触发的
[<img src="https://images.seebug.org/upload/201507/2700145297d985235d0734e240870071558fd20a.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/2700145297d985235d0734e240870071558fd20a.png)
[<img src="https://images.seebug.org/upload/201507/270015018ac0dddd82718f171300a6d74a7c7a5f.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270015018ac0dddd82718f171300a6d74a7c7a5f.png)
有木有礼物
### 漏洞证明:
1.来选几件商品加入购物车来吧 下面直接修改数量为0就好了
[<img src="https://images.seebug.org/upload/201507/27001037fb58dceca053ac977a4f5164aacc800d.jpg" alt="11.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/27001037fb58dceca053ac977a4f5164aacc800d.jpg)
[<img src="https://images.seebug.org/upload/201507/27001103b0a0a0302b3022c4a8ad38b0cfde8a10.jpg" alt="22.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/27001103b0a0a0302b3022c4a8ad38b0cfde8a10.jpg)
支付了 都来到支付界面了我就不支付了小瘪三没钱
[<img src="https://images.seebug.org/upload/201507/270011534a54528085d6e213c1c3e4d9c95e38d5.jpg" alt="111.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270011534a54528085d6e213c1c3e4d9c95e38d5.jpg)
[<img src="https://images.seebug.org/upload/201507/270011141d60f74c70aff616dc91e510cfeb0cdf.jpg" alt="11.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270011141d60f74c70aff616dc91e510cfeb0cdf.jpg)
//下面是xss咯
在编辑器这块插入 经过base64位加密的xss弹窗咯嘛
[<img src="https://images.seebug.org/upload/201507/270013267395e94f97ff9575549fb0f674bae054.png" alt="2222.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270013267395e94f97ff9575549fb0f674bae054.png)
//之后你懂的
[<img src="https://images.seebug.org/upload/201507/27001348e249bbf12501feb6b41a7b60247f325e.jpg" alt="11111.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/27001348e249bbf12501feb6b41a7b60247f325e.jpg)
插入恶意js经过编码用户访问 cookie必须来
下一处就收获地址这块的 需要闭合一下 提交订单后 后台访问应该会触发的
[<img src="https://images.seebug.org/upload/201507/2700145297d985235d0734e240870071558fd20a.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/2700145297d985235d0734e240870071558fd20a.png)
[<img src="https://images.seebug.org/upload/201507/270015018ac0dddd82718f171300a6d74a7c7a5f.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201507/270015018ac0dddd82718f171300a6d74a7c7a5f.png)
有木有礼物
暂无评论