LebiShop网店系统多处存储型XSS

### 简要描述： 某网店系统多处存储型XSS ### 详细说明： [<img src="https://images.seebug.org/upload/201504/07001751a317e0104ef90421fbd7c828d630acfb.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001751a317e0104ef90421fbd7c828d630acfb.png) 发表主题 标题处可以插入 内容可以插入 发布直接出发 点击就触发 回复也可以插入 登陆账号来到社区就触发可以看到 [<img src="https://images.seebug.org/upload/201504/07001840d608298367592b7a3c5297e0d3a53985.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001840d608298367592b7a3c5297e0d3a53985.png) [<img src="https://images.seebug.org/upload/201504/070018463160ba781ee3b67d089bfb026c44b50d.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/070018463160ba781ee3b67d089bfb026c44b50d.jpg) [<img src="https://images.seebug.org/upload/201504/070018523aa840e364429995fe2ff6e872cbd53b.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/070018523aa840e364429995fe2ff6e872cbd53b.jpg) [<img src="https://images.seebug.org/upload/201504/07001857fa446e23db435e7517f4cfe12f137820.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001857fa446e23db435e7517f4cfe12f137820.png) [<img src="https://images.seebug.org/upload/201504/0700190502fc73975afe9022d0f32ac92cbb1cf6.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0700190502fc73975afe9022d0f32ac92cbb1cf6.png) [<img src="https://images.seebug.org/upload/201504/07001911f8e2d0e53720143b091fe7d64501d92f.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001911f8e2d0e53720143b091fe7d64501d92f.png) [<img src="https://images.seebug.org/upload/201504/07001918042ad14dba99f8cbfe5997aa41ac0878.jpg" alt="9.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001918042ad14dba99f8cbfe5997aa41ac0878.jpg) ok 这个xss只是 在官网有 ### 漏洞证明： [<img src="https://images.seebug.org/upload/201504/07001751a317e0104ef90421fbd7c828d630acfb.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001751a317e0104ef90421fbd7c828d630acfb.png) 发表主题 标题处可以插入 内容可以插入 发布直接出发 点击就触发 回复也可以插入 登陆账号来到社区就触发可以看到 [<img src="https://images.seebug.org/upload/201504/07001840d608298367592b7a3c5297e0d3a53985.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001840d608298367592b7a3c5297e0d3a53985.png) [<img src="https://images.seebug.org/upload/201504/070018463160ba781ee3b67d089bfb026c44b50d.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/070018463160ba781ee3b67d089bfb026c44b50d.jpg) [<img src="https://images.seebug.org/upload/201504/070018523aa840e364429995fe2ff6e872cbd53b.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/070018523aa840e364429995fe2ff6e872cbd53b.jpg) [<img src="https://images.seebug.org/upload/201504/07001857fa446e23db435e7517f4cfe12f137820.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001857fa446e23db435e7517f4cfe12f137820.png) [<img src="https://images.seebug.org/upload/201504/0700190502fc73975afe9022d0f32ac92cbb1cf6.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/0700190502fc73975afe9022d0f32ac92cbb1cf6.png) [<img src="https://images.seebug.org/upload/201504/07001911f8e2d0e53720143b091fe7d64501d92f.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001911f8e2d0e53720143b091fe7d64501d92f.png) [<img src="https://images.seebug.org/upload/201504/07001918042ad14dba99f8cbfe5997aa41ac0878.jpg" alt="9.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/07001918042ad14dba99f8cbfe5997aa41ac0878.jpg) ok 这个xss只是 在官网有