### 简要描述:
easytalk存在高级安全隐患XSS进入后台
### 详细说明:
问题发生在用户提交认证资料处
没有进行任何过滤
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201309/282031376091db8179256bd2b371f09e08f87b25.png" alt="00.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/282031376091db8179256bd2b371f09e08f87b25.png)
填入XSS代码
登陆后台查看认证信息
[<img src="https://images.seebug.org/upload/201309/28203204000a38bff87d41f48133d912651f3872.png" alt="01.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/28203204000a38bff87d41f48133d912651f3872.png)
[<img src="https://images.seebug.org/upload/201309/282032224d5be6135fa057c2fd6d761aed6ab31e.png" alt="02.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201309/282032224d5be6135fa057c2fd6d761aed6ab31e.png)
京公网安备 11010502034610号
暂无评论