### 简要描述:
这个是商城管理系统,你们懂得哈~
### 详细说明:
demo演示哈~
官网:http://xpshop.cn
demo地址http://hzp.xpshop.cn
demo后台:http://etp.xpshop.cn/admin
用户名:admin 密码:888888
先注册个会员账号,然后存在XSS的地址在会员中心--地址管理--收货人姓名那里我先插入<body/onload=alert(888)>
[<img src="https://images.seebug.org/upload/201411/18150404a3d5261562543c8796c99a4efb608f55.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/18150404a3d5261562543c8796c99a4efb608f55.png)
然后保存可以看到成功弹窗
[<img src="https://images.seebug.org/upload/201411/18150445096d002efb627ae4e2110c518e95df32.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/18150445096d002efb627ae4e2110c518e95df32.png)
然后查看源码可以看到是储存型XSS
[<img src="https://images.seebug.org/upload/201411/18150459ffa1e4f19dcec60009be65f2d29ce113.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/18150459ffa1e4f19dcec60009be65f2d29ce113.png)
接下来先去随便选个东西
[<img src="https://images.seebug.org/upload/201411/1815053608c9623a4ab0a53e0c5f5d3419f1a8a7.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1815053608c9623a4ab0a53e0c5f5d3419f1a8a7.png)
然后购买,地址那里是我们之前插入的XSS语句
[<img src="https://images.seebug.org/upload/201411/18150727379b713a10f85531010979a771c42f7b.png" alt="5.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/18150727379b713a10f85531010979a771c42f7b.png)
提交订单
[<img src="https://images.seebug.org/upload/201411/1815075964e2dc6d6ad338f025abc5162e7bfd4b.png" alt="6.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1815075964e2dc6d6ad338f025abc5162e7bfd4b.png)
查看订单可以看到成功触发XSS
[<img src="https://images.seebug.org/upload/201411/1815081825ec8b9c274fb7d6e88163a38bb02dc4.png" alt="7.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/1815081825ec8b9c274fb7d6e88163a38bb02dc4.png)
接下来来到后台查看订单,可以看到成功触发XSS语句
[<img src="https://images.seebug.org/upload/201411/18150850f0695314d8c094edc716d47f7b5d7be8.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/18150850f0695314d8c094edc716d47f7b5d7be8.png)
[<img src="https://images.seebug.org/upload/201411/181508556e592bccec9c54e596e1e35baa17261e.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/181508556e592bccec9c54e596e1e35baa17261e.png)
[<img src="https://images.seebug.org/upload/201411/181508595c43c68c613eb495bae1082df5cc5d86.png" alt="10.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/181508595c43c68c613eb495bae1082df5cc5d86.png)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201411/18150850f0695314d8c094edc716d47f7b5d7be8.png" alt="8.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/18150850f0695314d8c094edc716d47f7b5d7be8.png)
[<img src="https://images.seebug.org/upload/201411/181508556e592bccec9c54e596e1e35baa17261e.png" alt="9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/181508556e592bccec9c54e596e1e35baa17261e.png)
[<img src="https://images.seebug.org/upload/201411/181508595c43c68c613eb495bae1082df5cc5d86.png" alt="10.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201411/181508595c43c68c613eb495bae1082df5cc5d86.png)
京公网安备 11010502034610号
暂无评论