DedeCMS v5.7 shops delivery 存儲型XSS漏洞

From PwnWiki
Revision as of 10:15, 10 April 2021 by Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==前提條件== <!--T:1--> <!--T:2--> 需要站點啟用商城功能。 </translate> <translate> ==漏洞利用== <!--T:3--> </translate> <tra...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English

前提條件

需要站點啟用商城功能。

漏洞利用

後台添加 配送方式:

Add delivery.png

添加成功後直接展示配送方式列表,觸發 XSS; 此外,這個 XSS 在前台用戶購買東西選擇配送方式的時候也會觸發

參考

https://wiki.bylibrary.cn/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/DedeCMS/DedeCMS_v5.7_shops_delivery_%E5%AD%98%E5%82%A8%E5%9E%8BXSS/

Retrieved from "https://pwnwiki.com/index.php?title=DedeCMS_v5.7_shops_delivery_存儲型XSS漏洞&oldid=1370"