DedeCMS v5.7 shops delivery 存儲型XSS漏洞

From PwnWiki

Revision as of 10:16, 10 April 2021 by Pwnwiki (talk | contribs) (Marked this version for translation)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Other languages:

Chinese • ‎English

前提條件

需要站點啟用商城功能。

漏洞利用

後台添加配送方式:

添加成功後直接展示配送方式列表，觸發 XSS；此外，這個 XSS 在前台用戶購買東西選擇配送方式的時候也會觸發

參考

https://wiki.bylibrary.cn/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/DedeCMS/DedeCMS_v5.7_shops_delivery_%E5%AD%98%E5%82%A8%E5%9E%8BXSS/

Retrieved from "https://pwnwiki.com/index.php?title=DedeCMS_v5.7_shops_delivery_存儲型XSS漏洞&oldid=1371"