DedeCMS v5.7 shops delivery Stored XSS vulnerability

From PwnWiki
Revision as of 09:43, 24 June 2021 by Pwnwiki (talk | contribs) (Created page with "DedeCMS v5.7 shops delivery Stored XSS vulnerability")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Other languages:
Chinese • ‎English

Prerequisites

The site needs to enable the store function.

Exploit

Add in the background

Add delivery.png

After successful addition, the list of delivery methods will be displayed directly, and XSS will be triggered; In addition, this XSS will also be triggered when the front-end user purchases something and chooses the delivery method

Reference

https://wiki.bylibrary.cn/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/DedeCMS/DedeCMS_v5.7_shops_delivery_%E5%AD%98%E5%82%A8%E5%9E%8BXSS/

Retrieved from "https://pwnwiki.com/index.php?title=DedeCMS_v5.7_shops_delivery_存儲型XSS漏洞/en&oldid=5603"