DedeCMS v5.7 shops delivery Stored XSS vulnerability

This page is a translated version of the page DedeCMS v5.7 shops delivery 存儲型XSS漏洞 and the translation is 100% complete.

Other languages:

Chinese • ‎English

Prerequisites

The site needs to enable the store function.

Exploit

Add in the background

After successful addition, the list of delivery methods will be displayed directly, and XSS will be triggered; In addition, this XSS will also be triggered when the front-end user purchases something and chooses the delivery method

Reference

https://wiki.bylibrary.cn/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/DedeCMS/DedeCMS_v5.7_shops_delivery_%E5%AD%98%E5%82%A8%E5%9E%8BXSS/

Anonymous

Search

DedeCMS v5.7 shops delivery Stored XSS vulnerability

Namespaces

More

Page actions

Prerequisites

Exploit

Reference

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

DedeCMS v5.7 shops delivery Stored XSS vulnerability

Prerequisites

Exploit

Reference

Navigation

Wiki tools

Page tools