This XSS need to open the Membership module (think of the light when the whole, the high-spirited to see Dede official website ... )
The location of the XSS is the place for the Member Center to post the article and then select the article---post to insert the code in the details
Then view the article to
Maybe to this people will ask, the good-for-a-dozen manager?
Don't worry ...
Because the XSS code can only be placed in onerror and so on, and I have not found a way to get a cookie, and then turn the JS manual
Turned upside down with an idea ...
Insert the following code:
One of the 1.html inside with your XSS platform that call on the line (this is still no management Ah! )
After the article is published, the default is not audited, which means that the default is to view only
But the administrator must be audited.
And then......
Mass transfer
Download accessories (35.15 KB)
When the administrator looks at it
www.hackerschina.org
DEDECMS Member Center Storage type XSS--Chinese cold dragon-WWW.HACKERSCHINA.ORG