|齐博CMS存储型xss一枚指哪打哪 - VULHUB开源网络安全威胁库

齐博CMS存储型xss一枚指哪打哪

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### 简要描述：齐博CMS存储型xss一枚打任意用户cookie 指哪打哪 ### 详细说明：在编辑出这块的内容处源码模式插入 ``` <img src=# onerror=alert(/Keyboard/)> ``` 这个标签可以没过滤 [<img src="https://images.seebug.org/upload/201504/252109094bbd32fbfe88b49481693e60a77d3ac7.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252109094bbd32fbfe88b49481693e60a77d3ac7.png) 访问新闻页面就 [<img src="https://images.seebug.org/upload/201504/25211451375e55ad9d1c2bbdd026256f3a772e20.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/25211451375e55ad9d1c2bbdd026256f3a772e20.jpg) [<img src="https://images.seebug.org/upload/201504/252114571c23ec2fcd52cf559bd22c9735b07bd3.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252114571c23ec2fcd52cf559bd22c9735b07bd3.png) ok 触发任意用户访问都可以 [<img src="https://images.seebug.org/upload/201504/2521100361c158c8432021f195642d266bcd3861.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/2521100361c158c8432021f195642d266bcd3861.jpg) 调用xss平台插入js语句就可以了 [<img src="https://images.seebug.org/upload/201504/252110280eea8e4f0b9862b1fc9fc8b65aa3b535.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252110280eea8e4f0b9862b1fc9fc8b65aa3b535.jpg) cookie就打到了任意用户访问都可以编辑器漏洞啊是发送消息插入也ok [<img src="https://images.seebug.org/upload/201504/25211809b877b659ca4d0384cdd948223b80d71d.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/25211809b877b659ca4d0384cdd948223b80d71d.jpg) [<img src="https://images.seebug.org/upload/201504/252118151ef9e42ae4806b84e7b5269d05266726.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252118151ef9e42ae4806b84e7b5269d05266726.png) ok指哪打哪 ### 漏洞证明：在编辑出这块的内容处源码模式插入 ``` <img src=# onerror=alert(/Keyboard/)> ``` 这个标签可以没过滤 [<img src="https://images.seebug.org/upload/201504/252109094bbd32fbfe88b49481693e60a77d3ac7.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252109094bbd32fbfe88b49481693e60a77d3ac7.png) 访问新闻页面就 [<img src="https://images.seebug.org/upload/201504/25211451375e55ad9d1c2bbdd026256f3a772e20.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/25211451375e55ad9d1c2bbdd026256f3a772e20.jpg) [<img src="https://images.seebug.org/upload/201504/252114571c23ec2fcd52cf559bd22c9735b07bd3.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252114571c23ec2fcd52cf559bd22c9735b07bd3.png) ok 触发任意用户访问都可以 [<img src="https://images.seebug.org/upload/201504/2521100361c158c8432021f195642d266bcd3861.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/2521100361c158c8432021f195642d266bcd3861.jpg) 调用xss平台插入js语句就可以了 [<img src="https://images.seebug.org/upload/201504/252110280eea8e4f0b9862b1fc9fc8b65aa3b535.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252110280eea8e4f0b9862b1fc9fc8b65aa3b535.jpg) cookie就打到了任意用户访问都可以编辑器漏洞啊是发送消息插入也ok [<img src="https://images.seebug.org/upload/201504/25211809b877b659ca4d0384cdd948223b80d71d.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/25211809b877b659ca4d0384cdd948223b80d71d.jpg) [<img src="https://images.seebug.org/upload/201504/252118151ef9e42ae4806b84e7b5269d05266726.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201504/252118151ef9e42ae4806b84e7b5269d05266726.png) ok指哪打哪

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™