VULHUB ™

### 简要描述： JEECMS存储型xss2枚(demo演示)可打cookie ### 详细说明： 来到发布稿件这里，在标题处插入`<script>alert(1);</script>`在内容中插入`<script>alert(/Hacked By黑色键盘/);</script>`都可以触发哦 [<img src="https://images.seebug.org/upload/201503/19235912a3f28d921e5abca386a4eeb1cfdaa0cc.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/19235912a3f28d921e5abca386a4eeb1cfdaa0cc.png) 点击标题即可触发 [<img src="https://images.seebug.org/upload/201503/200001101e3a9847f5a48a7a19f3dc9253bf10c8.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/200001101e3a9847f5a48a7a19f3dc9253bf10c8.png) 成功触发 [<img src="https://images.seebug.org/upload/201503/20000145d59139607cf364d0984bf65823fdc358.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20000145d59139607cf364d0984bf65823fdc358.png) [<img src="https://images.seebug.org/upload/201503/20000152fde9c4ce01425273d5da5b9d34dfcdbc.png"...

### 简要描述： JEECMS存储型xss2枚(demo演示)可打cookie ### 详细说明： 来到发布稿件这里，在标题处插入`<script>alert(1);</script>`在内容中插入`<script>alert(/Hacked By黑色键盘/);</script>`都可以触发哦 [<img src="https://images.seebug.org/upload/201503/19235912a3f28d921e5abca386a4eeb1cfdaa0cc.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/19235912a3f28d921e5abca386a4eeb1cfdaa0cc.png) 点击标题即可触发 [<img src="https://images.seebug.org/upload/201503/200001101e3a9847f5a48a7a19f3dc9253bf10c8.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/200001101e3a9847f5a48a7a19f3dc9253bf10c8.png) 成功触发 [<img src="https://images.seebug.org/upload/201503/20000145d59139607cf364d0984bf65823fdc358.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20000145d59139607cf364d0984bf65823fdc358.png) [<img src="https://images.seebug.org/upload/201503/20000152fde9c4ce01425273d5da5b9d34dfcdbc.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20000152fde9c4ce01425273d5da5b9d34dfcdbc.png) ok 调用xss平台插入 [<img src="https://images.seebug.org/upload/201503/200006062d7e8a8c668173de8e6f05a07d555f22.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/200006062d7e8a8c668173de8e6f05a07d555f22.png) ok打到 ### 漏洞证明： 来到发布稿件这里，在标题处插入`<script>alert(1);</script>`在内容中插入`<script>alert(/Hacked By黑色键盘/);</script>`都可以触发哦 [<img src="https://images.seebug.org/upload/201503/19235912a3f28d921e5abca386a4eeb1cfdaa0cc.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/19235912a3f28d921e5abca386a4eeb1cfdaa0cc.png) 点击标题即可触发 [<img src="https://images.seebug.org/upload/201503/200001101e3a9847f5a48a7a19f3dc9253bf10c8.png" alt="2.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/200001101e3a9847f5a48a7a19f3dc9253bf10c8.png) 成功触发 [<img src="https://images.seebug.org/upload/201503/20000145d59139607cf364d0984bf65823fdc358.png" alt="3.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20000145d59139607cf364d0984bf65823fdc358.png) [<img src="https://images.seebug.org/upload/201503/20000152fde9c4ce01425273d5da5b9d34dfcdbc.png" alt="4.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/20000152fde9c4ce01425273d5da5b9d34dfcdbc.png) ok 调用xss平台插入 [<img src="https://images.seebug.org/upload/201503/200006062d7e8a8c668173de8e6f05a07d555f22.png" alt="1.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201503/200006062d7e8a8c668173de8e6f05a07d555f22.png) ok打到