VULHUB ™

### 简要描述： EasyTalk X2.5存储型XSS一枚 ### 详细说明： 在发起投票时允许添加投票说明 在该处没有进行XSS过滤 ### 漏洞证明： 直接看图说话啦 [<img src="https://images.seebug.org/upload/201407/282152406aabe63a87a541d70d17fdd1051fd024.jpg" alt="QQ截图20140728214557.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/282152406aabe63a87a541d70d17fdd1051fd024.jpg) 插入xss后burp抓包修改 [<img src="https://images.seebug.org/upload/201407/28215318df33a5c84b30cc9b8c16a2a11e29841a.jpg" alt="QQ截图20140728215136.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/28215318df33a5c84b30cc9b8c16a2a11e29841a.jpg) [<img src="https://images.seebug.org/upload/201407/2821533349d2e5b82ce8a9385839560afd985edf.jpg" alt="QQ截图20140728215150.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/2821533349d2e5b82ce8a9385839560afd985edf.jpg) [<img src="https://images.seebug.org/upload/201407/282153534143afb7a3a7aa50c5f6d07dfceeae7b.jpg"...

### 简要描述： EasyTalk X2.5存储型XSS一枚 ### 详细说明： 在发起投票时允许添加投票说明 在该处没有进行XSS过滤 ### 漏洞证明： 直接看图说话啦 [<img src="https://images.seebug.org/upload/201407/282152406aabe63a87a541d70d17fdd1051fd024.jpg" alt="QQ截图20140728214557.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/282152406aabe63a87a541d70d17fdd1051fd024.jpg) 插入xss后burp抓包修改 [<img src="https://images.seebug.org/upload/201407/28215318df33a5c84b30cc9b8c16a2a11e29841a.jpg" alt="QQ截图20140728215136.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/28215318df33a5c84b30cc9b8c16a2a11e29841a.jpg) [<img src="https://images.seebug.org/upload/201407/2821533349d2e5b82ce8a9385839560afd985edf.jpg" alt="QQ截图20140728215150.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/2821533349d2e5b82ce8a9385839560afd985edf.jpg) [<img src="https://images.seebug.org/upload/201407/282153534143afb7a3a7aa50c5f6d07dfceeae7b.jpg" alt="QQ截图20140728215258.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/282153534143afb7a3a7aa50c5f6d07dfceeae7b.jpg)