VULHUB ™

### 简要描述： xss ### 详细说明： 官方演示站点最新版：http://demo.cuumall.com/ Google：Power by CuuMall v2.3 在地址处填写`<script>alert(1)></script>` [<img src="https://images.seebug.org/upload/201407/28115006281997c245febfb65d9992d7fb90372a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/28115006281997c245febfb65d9992d7fb90372a.jpg) 会提示非法注入 [<img src="https://images.seebug.org/upload/201407/2811502416e460822d4f8aab051507fd84cfb4bf.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/2811502416e460822d4f8aab051507fd84cfb4bf.jpg) 然后把地址改成<h6 onmouseover=alert(document.cookie)>dz [<img src="https://images.seebug.org/upload/201407/28115408ec1f318076f3413d7d9e96833993f410.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/28115408ec1f318076f3413d7d9e96833993f410.jpg) 可以打后台 提交订单后台查看 [<img...

### 简要描述： xss ### 详细说明： 官方演示站点最新版：http://demo.cuumall.com/ Google：Power by CuuMall v2.3 在地址处填写`<script>alert(1)></script>` [<img src="https://images.seebug.org/upload/201407/28115006281997c245febfb65d9992d7fb90372a.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/28115006281997c245febfb65d9992d7fb90372a.jpg) 会提示非法注入 [<img src="https://images.seebug.org/upload/201407/2811502416e460822d4f8aab051507fd84cfb4bf.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/2811502416e460822d4f8aab051507fd84cfb4bf.jpg) 然后把地址改成<h6 onmouseover=alert(document.cookie)>dz [<img src="https://images.seebug.org/upload/201407/28115408ec1f318076f3413d7d9e96833993f410.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/28115408ec1f318076f3413d7d9e96833993f410.jpg) 可以打后台 提交订单后台查看 [<img src="https://images.seebug.org/upload/201407/2811570666c76338dd22ef0eaee1ad793442cd01.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/2811570666c76338dd22ef0eaee1ad793442cd01.jpg) ### 漏洞证明： [<img src="https://images.seebug.org/upload/201407/2811570666c76338dd22ef0eaee1ad793442cd01.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201407/2811570666c76338dd22ef0eaee1ad793442cd01.jpg)