ECShop留言页面存储型XSS

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: ECShop留言页面存储型XSS ### 详细说明: 回复的时候邮箱可以XSS ``` 247 { 248 if (empty($_REQUEST['parent_id'])) 249 { 250 $sql = "INSERT INTO ".$ecs->table('feedback')." (msg_title, msg_time , user_id, user_name , ". 251 "user_email, parent_id, msg_content) ". 252 "VALUES ('reply', '".gmtime()."', '".$_SESSION['admin_id']." ', ". 253 "'".$_SESSION['admin_name']."', '".$_POST['user_email']. "', ". 254 "'".$_REQUEST['msg_id']."', '".$_POST['msg_content']."') "; 255 $db->query($sql); 256 } ``` 这里直接把邮箱带入SQL语句中,在之前只做了addslashes 返回的时候又stripslashes() 了一次 ### 漏洞证明: [<img src="https://images.seebug.org/upload/201305/2917334491f24810104d0064a43bf336acd8e5a8.png" alt="7E2B00C8-22DE-4004-963A-E779D86AF58C.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201305/2917334491f24810104d0064a43bf336acd8e5a8.png)

0%
暂无可用Exp或PoC
当前有0条受影响产品信息