DedeCMS_v5.7_shops_delivery_存儲型XSS漏洞

# DedeCMS v5.7 shops delivery 存儲型XSS漏洞/en

==Prerequisites==

The site needs to enable the store function.

==Exploit==

Add in the background

![](/static/pwnwiki/img/Add_delivery.png )

After successful addition, the list of delivery methods will be displayed directly, and XSS will be triggered;
In addition, this XSS will also be triggered when the front-end user purchases something and chooses the delivery method

==Reference==
https://wiki.bylibrary.cn/%E6%BC%8F%E6%B4%9E%E5%BA%93/01-CMS%E6%BC%8F%E6%B4%9E/DedeCMS/DedeCMS_v5.7_shops_delivery_%E5%AD%98%E5%82%A8%E5%9E%8BXSS/

文章版权归作者所有，未经允许请勿转载。

THE END