Giters

newbee-ltd / newbee-mall

🔥 🎉newbee-mall是一套电商系统,包括基础版本(Spring Boot+Thymeleaf)、前后端分离版本(Spring Boot+Vue 3+Element-Plus+Vue-Router 4+Pinia+Vant 4) 、秒杀版本、Go语言版本、微服务版本(Spring Cloud Alibaba+Nacos+Sentinel+Seata+Spring Cloud Gateway+OpenFeign+ELK)。 前台商城系统包含首页门户、商品分类、新品上线、首页轮播、商品推荐、商品搜索、商品展示、购物车、订单结算、订单流程、个人订单管理、会员中心、帮助中心等模块。 后台管理系统包含数据面板、轮播图管理、商品管理、订单管理、会员管理、分类管理、设置等模块。

Home Page:https://item.jd.com/12890115.html

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

There is xss in the front desk which can get hazards such as administrator cookies

Jayway007 opened this issue · comments

commented

1、Build an environment to simulate users selecting products at the front desk——add to cart——confirm order-pay:
http://127.0.0.1:28089/shop-cart/settle
Insert the payload here at the harvest information:

<script> alert (document.cookie) ![image](https://user-images.githubusercontent.com/22486282/82964894-369aa900-9ff9-11ea-982e-c1c9960371b5.png) 2、When the administrator logs in to the background, XSS will be triggered when viewing the "View Recipient Information" of this order in the "Order Management Office" ![1111](https://user-images.githubusercontent.com/22486282/82964966-6c3f9200-9ff9-11ea-97aa-b03066d60513.png)
commented

Add a screenshot:
image

1111