# 极致CMS 1.81以下版本 存储型XSS

#### 漏洞复现 <a href="#lou-dong-fu-xian" id="lou-dong-fu-xian"></a>

登录管理员添加模块<br>

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhq-w345lMZhXveSCkH%2F-Mhq3OAoZKaEbxrJIIwM%2Fimage.png?alt=media\&token=6a3d1eaa-fb0d-4fb3-aeda-6e81d22b63a1)

注册用户

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhq-w345lMZhXveSCkH%2F-Mhq3ROaTaJfQvT6fmUq%2Fimage.png?alt=media\&token=a3dfb7c5-4cb1-411b-8b7e-6604444c63e1)

点击发布文章

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhq-w345lMZhXveSCkH%2F-Mhq3ULXJ3XMOvjitAgY%2Fimage.png?alt=media\&token=ef1b06b1-bbec-44d5-8685-aac4e46931ff)

在文章标题处插入xss payload

``<details open ontoggle= confirm(document[`coo`+`kie`])>``

当管理员访问时XSS成功

![](https://4279400230-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-MgxNkYa2vR6HNnHdkjg%2F-Mhq-w345lMZhXveSCkH%2F-Mhq3ZR7xJz9FBQ9zNki%2Fimage.png?alt=media\&token=ac58a8c9-ef24-49c7-8b6f-d32b31980020)

#### 参考 <a href="#can-kao" id="can-kao"></a>

[极致CMS代码审计](https://xz.aliyun.com/t/7861)