全是xss的论坛.jpg

杂谈 | Lounge
1

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731120833-903147-image.png]

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731120941-760994-image.png]

然后逆天的权限判断

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731120979-900134-image.png]

有权限才显示的删除按钮,但是点了会提示没权限

***

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121049-972875-image.png]
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121075-699514-image.png]

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121115-226214-image.png]
还是按时间后先顺序排的

****

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121464-614636-image.png]
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121506-313950-image.png]
(手动狗头)
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121530-847542-image.png]
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121543-2508-image.png]
bsgm,给我退登录了是吧
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121585-710369-image.png]

bsgm,还给我发帖了是吧,就差给我密码改成 `Array.from({ length: 20 }, () => Math.random()).join("")`

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121644-17899-image.png]
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121656-896929-image.png]
[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731121665-361510-image.png]

(好吧没登录不能回帖)

2

啊?

3

这些看多了大脑萎缩

4

@“James”#p146764 :nerd_face: :backhand_index_pointing_up:


```js
const escape = require(‘escape-html’);

5

@“[已注销]”#p146751 一眼自己写的程序,不专业。

6

@“14569”#p146787 都不需要我写xss了,这个论坛本身就是用来搞ctf的(

但是我得先把xss修复,然后搞私信功能

7

@“14569”#p146787 确实是从0开始的hhhh

[upl-image-preview url=https://s.rmimg.com/2024-11-09/1731123376-133733-image.png]

8

HTML转义解君愁:ac01: