26 行
1.2 KiB
HTML
26 行
1.2 KiB
HTML
<!DOCTYPE html><html lang="zh-CN" data-xss-proof="true"><head>
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width, initial-scale=1">
|
|
<title>Gitea Stored XSS Fixture - proof</title>
|
|
<style>
|
|
body { font-family: sans-serif; background: #0f172a; color: #e2e8f0; margin: 0; padding: 32px; }
|
|
main { max-width: 900px; margin: 0 auto; background: #111827; border: 1px solid #334155; border-radius: 16px; padding: 24px; }
|
|
.proof { padding: 14px; border-radius: 12px; background: #14532d; color: #dcfce7; }
|
|
.baseline { padding: 14px; border-radius: 12px; background: #1e3a8a; color: #dbeafe; }
|
|
code { background: rgba(255,255,255,0.08); padding: 2px 6px; border-radius: 6px; }
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<main>
|
|
<h1>Gitea Stored XSS Fixture</h1>
|
|
<p>Stored payload rendering path for browser proof capture.</p>
|
|
<div class="proof">Proof active: stored payload rendered inside the browser proof page</div>
|
|
<p>System: <code>gitea</code> / Family: <code>xss</code></p>
|
|
|
|
<script>document.documentElement.setAttribute('data-xss-proof','true');document.title = "Gitea Stored XSS Fixture - proof";</script><div id="xss-proof">XSS marker executed for gitea--CVE-2019-1010261</div>
|
|
|
|
|
|
|
|
</main>
|
|
|
|
</body></html> |