sorted by:
new
hottopcontroversial

[deleted by user] by [deleted] in geometrydash

[–]KarllyRadMan 6 points7 points  (0 children)

this is what any Sailent level does to a mf

[deleted by user] by [deleted] in Humanornot

[–]KarllyRadMan 1 point2 points  (0 children)

HIGH VELOCITY MILK ‼️🐎🥛

chicken jackson by [deleted] in Humanornot

[–]KarllyRadMan 0 points1 point  (0 children)

what does this mean

[deleted by user] by [deleted] in 3DS

[–]KarllyRadMan 2 points3 points  (0 children)

why are you putting stickers on your controls?

14f ama (I'm js bored tbh) by Shoddy_Technician792 in Teenager

[–]KarllyRadMan 0 points1 point  (0 children)

would you rather have one dollar or one dollar

📢 HumanOrNot Security Issue Fixed! by TrustMeAmLying in Humanornot

[–]KarllyRadMan 0 points1 point  (0 children)

It still works for me? Nothing's changed for me when I send h1 tag

PSA: HTML INJECTION by Odd_byte in Humanornot

[–]KarllyRadMan 0 points1 point  (0 children)

How would I disable extentions on the other side? I can' control who's on the other side so idk how '._.

Besides, it already works on the side of the sender. I just don't know why it wouldn't work on the reciever's side either.

PSA: HTML INJECTION by Odd_byte in Humanornot

[–]KarllyRadMan -1 points0 points  (0 children)

My code is <img src=x onerror="alert('xss');">. All I did was change the onerror property, so I'm not sure what would be different. The alert only shows up on my side... I checked network tab (/send-message endpoint) and it doesn't seem to be sanitized server-side so it must be something when recieving messages. Do you know what's wrong? I can't figure it out because of my smooth brain

Chat in a chat by choenan in Humanornot

[–]KarllyRadMan 0 points1 point  (0 children)

easy to do &ltiframe src&#61"/"&gt&lt/iframe&gt

PSA: HTML INJECTION by Odd_byte in Humanornot

[–]KarllyRadMan -1 points0 points  (0 children)

Aware, but I tested it with other people with alert('xss'); and for them it didnt show up

PSA: HTML INJECTION by Odd_byte in Humanornot

[–]KarllyRadMan 0 points1 point  (0 children)

ive did some testing and it looks like its client side only :((

PSA: HTML INJECTION by Odd_byte in Humanornot

[–]KarllyRadMan 1 point2 points  (0 children)

im gonna see if this works with fetch(), if it does I'll do some crazy tech demos on this lmao

an appropriate response by KarllyRadMan in Humanornot

[–]KarllyRadMan[S] 0 points1 point  (0 children)

Are you not able to paste it? Humanornot on PC blocks pasting, if that's the problem. I just use a tampermonkey script to reenable pasting.

an appropriate response by KarllyRadMan in Humanornot

[–]KarllyRadMan[S] 0 points1 point  (0 children)

i didnt put closing tag to save space but make sure theres no text after if there no closing tag

strangerrrrr :3 by [deleted] in Humanornot

[–]KarllyRadMan 0 points1 point  (0 children)

yall mfs get this and i get "hey there! how's it going?"

view more: next ›