I. Bypass method

1.1 rewrite, use short tags

Add result:

It can be seen from the above figure that the injection failed after being filtered by xss_clean.
For this we remove xss_clean to test if it is filtered because of it

The result indicates that xss_clean is filtered because xss_clean
It is worth noting that svg is ignored in the current xss_clean version, for this we can use svg injection

Refresh the page again to display

2.2

When looking at the front-end reference file, I found that jQuery was used

Therefore, you can use to inject, and use the teacher's telsr.co domain, which is shortened to 5 characters.But this website is an external network provided by the teacher. I don't have a VPN, so I chose my own.So modify the character limit in length

Successfully obtained, viewed on beef.

Beef gets successfully bypassed.

Third, kali's beef installation

beef installation