parrot409 parrot409

## wus.md

      
              1 file
            
          
              0 forks
            
          
              0 comments
            
          
              0 stars
            
          
                parrot409
                / wus.md
            
            
              Last active
              April 24, 2021 17:43
            
          
    So safe website

I inspired this challenge while i was playing a challenge by @53c0nd-2473.

Overwrite Object object's getOwnPropertyNames with "nice feature" to bypass dompurify + trusted types.
{"name":{"__proto__":{"__proto__":{"constructor":{"getOwnPropertyNames":"B"}}}}}
Bypass custom filter with noscript tag. example:
<noscript><img src="</noscript><img src=1 onerror=alert()">
Steal cookies with using debug.js and set parent's name to cookies and do redirect with meta tag
Send window.name to your webhook.


## ff
alert();

## redpwn2020_viper.py
#!/usr/bin/env python3
#Written by 0xParrot
import requests
import uuid
import re
import base64

addr = "2020.redpwnc.tf:31291"
addrP = "http://2020.redpwnc.tf:31291"

## redpwn2020_unintended_got_stacks.py
#!/usr/bin/env python3
#Written by 0xParrot
#This is unintended solution.
import requests
import string
import base64
import random
import json
import time
flag = ""
	#!/usr/bin/env python3
	#Written by 0xParrot
	import requests
	import uuid
	import re
	import base64

	addr = "2020.redpwnc.tf:31291"
	addrP = "http://2020.redpwnc.tf:31291"
	#!/usr/bin/env python3
	#Written by 0xParrot
	#This is unintended solution.
	import requests
	import string
	import base64
	import random
	import json
	import time
	flag = ""