Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- curl 'https://tools.tutorialspoint.com/webview.php' -H 'Host: tools.tutorialspoint.com' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.5' --compressed -H 'Referer: https://www.tutorialspoint.com/online_html_editor.php' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'Origin: https://www.tutorialspoint.com' -H 'Connection: keep-alive' --data 'lang=html&device=&code=%3C!DOCTYPE+html%3E%0D%0A%3Chtml%3E%0D%0A%3Ctitle%3EWeb+Page+Design%3C%2Ftitle%3E%0D%0A%3Chead%3E%0D%0A%3Cstyle+type%3D%22text%2Fcss%22%3E%0D%0Adiv%0D%0A%7B%0D%0A+++width%3A100px%3B%0D%0A+++height%3A75px%3B%0D%0A+++background-color%3Ared%3B%0D%0A+++border%3A1px+solid+black%3B%0D%0A%7D%0D%0A%23div2%0D%0A%7B%0D%0A+++transform%3Arotate(30deg)%3B%0D%0A+++-ms-transform%3Arotate(30deg)%3B+%2F*+IE+9+*%2F%0D%0A+++-moz-transform%3Arotate(30deg)%3B+%2F*+Firefox+*%2F%0D%0A+++-webkit-transform%3Arotate(30deg)%3B+%2F*+Safari+and+Chrome+*%2F%0D%0A+++-o-transform%3Arotate(30deg)%3B+%2F*+Opera+*%2F%0D%0A+++background-color%3Ayellow%3B%0D%0A%7D%0D%0A%3C%2Fstyle%3E%0D%0A%3C%2Fhead%3E%0D%0A%3Cbody%3E%0D%0A%3Cdiv%3EHello%2C+World!%3C%2Fdiv%3E%0D%0A%3Cdiv+id%3D%22div2%22%3EHello%2C+CSS3!%3C%2Fdiv%3E%0D%0A%3C%2Fbody%3E%0D%0A%3C%2Fhtml%3E&stdinput=&ext=htm&compile=0&execute=0&mainfile=index.htm&uid=1489574'
- from this page:
- https://www.tutorialspoint.com/online_html_editor.php
- get uid from form input element on page,
- https://tpcg.tutorialspoint.com/tpcg.php
- {
- "lang": "php",
- "device": "",
- "code": "<html>\r\n<head>\r\n<title>Online+PHP+Script+Execution</title>\r\n</head>\r\n<body>\r\n<?php\r\n+++echo+\"<h1>Hello,+PHP!</h1>\\n\";\r\n?>\r\n</body>\r\n</html>",
- "stdinput": "",
- "ext": "php",
- "compile": "0",
- "execute": "php+main.php",
- "mainfile": "main.php",
- "uid": "3989525"
- }
- //don't forget resource laundering api/function, load resource as blob, read blob into bytearray, bytearray to uint16 or 8, indexOf("*/"), make new blob type:text/javascipt, function{ /* }.toString() put get file data in the comment, send blob created URL via hashchange to main/controller page/frame, load and run blob script, the script calls a function that takes the stringifyed function with the data comment as an argument, that function extracts and converts the data string back into a resource blob, which now has the same origin as the main page.
- fill out:
- https://docs.google.com/forms/d/e/1FAIpQLSflw0Kb_ad1eP1EUrhuVluwzQupHZdOfLinKet3uTOoK6an8g/viewform
- view responses:
- https://docs.google.com/forms/d/e/1FAIpQLSflw0Kb_ad1eP1EUrhuVluwzQupHZdOfLinKet3uTOoK6an8g/viewanalytics
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement