DOM clobbering in CTF: https://github.com/ctfs/write-ups/tree/master/hack-lu-ctf-2014/hotcows-dating … also could use textarea w/user interaction - IMG src solution is wrong though->META works
@irsdl With that solution you wouldn’t even need <base>. But in this context it didn’t work, as @avlidienbrunn said.
-
-
@mathias@avlidienbrunn although if you have already tried and played with textarea and <!--> and it didn't work then it doesn't work ;)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@mathias@avlidienbrunn As I said, the possibility is there; in Chrome, I can get it to send a request to PremID(404) but can't set the BASEThanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@mathias@avlidienbrunn this could also be used but needed user interaction: http://pastebin.com/s1E7uhfPThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
JavaScript, HTML, CSS, HTTP, performance, security, Bash, Unicode, i18n, macOS.