|
|
|
|
|
|
by gregsadetsky
977 days ago
|
|
|
right on! I used https://bugdays.com/gzip-base64 to go back and forth. base64 generates slashes, so the site (and I) run encodeURIComponent in the devtools on the resulting base64 to make sure it's completely url-safe. --- the poc "payload" is eNqzKU4uyiwosUvJTy7NTc0r0UtPLXHNSQUxi50qnXMSi4v9EnNTNdRzMtMzStQ1ow1i9YpSc%2FPLUjU0bfShmrm4lBVKMjKLFYAoKTEFACeDHYg%3D which uri-component-decodes to: eNqzKU4uyiwosUvJTy7NTc0r0UtPLXHNSQUxi50qnXMSi4v9EnNTNdRzMtMzStQ1ow1i9YpSc/PLUjU0bfShmrm4lBVKMjKLFYAoKTEFACeDHYg= which un-base64+gzip's to (using the site I posted above): <script>document.getElementsByClassName('light')[0].remove()</script>
# this is bad
|
|
|