Professional Documents
Culture Documents
Difficulty is Medium.
Pop an alert(1337) on sandbox.pwnfunction.com.
No user interaction.
Cannot use https://sandbox.pwnfunction.com/?html=&js=&css=.
Tested on Chrome.
Unintended solution? DM me @PwnFunction.
<script>
/* Variables */
let safeTags = ['a', 'area', 'b', 'br', 'col', 'code', 'div', 'em', 'hr', 'h1
let forbiddenAttrs = ['style', 'srcdoc']
let cssSafe = /[^a-zA-Z0-9\s\-\,\:\_\(\)\{\}\"\'\.\#\;\%]/g
/* Inputs */
let boi = `<h1>${(new URL(location).searchParams.get('boi')) || 'Neo'}</h1>`
let clean = DOMPurify.sanitize(boi, { ALLOWED_TAGS: safeTags, FORBID_ATTR: for
let bois = document.getElementById('bois')
bois.innerHTML += clean;
/* Configuration */
window.CONFIG = {
color: "lime",
backgroundColor: "#000"
}
</script>
<script>
/* Generic Style Setter */
function styleSetter(styles, execStr) {
for (var style in styles) {
if (styles.hasOwnProperty(style)) {
eval(execStr)
}
}
}
/* Default Styles */
window.DEFAULTS = {
borderRadius: "5px",
fontFamily: "Space Mono",
fontWeight: "700",
letterSpacing: "4px",
padding: "20px",
textAlign: "center",
width: "500px"
}
styleSetter(DEFAULTS, `CONFIG[style] = styles[style]`)
/* Custom Styles */
if (window.customStyles) {
styleSetter(customStyles, `CONFIG[style] = customStyles[style]`)
}
/* Stylise! */
styleSetter(CONFIG, `bois.firstElementChild.style[style] = CONFIG[style]`)
</script>