#!/usr/bin/env python3
import requests
import urllib3
urllib3.disable_warnings()

BASE_URL = "https://vulnerability-research-dbfd88d4dab49dc2.chals.uoftctf.org"

# Send simple text without template syntax
response = requests.get(
    BASE_URL + "/welcome/default/index",
    params={"test": "SIMPLE_RAW_TEXT_12345"},
    verify=False
)

if "SIMPLE_RAW_TEXT_12345" in response.text:
    print("[+] Raw parameter found in response!")
    idx = response.text.find("SIMPLE_RAW_TEXT_12345")
    print(f"Position: {idx}")
    print(f"Context: {response.text[max(0,idx-100):idx+150]}")
else:
    print("[-] Raw parameter NOT in response")
    print(f"Response length: {len(response.text)}")

# Save
with open("raw_param.html", "w", encoding="utf-8") as f:
    f.write(response.text)
print("Saved to raw_param.html")