xsleak

“Bettercatalog” was a web challenge at the BSides Ahmedabad CTF 2021 that abused a bug in an old chrome version to trigger “Scroll to Text Fragment” (short: STTF) without user interaction and leak cross-origin data. More details about how STTF can be used for XS-Leaks can be found at the XS-Leaks Wiki. Challenge description: The catalog by bluepichu is so vulnerable, I made a secure version check this out https://bettercatalog.xyz. Please run your tests locally using docker....