# Static Pastebin So first things first, create a pastebin. When you go to the display, you'll see a url like That looks kinda like base64, and if you base64 decode the thing after you'll find it decodes to the content of the pastebin! This allows us to easily create pastebin messages. There's also an admin bot submit form, where we can submit a url, and the admin bot will visit it. Rak found that the xss `>` worked. First, we can try a simple redirect. `>`. I set up a requestbin for this purpose. Remember: we base64 encode the payload, and append it to the major part of the url. , as a sample, works, sending a request to our requestbin. Let's exfiltrate some information. We can use GET parameters to exfiltrate data. `>` This would redirect the admin to our requestbin, sending the cookies as the "thing" parameter. Base64 encoding and submitting this as a url, a request on the requestbin pops up with the parameters ?thing=flag=flag{54n1t1z4t10n\_k1nd4\_h4rd}, giving us the flag, ## flag{54n1t1z4t10n\_k1nd4\_h4rd} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://the-winrars.gitbook.io/writeups/2020-writeups/redpwn-ctf/web/static-pastebin.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.