nice, thx.
On Tue, Mar 1, 2011 at 4:20 PM, gaz Heyes <[email protected]> wrote:
> Hi all
>
> This is old like a few years old but maybe you guys haven't heard of it.
> Anyways a Japanese security researcher called Yosuke Hasegawa posted on the
> slackers forums a bit of JavaScript that executed without non-alphanumeric
> characters then all hell broke loose. We came up with various techniques to
> shorten and improve it. The JS wall as it's called is the limit of
> characters required to execute JavaScript without using alphanumeric
> characters, we found this limit to be 6 which we think is unbreakable,
> please be all means try.
>
> The technique abuses the loosely typed nature of JavaScript, for example
> true,false can be converted into a string "true" or "false". We can then use
> the letters to obtain new objects which eventually lead to the window object
> and executing code of your choice. How does this look in code? Well lets say
> you want the letter "o", you could use the object literal to obtain "o" as
> it returns [object Object] when toString is called. The first step would be
> to convert your object literal into a string:-
>
> 1. [{}]+[]//[object Object]
>
> Then the next step is to get the index value "1" of the string, here I'm
> using a intentional character limit of "{}[]+", so we obtain "1" by using
> some tricks to convert a object to "0" then increment it.
>
> 2. +[]//0
>
> Now we have "0" we need to increment it to 1.
>
> 3. ++[+[]][+[]]//1
>
> Finally we combine all those together to get "o"
>
> 4. alert([[{}]+[]][+[]][++[+[]][+[]]])//"o"
>
> So to understand this:
> //FF only
>
> ω=[[Ṫ,Ŕ,,É,,Á,Ĺ,Ś,,,Ó,Ḃ]=!''+[!{}]+{}][Ś+Ó+Ŕ+Ṫ],ω()[Á+Ĺ+É+Ŕ+Ṫ](ω()[Ḃ+Ṫ+Ó+Á]('%#'))
>
> You should read these ;) :
>
> YAUC Less chars needed to run arbitrary JS code = 6! (JS GREAT WALL) :-
> http://sla.ckers.org/forum/read.php?24,32930
>
> Diminuitive NonAlNum JS - Arbitrary:-
> http://sla.ckers.org/forum/read.php?24,35081
>
> Java/script: no alnum cheat sheets:-
> http://sla.ckers.org/forum/read.php?24,33349
>
> Diminutive JS Code Challenge, from OWASP :-
> http://sla.ckers.org/forum/read.php?24,30015
>
> Cheers
>
> Gareth
>
> --
> To view archived discussions from the original JSMentors Mailman list:
> http://www.mail-archive.com/[email protected]/
>
> To search via a non-Google archive, visit here:
> http://www.mail-archive.com/[email protected]/
>
> To unsubscribe from this group, send email to
> [email protected]
>
--
To view archived discussions from the original JSMentors Mailman list:
http://www.mail-archive.com/[email protected]/
To search via a non-Google archive, visit here:
http://www.mail-archive.com/[email protected]/
To unsubscribe from this group, send email to
[email protected]
