http://discogscounter.getfreehosting.co.uk/js-noalnum_com.php
On Tue, Mar 1, 2011 at 7:23 AM, Adrian Olaru <[email protected]> wrote: > nice, thx. > > > On Tue, Mar 1, 2011 at 4:20 PM, gaz Heyes <[email protected]> wrote: > >> Hi all >> >> This is old like a few years old but maybe you guys haven't heard of it. >> Anyways a Japanese security researcher called Yosuke Hasegawa posted on the >> slackers forums a bit of JavaScript that executed without non-alphanumeric >> characters then all hell broke loose. We came up with various techniques to >> shorten and improve it. The JS wall as it's called is the limit of >> characters required to execute JavaScript without using alphanumeric >> characters, we found this limit to be 6 which we think is unbreakable, >> please be all means try. >> >> The technique abuses the loosely typed nature of JavaScript, for example >> true,false can be converted into a string "true" or "false". We can then use >> the letters to obtain new objects which eventually lead to the window object >> and executing code of your choice. How does this look in code? Well lets say >> you want the letter "o", you could use the object literal to obtain "o" as >> it returns [object Object] when toString is called. The first step would be >> to convert your object literal into a string:- >> >> 1. [{}]+[]//[object Object] >> >> Then the next step is to get the index value "1" of the string, here I'm >> using a intentional character limit of "{}[]+", so we obtain "1" by using >> some tricks to convert a object to "0" then increment it. >> >> 2. +[]//0 >> >> Now we have "0" we need to increment it to 1. >> >> 3. ++[+[]][+[]]//1 >> >> Finally we combine all those together to get "o" >> >> 4. alert([[{}]+[]][+[]][++[+[]][+[]]])//"o" >> >> So to understand this: >> //FF only >> >> ω=[[Ṫ,Ŕ,,É,,Á,Ĺ,Ś,,,Ó,Ḃ]=!''+[!{}]+{}][Ś+Ó+Ŕ+Ṫ],ω()[Á+Ĺ+É+Ŕ+Ṫ](ω()[Ḃ+Ṫ+Ó+Á]('%#')) >> >> You should read these ;) : >> >> YAUC Less chars needed to run arbitrary JS code = 6! (JS GREAT WALL) :- >> http://sla.ckers.org/forum/read.php?24,32930 >> >> Diminuitive NonAlNum JS - Arbitrary:- >> http://sla.ckers.org/forum/read.php?24,35081 >> >> Java/script: no alnum cheat sheets:- >> http://sla.ckers.org/forum/read.php?24,33349 >> >> Diminutive JS Code Challenge, from OWASP :- >> http://sla.ckers.org/forum/read.php?24,30015 >> >> Cheers >> >> Gareth >> >> -- >> To view archived discussions from the original JSMentors Mailman list: >> http://www.mail-archive.com/[email protected]/ >> >> To search via a non-Google archive, visit here: >> http://www.mail-archive.com/[email protected]/ >> >> To unsubscribe from this group, send email to >> [email protected] >> > > -- > To view archived discussions from the original JSMentors Mailman list: > http://www.mail-archive.com/[email protected]/ > > To search via a non-Google archive, visit here: > http://www.mail-archive.com/[email protected]/ > > To unsubscribe from this group, send email to > [email protected] > -- Nathan Sweet Web Developer 206.588.6137 nathansweet.me -- To view archived discussions from the original JSMentors Mailman list: http://www.mail-archive.com/[email protected]/ To search via a non-Google archive, visit here: http://www.mail-archive.com/[email protected]/ To unsubscribe from this group, send email to [email protected]
