Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS Challenge
Posted by: lucasnn
Date: February 08, 2013 12:46AM

Hey folks,

I am new here. Is nice to meet you guys.

I am with a challenge, but I could not solve it. I need bypass a regex to execute javascript inside eval.

The code is:

function json(a){
if (/^\s*$/.test(a) ? 0 : /^[\],:{}\s\u2028\u2029]*$/
.test(a.replace(/\\["\\\/bfnrtu]/g, "@")
.replace(/"[^"\\\n\r\u2028\u2029\x00-\x08\x0a-\x1f]*"|true|false|null|-?\d+(?:\.\d*)?(?:[eE][+\-]?\d+)?/g, "]")
.replace(/(?:^|:|,)(?:[\s\u2028\u2029]*\[)+/g, "")))

try{
return eval("(" + a + ")")
} catch (b) {}
g(Error("Invalid JSON string: " + a))
}
//...
json(window.name);


This ("true);alert(9);//" is very close to a valid javascript statement and will bypass this regex, but still is invalid. The problem? The quote. =(

Any ideas?

Options: ReplyQuote


Sorry, only registered users may post in this forum.