|
Guess what..
Anyone care to guess what this does?
($=[$=[]][(__=!$+$)[_=-~-~-~$]+({}+$)[_/_]+ ($$=($_=!''+$)[_/_]+$_[+$])])()[__[_/_]+__ [_+~$]+$_[_]+$$](_/_) googling will reveal all ... how many web forums that attempt to strip out javascript from posts would strip it out? |
Re: Guess what..
|
Re: Guess what..
Quote:
|
Re: Guess what..
Quote:
What it does very cleverly is dissect individual letters from the runtime string constants like "object", "false" and "true", then concatenate them back together to make a string representation of the code it wants to execute, which it can do because javascript is a dynamic language ... All that demo code does is build the equivalent of window["alert"](1) but without containing any alphanumerics itself, with similar techniques and by making use of additional string constants (you could get hold of "null", "number", "string", "undefined" and "array" easily) you could grab 18 out of the 26 letters to play with abcdefg_ij_lmno__rstu___y_ with suitable cunning, you could start to patch together a sizeable fraction of whatever code you really wanted to inject, all without looking like recognisable code. Or something.. |
Re: Guess what..
|
| All times are GMT +1. The time now is 12:15. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
All Posts and Content are © Cable Forum