Comments on: Javascript for hackers part 2

By: Gareth Heyes

Gareth Heyes — Wed, 14 May 2008 21:22:29 +0000

Unicode and html entities would be the best cross platform solution:-
Example

By: k

Mon, 12 May 2008 04:06:23 +0000

This seems to work only on Firefox. No IE, Opera, Safari.

Gareth, if you had to encode it so that it would work on most browsers, what code would you use?

By: Gareth Heyes

Gareth Heyes — Tue, 18 Mar 2008 02:05:53 +0000

@loveshell

It does work in IE but in certain circumstances and certain chars, yes I’m pretty sure it’s defined in ecmascript.

By: loveshell

loveshell — Tue, 18 Mar 2008 01:57:13 +0000

To take our vector a stage further we can also add backslash escapes, in javascript when a character is escaped that doesn’t have special meaning it is returned as normal.

is it defined in ecmascript?
it doesn’t work in IE….

By: Gareth Heyes

Gareth Heyes — Mon, 18 Feb 2008 10:32:01 +0000

@josh

By: Josh

Josh — Mon, 18 Feb 2008 09:41:50 +0000

By: Gareth Heyes

Gareth Heyes — Wed, 12 Dec 2007 14:10:21 +0000

Check this out
0/alert(1)

By: Gareth Heyes

Gareth Heyes — Wed, 12 Dec 2007 09:19:59 +0000

@Marco @Master Ternary Li

Glad you enjoyed them I’ll do some more write ups if I find any new vectors

@pdp

Nice got anymore?

By: pdp

pdp — Wed, 12 Dec 2007 05:43:37 +0000

too long for my taste

0..eval(’alert(1)’)

works as well a few chars less

By: Master Ternary Li

Master Ternary Li — Wed, 12 Dec 2007 03:17:39 +0000

good writeup. it’s nice having all of these vectors in place along with the explanatory text. All the recent bypasses to the PHPIDS have used these techniques (as i’m sure you know since you found them)