Self replicating source

Monday, 7 January 2008

I’ve been having a lot of fun with the sla.ckers XSS replication contest and I found a cool way to replicate source code of the html document which I haven’t seen anywhere before. Check it out:-

alert(document.body.parentNode.innerHTML)

This alerts the entire HTML document in Firefox (hopefully IE7 as well). Which is pretty cool :)

Here is my complete entry which submits the source of itself and posts the content:-

The slice would have to be adjusted depending on the size of the document and the goal of the contest is to produce the smallest possible replication vector (with a couple of other rules).

The entry 'Self replicating source' was posted on January 7th, 2008 at 12:05 pm and is filed under javascript, Security, xss. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

5 Responses to “Self replicating source”

  1. .mario writes:
    No. 1 — January 7th, 2008 at 1:23 pm

    This is interesting indeed! And could be used for many purposes like scanning the page content for malicious stuff getting rendered etc (combine this with onDomReady).

    Very nice ;)

  2. vindic writes:
    No. 2 — January 7th, 2008 at 2:18 pm

    veeery nice man

  3. Gareth Heyes writes:
    No. 3 — January 7th, 2008 at 4:06 pm

    Works in IE7 finally managed to test it

  4. Nils writes:
    No. 4 — January 7th, 2008 at 6:36 pm

    Might be interested in this as well:
    alert(document.documentElement.innerHTML);

  5. Gareth Heyes writes:
    No. 5 — January 7th, 2008 at 6:42 pm

    @Nils

    Cool thanks! :)

«
»