Valid Javascript variables

Sunday, 13 January 2008

I’ve put together a simple script which will use the Javascript parser to find a list of valid variables. This information is useful to know when testing XSS filters or malicious javascript detection. Using these unusual variables I’ve manged to slip Javascript passed some very clever filters including the PHPIDS and Noscript.

Check it out here:-
Variable tester

The entry 'Valid Javascript variables' was posted on January 13th, 2008 at 3:23 pm and is filed under javascript, Security, xss. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

2 Responses to “Valid Javascript variables”

Giorgio Maone writes:
No. 1 — January 13th, 2008 at 5:34 pm
I’m not sure you can build a meaningful XSS payload using exclusively high Unicode identifiers, but just to stay safe I’ve updated Injection Checker in NoScript 1.2.9.3 😉
Gareth Heyes writes:
No. 2 — January 13th, 2008 at 5:48 pm
@Giorgio

Hehe of course not but I thought the script was useful for testing against high unicode variable attacks 🙂

Search for:
Inspiration
- Alex Inführ
- Arshan
- Ascetik
- beford
- Billy Rios
- Chris Weber
- David Ross
- Eric Lawrence
- hackademix
- Hackvertor
- Halvar Flake
- Jesse Ruderman
- Joe Walker
- John Resig
- Kuza55
- maliciousmarkup
- Manuel Caballero
- Matt Presson
- Miscoded
- nihilogic
- PHPIDS
- pro.grammatic
- Reiners
- rgaucher
- rvdh
- Sirdarckcat
- sla.ckers
- Soroush Dalili
- Stefan Esser
- Stefano Di Paola
- Thornmaker
- tssci-security
- ush.it
- Web Reflection
- xorl
- Yosuke HASEGAWA
Recent Comments
January 2008

M T W T F S S

« Dec Feb »

1 2 3 4 5 6

7 8 9 10 11 12 13

14 15 16 17 18 19 20

21 22 23 24 25 26 27

28 29 30 31