Published 18 years 1 month ago • Last updated March 22, 2025 • ⏱️ < 1 min read
I'm a big fan of strange looking Javascript and using the syntax in ways it wasn't intended, so I can understand the internals of what's going on. Tonight I was having trouble sleeping and I decided to try and bypass the PHPIDS, I found that Firefox lets you use getters with unassigned variables and returns the results.
<pre lang="javascript"> the=javascript getter=eval s = me getter=the('alert(1)') </pre>