To infinity and beyond!

Wednesday, 1 October 2008

To infinity and beyond

I’m still heavily researching Javascript in search of XSS vectors and interesting syntax. I’ve found loads of cool stuff recently and while looking through the ECMA spec. I came across the Infinity object which is a global and a number, of course I was already aware of it but I thought what kind of interesting code can be constructed with it.

It turns out quite a lot, here’s a window.name vector. I’ve added the variable name to simulate and execute the code.

name = 'alert(1)'
-Infinity++in eval(1&&name)

This doesn’t look like it could work but does

+Infinity++in+alert(1)

And my final example combines a few different operators:-

1,0000instanceof delete~void--Infinity/~alert(1)

There are endless possiblities and I’ll leave you to play

The entry 'To infinity and beyond!' was posted on October 1st, 2008 at 9:26 pm and is filed under javascript, Security, xss. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed :( too much spam. If you want to contact me about any article please email or tweet me.

M	T	W	T	F	S	S
« Sep				Nov »
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

To infinity and beyond!

Inspiration

Recent Comments