[cap-talk] [Caja] Re: JavaScript hacks

Mike Samuel mikesamuel at gmail.com
Sat Apr 25 22:46:33 EDT 2009 

http://code.google.com/p/google-caja/wiki/StringObfuscationIsEasy is a
catch-all for many of these attacks of these types.

2009/4/25 David-Sarah Hopwood <david-sarah at jacaranda.org>:
> [Apologies if this is a duplicate. I'm having problems with various list
> subscriptions at the moment due to changing addresses.]
>
> Ben Laurie wrote:
>> [+google-caja-discuss]
>>
>> On Sat, Apr 25, 2009 at 11:07 AM, Sandro Magi <naasking at higherlogics.com> wrote:
>>> Some interesting JavaScript hacks are discussed on this page:
>>>
>>> http://dev.opera.com/articles/view/opera-javascript-for-hackers-1/
>>>
>>> Example such as executing arbitrary code from a regex and using Unicode
>>> escaped function names, etc. This is certainly relevant in the context
>>> of Caja.
>
> Sorry to be a killjoy, but I'm not sure why any of these are interesting.
>
> "RegExp replace can execute code":
>  The author seems to be surprised at behaviour common to all languages
>  with first-class functions. Anyway, no imaginative hackery using regexps
>  is needed to exploit a page that does this:
>    <script>somevariableUnfiltered="YOUR INPUT"</script>
>
>  For example, just use:
>    <script>somevariableUnfiltered=""+function(){ ... }()+""</script>
>
> "Unicode escapes":
>  Well-known and obvious. IIRC, all of the secure subsets disallow
>  escapes in identifiers.
>
> "JavaScript parser engine", "Throw, Delete what?",
> "Global objects are statements":
>  I don't see anything that JavaScript is doing differently from
>  other imperative languages with exceptions in any of these examples.
>
> "Getters/Setters fun"
>  How could you get into the position of putting a setter on a global
>  variable unless the page is already toast?
>
> "Location allows url encoding"
>  Obvious. Multiple layers of escaping to evade (very naive) filters
>  is also obvious.
>
> --
> David-Sarah Hopwood ⚥
>
> _______________________________________________
> cap-talk mailing list
> cap-talk at mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>

More information about the cap-talk mailing list