[prev in list] [next in list] [prev in thread] [next in thread]
List: cap-talk
Subject: Re: [cap-talk] [Caja] Re: JavaScript hacks
From: Mike Samuel <mikesamuel () gmail ! com>
Date: 2009-04-26 2:46:33
Message-ID: 178b8d440904251946scf3ad78y4a5cc664a590eacc () mail ! gmail ! com
[Download RAW message or body]
http://code.google.com/p/google-caja/wiki/StringObfuscationIsEasy is a
catch-all for many of these attacks of these types.
2009/4/25 David-Sarah Hopwood <david-sarah@jacaranda.org>:
> [Apologies if this is a duplicate. I'm having problems with various list
> subscriptions at the moment due to changing addresses.]
>
> Ben Laurie wrote:
>> [+google-caja-discuss]
>>
>> On Sat, Apr 25, 2009 at 11:07 AM, Sandro Magi <naasking@higherlogics.com> wrote:
>>> Some interesting JavaScript hacks are discussed on this page:
>>>
>>> http://dev.opera.com/articles/view/opera-javascript-for-hackers-1/
>>>
>>> Example such as executing arbitrary code from a regex and using Unicode
>>> escaped function names, etc. This is certainly relevant in the context
>>> of Caja.
>
> Sorry to be a killjoy, but I'm not sure why any of these are interesting.
>
> "RegExp replace can execute code":
> The author seems to be surprised at behaviour common to all languages
> with first-class functions. Anyway, no imaginative hackery using regexps
> is needed to exploit a page that does this:
> <script>somevariableUnfiltered="YOUR INPUT"</script>
>
> For example, just use:
> <script>somevariableUnfiltered=""+function(){ ... }()+""</script>
>
> "Unicode escapes":
> Well-known and obvious. IIRC, all of the secure subsets disallow
> escapes in identifiers.
>
> "JavaScript parser engine", "Throw, Delete what?",
> "Global objects are statements":
> I don't see anything that JavaScript is doing differently from
> other imperative languages with exceptions in any of these examples.
>
> "Getters/Setters fun"
> How could you get into the position of putting a setter on a global
> variable unless the page is already toast?
>
> "Location allows url encoding"
> Obvious. Multiple layers of escaping to evade (very naive) filters
> is also obvious.
>
> --
> David-Sarah Hopwood ⚥
>
> _______________________________________________
> cap-talk mailing list
> cap-talk@mail.eros-os.org
> http://www.eros-os.org/mailman/listinfo/cap-talk
>
_______________________________________________
cap-talk mailing list
cap-talk@mail.eros-os.org
http://www.eros-os.org/mailman/listinfo/cap-talk
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic