V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
推荐关注
Meteor
JSLint - a JavaScript code quality tool
jsFiddle
D3.js
WebStorm
推荐书目
JavaScript 权威指南第 5 版
Closure: The Definitive Guide
lshero
V2EX  ›  JavaScript

研究 XSS 过滤只是很好奇这种 js 是怎么样编码的?

  •  
  •   lshero · 2014-09-28 16:23:57 +08:00 · 4605 次点击
    这是一个创建于 3736 天前的主题,其中的信息可能已经有所发展或是发生改变。
    xss一些人用unicode字符来替换关键字已经很常见了但是对于这种代码是怎么执行的比较好奇


    <script>[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][[]]+[])[+!+[]]+(![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[+!+[]]+([][[]]+[])[+[]]+([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]]((![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]+(![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]]+[!+[]+!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[!+[]+!+[]+[+[]]])()</script>
    10 条回复    2014-09-30 06:45:00 +08:00
    cxe2v
        1
    cxe2v  
       2014-09-28 16:26:20 +08:00
    应该是有个map可以映射unicode和关键字
    lshero
        2
    lshero  
    OP
       2014-09-28 16:33:41 +08:00
    @cxe2v 搜索了一下貌似是这种映射
    http://www.cnblogs.com/pandora/archive/2010/02/27/1674833.html
    突然觉得要把 0-9 a-z凑齐的话那也应该算是蛮拼的了吧。
    woodthom
        3
    woodthom  
       2014-09-28 16:34:56 +08:00   ❤️ 1
    lshero
        4
    lshero  
    OP
       2014-09-28 16:35:19 +08:00
    @woodthom 好东西收藏之
    emric
        5
    emric  
       2014-09-28 17:04:21 +08:00
    之前研究过, 这类代码仅在 JS 文件或 Script 标签能运行, 转义好字符就没有太大问题了.
    Mutoo
        6
    Mutoo  
       2014-09-28 17:50:20 +08:00   ❤️ 1
    ichou
        7
    ichou  
       2014-09-28 18:52:32 +08:00
    @woodthom 这个已经坏了 =。=-
    zzNucker
        8
    zzNucker  
       2014-09-28 19:18:12 +08:00
    这不是jsfuck么
    willwen
        9
    willwen  
       2014-09-28 22:31:33 +08:00 via iPhone
    jsfuck,請Google
    zqhong
        10
    zqhong  
       2014-09-30 06:45:00 +08:00   ❤️ 1
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2809 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 29ms · UTC 02:44 · PVG 10:44 · LAX 18:44 · JFK 21:44
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.