首頁  >  文章  >  web前端  >  仅用[]()+!等符号就足以实现几乎任意Javascript代码_javascript技巧

仅用[]()+!等符号就足以实现几乎任意Javascript代码_javascript技巧

WBOY
WBOY原創
2016-05-16 18:33:381171瀏覽

请在Firefox下测试

看了下例子:
js代码
<script> <BR>alert("hi there") <BR></script>
就等价于
<script> <BR>([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]])([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(+[![]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+!+[]]]+(!![]+[])[+[]]+[][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]) <BR> <br><br>它实现的原理,有一个码表 <BR><div class="codetitle"><span><a style="CURSOR: pointer" data="11027" class="copybut" id="copybut11027" onclick="doCopy('code11027')"><U>复制代码 代码如下:<div class="codebody" id="code11027"> <BR>(NaN+[]["filter"])[11]', <BR>! window["atob"]("If")[0]', <BR>" ("").fontcolor()[12]', <BR># window["atob"]("0iN")[1]', <BR>$ window["atob"]("0iT")[1]', <BR>% window["atob"]("0iW")[1]', <BR>& window["atob"]("0ia")[1]', <BR>' window["atob"]("0if")[1]', <BR>( (false+[]["filter"])[20]', <BR>) (false+[]["filter"])[21]', <BR>* window["atob"]("0ir")[1]', <BR>+ window["atob"]("0it")[1]', <BR>, window["atob"]("0iy")[1]', <BR>- (NaN+window["Date"]())[31]', <BR>. window["atob"]("1i4")[1]', <BR>/ (true+("")["sub"]())[10]', <BR>0-9 ignored*/ ,,,,,,,,,, <BR>: window["Date"]()[21]', <BR>; window["atob"]("O0")[0]', <BR>< ("")["sub"]()[0]', <BR>= ("").fontcolor()[11]', <BR>> ("")["sub"]()[10]', <BR>? window["atob"]("0j9")[1]', <BR>@ window["atob"]("00A")[1]', <BR>A (+[]+[]["constructor"])[10]', <BR>B (+[]+(false)["constructor"])[10]', <BR>C window["atob"]("00N")[1]', <BR>D window["btoa"](00)[1]', <BR>E window["btoa"](01)[2]', <BR>F (0+[]["filter"]["constructor"])[10]', <BR>G window["btoa"]("0f")[1]', <BR>H window["btoa"]("0t")[1]', <BR>I ("Infinity")[0]', <BR>J window["atob"]("00r")[1]', <BR>K window["btoa"]("(")[0]', <BR>L window["btoa"]("/")[0]', <BR>M window["btoa"](0)[0]', <BR>N ("NaN")[0]', <BR>O window["btoa"](8)[0]', <BR>P window["btoa"]("<")[0]', <BR>Q window["btoa"]("a")[1]', <BR>R window["atob"]("01I")[1]', <BR>S window["btoa"]("I")[0]', <BR>T window["btoa"]("N")[0]', <BR>U window["atob"]("01W")[1]', <BR>V window["atob"]("01a")[1]', <BR>W (true+window)[12]', <BR>X window["atob"]("01i")[1]', <BR>Y window["btoa"]("a")[0]', <BR>Z window["btoa"]("f")[0]', <BR>[ (undefined+[]["filter"])[33]', <BR>\ window["atob"]("01y")[1]', <BR>] (true+[]["filter"])[40]', <BR>^ window["atob"](014)[1]', <BR>_ window["atob"](018)[1]', <BR>` window["atob"]("02A")[1]', <BR>a ("false")[1]', <BR>b (window+[])[2]', <BR>c ([]["filter"]+[])[3]', <BR>d ("undefined")[2]', <BR>e ("true")[3]', <BR>f ("false")[0]', <BR>g ([]+("")["constructor"])[14]', <BR>h window["atob"]("aN")[0]', <BR>i ([false]+undefined)[10]', <BR>j (window+[])[3]', <BR>k window["atob"]("a0")[0]', <BR>l ("false")[2]', <BR>m (Number+[])[11]', <BR>n ("undefined")[1]', <BR>o (true+[]["filter"])[10]', <BR>p window["atob"]("cN")[0]', <BR>q window["atob"]("cf")[0]', <BR>r ("true")[1]', <BR>s ("false")[3]', <BR>t ("true")[0]', <BR>u ("undefined")[0]', <BR>v (0+[]["filter"])[30]', <BR>w ([]["sort"]["call"]()+[])[13]', <BR>x window["atob"]("eN")[0]', <BR>y (NaN+[Infinity])[10]', <BR>z window["atob"]("et")[0]', <BR>{ (NaN+[]["filter"])[21]', <BR>| window["atob"]("03y")[1]', <BR>} (NaN+[]["filter"])[41]', <BR>~ window["atob"](234)[1]' <BR> <BR>拼接出来字符串 "eval",如何把 "eval" 变成 eval() 呢?方法是 <BR>[]["sort"]["call"]()["eval"] <BR>其中 []["sort"]["call"]() 等于 [].sort.call() ,等价于 window,所以上面 []["sort"]["call"]()["eval"] 就等价于 window.eval。 <BR>然后就是体力活了,把码表对应转换成 eval("blah blah") 这种形式就可以执行任意代码了 <BR>不同浏览器的码表不一样。Chrome和Firefox的index就不一样。 <BR>其实这个码表还可以通过 ·toLocal*()` 函数族扩展到Unicode,比fromCharCode要简短 <BR>原文:<A href="http://discogscounter.getfreehosting.co.uk/js-noalnum.php?txt=alert%28%22hi+there%22%29" target=_blank><FONT color=#810081>http://discogscounter.getfreehosting.co.uk/js-noalnum.php?txt=alert%28%22hi+there%22%29 </script>

陳述:
本文內容由網友自願投稿,版權歸原作者所有。本站不承擔相應的法律責任。如發現涉嫌抄襲或侵權的內容,請聯絡admin@php.cn