XSS : Get string without quote

D 2 January 2017 H 14:44 A Georges Michel C 1 messages

Good year 2017 :)

Yesterday I was stuck when I DOM-based XSSed a website which removes quotes, double-quotes, parenthesis and back-tick.
I don’t know if the trick is obvious because I didn’t search, but I found a pretty use of JavaScript RegExp short notation.

I haven’t found yet a solution without using parenthesis or back-tick :-( but I found funny things I am going to show you.

The main idea is to use the implicit cast of a shortened RegExp notation :

[]+/test/g ; // returns "/test/g"

In order to instantiate the string "/test/g".
However, if we want to use it, we need to remove the starting char "/" and ending chars "/g" like this:

([]+/test/g).substr(1,4); // returns "test"

Let’s play :

location=([]+/http:\\google.com/g).substr(1,17); // redirects to http://google.com

Above, note these double back-slash ("\\") avoid syntax error and they will be replaced by "//" in the location value.

@FrenchYeti

Also in this section

7 April 2011 – Javascript -Java compatible encryption

23 October 2010 – One time passwords

1 Forum posts

XSS : Get string without quote, Geluchat | 18 March 2018 - 02:16 1

/google.com/.source works as well ;)

Any message or comments?

Search

Sponsor

If you appreciate my work, you may help or reward with a contribution :)

-> Paypal donation

XSS : Get string without quote

Also in this section

1 Forum posts

Any message or comments?

Search

Also in this section

Most popular

5 random articles

Sponsor