首页
所有分类
TAGS
文字工具 EMOJI BIBLE
编程 Javascript

仅用[]()+!等符号就足以实现几乎任意Javascript代码

Posted in Javascript onMarch 01, 2010

请在Firefox下测试

看了下例子:
js代码
<script>
alert("hi there")
</script>
就等价于
<script>
([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]])([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(+[![]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+!+[]]]+(!![]+[])[+[]]+[][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]])
</scirpt>

它实现的原理,有一个码表 

(NaN+[]["filter"])[11]', 
! window["atob"]("If")[0]', 
" ("").fontcolor()[12]', 
# window["atob"]("0iN")[1]', 
$ window["atob"]("0iT")[1]', 
% window["atob"]("0iW")[1]', 
& window["atob"]("0ia")[1]', 
' window["atob"]("0if")[1]', 
( (false+[]["filter"])[20]', 
) (false+[]["filter"])[21]', 
* window["atob"]("0ir")[1]', 
+ window["atob"]("0it")[1]', 
, window["atob"]("0iy")[1]', 
- (NaN+window["Date"]())[31]', 
. window["atob"]("1i4")[1]', 
/ (true+("")["sub"]())[10]', 
0-9 ignored*/ ,,,,,,,,,, 
: window["Date"]()[21]', 
; window["atob"]("O0")[0]', 
< ("")["sub"]()[0]', 
= ("").fontcolor()[11]', 
> ("")["sub"]()[10]', 
? window["atob"]("0j9")[1]', 
@ window["atob"]("00A")[1]', 
A (+[]+[]["constructor"])[10]', 
B (+[]+(false)["constructor"])[10]', 
C window["atob"]("00N")[1]', 
D window["btoa"](00)[1]', 
E window["btoa"](01)[2]', 
F (0+[]["filter"]["constructor"])[10]', 
G window["btoa"]("0f")[1]', 
H window["btoa"]("0t")[1]', 
I ("Infinity")[0]', 
J window["atob"]("00r")[1]', 
K window["btoa"]("(")[0]', 
L window["btoa"]("/")[0]', 
M window["btoa"](0)[0]', 
N ("NaN")[0]', 
O window["btoa"](8)[0]', 
P window["btoa"]("<")[0]', 
Q window["btoa"]("a")[1]', 
R window["atob"]("01I")[1]', 
S window["btoa"]("I")[0]', 
T window["btoa"]("N")[0]', 
U window["atob"]("01W")[1]', 
V window["atob"]("01a")[1]', 
W (true+window)[12]', 
X window["atob"]("01i")[1]', 
Y window["btoa"]("a")[0]', 
Z window["btoa"]("f")[0]', 
[ (undefined+[]["filter"])[33]', 
\ window["atob"]("01y")[1]', 
] (true+[]["filter"])[40]', 
^ window["atob"](014)[1]', 
_ window["atob"](018)[1]', 
` window["atob"]("02A")[1]', 
a ("false")[1]', 
b (window+[])[2]', 
c ([]["filter"]+[])[3]', 
d ("undefined")[2]', 
e ("true")[3]', 
f ("false")[0]', 
g ([]+("")["constructor"])[14]', 
h window["atob"]("aN")[0]', 
i ([false]+undefined)[10]', 
j (window+[])[3]', 
k window["atob"]("a0")[0]', 
l ("false")[2]', 
m (Number+[])[11]', 
n ("undefined")[1]', 
o (true+[]["filter"])[10]', 
p window["atob"]("cN")[0]', 
q window["atob"]("cf")[0]', 
r ("true")[1]', 
s ("false")[3]', 
t ("true")[0]', 
u ("undefined")[0]', 
v (0+[]["filter"])[30]', 
w ([]["sort"]["call"]()+[])[13]', 
x window["atob"]("eN")[0]', 
y (NaN+[Infinity])[10]', 
z window["atob"]("et")[0]', 
{ (NaN+[]["filter"])[21]', 
| window["atob"]("03y")[1]', 
} (NaN+[]["filter"])[41]', 
~ window["atob"](234)[1]'

拼接出来字符串 "eval",如何把 "eval" 变成 eval() 呢?方法是
[]["sort"]["call"]()["eval"]
其中 []["sort"]["call"]() 等于 [].sort.call() ,等价于 window,所以上面 []["sort"]["call"]()["eval"] 就等价于 window.eval。
然后就是体力活了,把码表对应转换成 eval("blah blah") 这种形式就可以执行任意代码了
不同浏览器的码表不一样。Chrome和Firefox的index就不一样。
其实这个码表还可以通过 ·toLocal*()` 函数族扩展到Unicode,比fromCharCode要简短
原文:http://discogscounter.getfreehosting.co.uk/js-noalnum.php?txt=alert%28%22hi+there%22%29

仅用[]()+!等符号就足以实现几乎任意Javascript代码

声明:登载此文出于传递更多信息之目的,并不意味着赞同其观点或证实其描述。

Javascript 相关文章推荐
jQuery 使用手册(五)
Sep 23 Javascript
Javascript 面向对象 对象(Object)
May 13 Javascript
让AJAX不依赖后端接口实现方案
Dec 03 Javascript
一个不错的仿携程自定义数据下拉选择select
Sep 01 Javascript
Javascript基础教程之定义和调用函数
Jan 18 Javascript
深入解析桶排序算法及Node.js上JavaScript的代码实现
Jul 06 Javascript
纯js实现html转pdf的简单实例(推荐)
Feb 16 Javascript
Vuejs 用$emit与$on来进行兄弟组件之间的数据传输通信
Feb 23 Javascript
详解使用React进行组件库开发
Feb 06 Javascript
JQuery实现ul中添加LI和删除指定的Li元素功能完整示例
Oct 16 jQuery
vue 组件间的通信之子组件向父组件传值的方式
Jul 29 Javascript
JavaScript数组reduce()方法的语法与实例解析
Jul 07 Javascript
Javascript 网页水印(非图片水印)实现代码
Mar 01 #Javascript
使用js获取QueryString的方法小结
Feb 28 #Javascript
JQuery 将元素显示在屏幕的中央的代码
Feb 27 #Javascript
jquery 最简单易用的表单验证插件
Feb 27 #Javascript
JQuery团队打造的javascript单元测试工具QUnit介绍
Feb 26 #Javascript
getElementsByTagName vs selectNodes效率 及兼容的selectNodes实现
Feb 26 #Javascript
JavaScript 空位补零实现代码
Feb 26 #Javascript
意向书(73) 聘任书(31) 承诺书(369) 竞聘书(31) 公证书(45) 协议书(568) 担保书(46) 委托书(259) 广告词(105) 检举信(8)
You might like
Protoss兵种介绍
2020/03/14 星际争霸
PHP中ADODB类详解
2008/03/25 PHP
php递归实现无限分类生成下拉列表的函数
2010/08/08 PHP
使用PHPMailer发送邮件实例
2017/02/15 PHP
PHP使用数组实现矩阵数学运算的方法示例
2017/05/29 PHP
php使用filter_var函数判断邮箱,url,ip格式示例
2019/07/06 PHP
javascript jQuery $.post $.ajax用法
2008/07/09 Javascript
Javascript图像处理—为矩阵添加常用方法
2012/12/27 Javascript
JavaScript和CSS通过expression实现Table居中显示
2013/06/28 Javascript
JQuery中阻止事件冒泡几种方式及其区别介绍
2014/01/15 Javascript
jQuery实现鼠标选文字发新浪微博的方法
2016/04/02 Javascript
基于WebUploader的文件上传js插件
2016/08/19 Javascript
js滚轮事件兼容性问题需要注意哪些
2016/11/15 Javascript
javascript入门之window对象【新手必看】
2016/11/22 Javascript
通过AngularJS实现图片上传及缩略图展示示例
2017/01/03 Javascript
JS排序之选择排序详解
2017/04/08 Javascript
javaScript canvas实现(画笔大小 颜色 橡皮的实例)
2017/11/28 Javascript
浅谈FastClick 填坑及源码解析
2018/03/02 Javascript
JS中双击和单击事件冲突的解决方法
2018/04/09 Javascript
微信小程序实现人脸检测功能
2018/05/25 Javascript
js中的reduce()函数讲解
2019/01/18 Javascript
小程序开发踩坑:页面窗口定位(相对于浏览器定位)(推荐)
2019/04/25 Javascript
解决vue组件销毁之后计时器继续执行的问题
2020/07/21 Javascript
JS算法教程之字符串去重与字符串反转
2020/12/15 Javascript
python完成FizzBuzzWhizz问题(拉勾网面试题)示例
2014/05/05 Python
基于Python的关键字监控及告警
2017/07/06 Python
python的继承知识点总结
2018/12/10 Python
python tkinter窗口最大化的实现
2019/07/15 Python
Python ORM编程基础示例
2020/02/02 Python
Python 序列化和反序列化库 MarshMallow 的用法实例代码
2020/02/25 Python
Mountain Warehouse波兰官方网站:英国户外品牌
2019/08/29 全球购物
美国一站式电动和手动工具商店:International Tool
2020/11/26 全球购物
个人收入证明范本
2014/01/12 职场文书
《毛主席在花山》教学反思
2014/04/20 职场文书
2014年学校禁毒工作总结
2014/12/23 职场文书
如何使JavaScript休眠或等待
2021/04/27 Javascript