G Reader里Dexter同学的分享,来自sla.ckers.org的又一神作

点我测试

GReader里看不到效果的同学请自行测试下列HTML:

<script language="javascript" type="text/javascript">([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]])([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(+[![]]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+!+[]]]+(!![]+[])[+[]]+[][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()[(![]+[])[+!+[]]+(!![]+[])[+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+([][(![]+[])[!+[]+!+[]+!+[]]+(!![]+[][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]])[+!+[]+[+[]]]+(!![]+[])[+!+[]]+(!![]+[])[+[]]][([][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[])[!+[]+!+[]]+(!![]+[])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]]+[])[!+[]+!+[]+!+[]]+(![]+[])[+!+[]]+(![]+[])[!+[]+!+[]]+(![]+[])[!+[]+!+[]]]()+[])[!+[]+!+[]]]((![]+[])[+!+[]]+(+[![]]+[])[+[]])[+[]]+(!![]+[])[!+[]+!+[]+!+[]]+(!![]+[])[+!+[]]+(!![]+[])[!+[]+!+[]+!+[]])</script>

在线转换工具

跟Brainfuck有的一拼。。。是挂马的好办法。。。

更新:研究了一下它实现的原理,有一个码表:

    (NaN+[]["filter"])[11]',!   window["atob"]("If")[0]',"   ("").fontcolor()[12]',#   window["atob"]("0iN")[1]',$   window["atob"]("0iT")[1]',%   window["atob"]("0iW")[1]',&   window["atob"]("0ia")[1]','   window["atob"]("0if")[1]',(   (false+[]["filter"])[20]',)   (false+[]["filter"])[21]',*   window["atob"]("0ir")[1]',+   window["atob"]("0it")[1]',,   window["atob"]("0iy")[1]',-   (NaN+window["Date"]())[31]',.   window["atob"]("1i4")[1]',/   (true+("")["sub"]())[10]',0-9 ignored*/ ,,,,,,,,,,:   window["Date"]()[21]',;   window["atob"]("O0")[0]',<   ("")["sub"]()[0]',=   ("").fontcolor()[11]',>   ("")["sub"]()[10]',?   window["atob"]("0j9")[1]',@   window["atob"]("00A")[1]',A   (+[]+[]["constructor"])[10]',B   (+[]+(false)["constructor"])[10]',C   window["atob"]("00N")[1]',D   window["btoa"](00)[1]',E   window["btoa"](01)[2]',F   (0+[]["filter"]["constructor"])[10]',G   window["btoa"]("0f")[1]',H   window["btoa"]("0t")[1]',I   ("Infinity")[0]',J   window["atob"]("00r")[1]',K   window["btoa"]("(")[0]',L   window["btoa"]("/")[0]',M   window["btoa"](0)[0]',N   ("NaN")[0]',O   window["btoa"](8)[0]',P   window["btoa"]("<")[0]',Q   window["btoa"]("a")[1]',R   window["atob"]("01I")[1]',S   window["btoa"]("I")[0]',T   window["btoa"]("N")[0]',U   window["atob"]("01W")[1]',V   window["atob"]("01a")[1]',W   (true+window)[12]',X   window["atob"]("01i")[1]',Y   window["btoa"]("a")[0]',Z   window["btoa"]("f")[0]',[   (undefined+[]["filter"])[33]',\   window["atob"]("01y")[1]',]   (true+[]["filter"])[40]',^   window["atob"](014)[1]',_   window["atob"](018)[1]',`   window["atob"]("02A")[1]',a   ("false")[1]',b   (window+[])[2]',c   ([]["filter"]+[])[3]',d   ("undefined")[2]',e   ("true")[3]',f   ("false")[0]', g   ([]+("")["constructor"])[14]',h   window["atob"]("aN")[0]',i   ([false]+undefined)[10]',j   (window+[])[3]',k   window["atob"]("a0")[0]',l   ("false")[2]',m   (Number+[])[11]',n   ("undefined")[1]',o   (true+[]["filter"])[10]',p   window["atob"]("cN")[0]',q   window["atob"]("cf")[0]',r   ("true")[1]',s   ("false")[3]',t   ("true")[0]',u   ("undefined")[0]',v   (0+[]["filter"])[30]',w   ([]["sort"]["call"]()+[])[13]',x   window["atob"]("eN")[0]',y   (NaN+[Infinity])[10]',z   window["atob"]("et")[0]',{   (NaN+[]["filter"])[21]',|   window["atob"]("03y")[1]',}   (NaN+[]["filter"])[41]',~   window["atob"](234)[1]'

拼接出来字符串 "eval",如何把 "eval" 变成 eval() 呢?方法是

[]["sort"]["call"]()["eval"]

其中 []["sort"]["call"]() 等于 [].sort.call() ,等价于 window,所以上面 []["sort"]["call"]()["eval"] 就等价于 window.eval

然后就是体力活了,把码表对应转换成 eval("blah blah") 这种形式就可以执行任意代码了

不同浏览器的码表不一样。 Chrome和Firefox的index就不一样。

其实这个码表还可以通过 ·toLocal*()` 函数族扩展到Unicode,比fromCharCode要简短 :D

转载于:https://www.cnblogs.com/pandora/archive/2010/02/27/1674833.html

仅用 []()+! 就足以实现几乎任意Javascript代码相关推荐

  1. 只用这 6 个字符,就可以写出任意 JavaScript 代码!

    作者简介: 李中凯老师,8年前端开发,前端负责人,擅长JavaScript/Vue. 公众号:1024译站 掘金文章专栏:https://juejin.im/user/57c7cb8a0a2b5800 ...

  2. 收集 48 个 JavaScript 代码片段,仅需 30 秒就可理解(值得收藏)

    该项目来自于 Github 用户 Chalarangelo,目前已在 Github 上获得了 5000 多Star,精心收集了多达 48 个有用的 JavaScript 代码片段,该用户的代码可以让程 ...

  3. 精心收集的 48 个 JavaScript 代码片段,仅需 30 秒就可理解!

    点击上方"CSDN",选择"置顶公众号" 关键时刻,第一时间送达! 该项目来自于 Github 用户 Chalarangelo,目前已在 Github 上获得了 ...

  4. 翻译-高质量JavaScript代码书写基本要点(转载)

    by zhangxinxu from http://www.zhangxinxu.com 本文地址:http://www.zhangxinxu.com/wordpress/?p=1173 原文作者:S ...

  5. easyui treegrid 获取新添加行inserted_18行JavaScript代码构建一个倒数计时器

    有时候,你会需要构建一个JavaScript倒计时时钟.你可能会有一个活动.一个销售.一个促销或一个游戏.你可以用原生的JavaScript构建一个时钟,而不是去找一个插件.尽管有很多很棒的时钟插件, ...

  6. 优化JavaScript代码

    我google一下,已有人翻译了此文.感觉比我翻译的要好!是译言站翻译的 见www.yeeyan.com/articles/view/92135/47626/dz 原文见:http://code.go ...

  7. 深入理解JavaScript系列(1):编写高质量JavaScript代码的基本要点

    才华横溢的Stoyan Stefanov,在他写的由O'Reilly初版的新书<JavaScript Patterns>(JavaScript模式)中,我想要是为我们的读者贡献其摘要,那会 ...

  8. 深入理解JavaScript系列(1):编写高质量JavaScript代码的基本要点(转)

    才华横溢的Stoyan Stefanov,在他写的由O'Reilly初版的新书<JavaScript Patterns>(JavaScript模式)中,我想要是为我们的读者贡献其摘要,那会 ...

  9. javascript代码总结

    1. οncοntextmenu="window.event.returnvalue=false" 将彻底屏蔽鼠标右键 <table border οncοntextmenu ...

最新文章

  1. 在日志文件中输出当前时间
  2. 2021高考查询成绩公众号,2021高考成绩怎么查 什么时候查
  3. mui 打开openWindow新页面不读取缓存的设置/mui中h5清除缓存页面的办法
  4. 进入软件开发行业必须要掌握的基础知识(2005-5-18)
  5. (转)WindowsPhone基础琐碎总结-----数据绑定(一)
  6. ADO学习(八)源码示例
  7. 扩展 junit 框架_JUnit 5扩展模型的生命周期
  8. 466. 统计重复个数 golang[转]
  9. 赵泽良:规范引导数字平台健康发展是时代面临的新课题
  10. MinIO环境搭建及使用
  11. 银行理财收益复利还是单利?
  12. Linux常用命令——关机重启命令
  13. 机器学习中的数据不平衡解决方案大全
  14. 论运营型CRM和分析型CRM
  15. 可长期免费使用的国产PLC录波软件(数据采集软件)PLC-Recorder V2.0版新功能
  16. c语言实现按键的抖动与消除,【Verilog HDL 训练】第 09 天(按键消抖)
  17. LR之录制脚本修改完善
  18. (私人收藏)2019WER积木教育机器人赛(普及赛)解决方案-(全套)获取能源核心...
  19. 移动端网页禁止下拉刷新css
  20. MySQL中的级联删除与更新策略on delete restrict on update restrict

热门文章

  1. redis安装(linux)
  2. [BZOJ2326] [HNOI2011] 数学作业 (矩阵乘法)
  3. PHP IDE phpstorm 快捷键
  4. KAFKA分布式消息系统
  5. ImageMagick 打水印支持透明度设置
  6. [6]Windows内核情景分析 --APC
  7. scapy 安装及简单测试
  8. 【VS开发】【C++语言】reshuffle的容器实现算法random_shuffle()的使用
  9. GCPC2014 C Bounty Hunter
  10. Navigation Drawer介绍