The WIse SECurity
[ Back ]
Tuesday, November 04, 2008, 20:25
All-In-One MultiStage Js/Html Payload
I'm a bit lazy sometime.
As it could be seen it uses comments in order to be interpreted in different contexts, the Js one when loaded by
and the Html context when loaded from the browser.
The first comment is for Html:
that will prevent the Html interpreter to display junk allowing to write Html in a straight forward style.
which will prevent the Js interpreter to raise an exception.
It's multiple browser compliant, and it doesn't need to be a E4X browser compliant.
Q: So...when I am supposed to use it?
A:It could be used for milworm p0cs or instead of publishing/posting on FD/BGTQ/SEC_ML those boring multiple files.
Q:Why are you so lazy?
A:Hey...Too many questions.
Yes, it's probably useless, but it reminds me some of those multilanguage/multiprocessor/multi_O-S shellcodes (with all due respect) that has been published on phrack.
Finally, that's more an excercise in style than a real groundbreaking new way of doing POCs, but I thought it was worth posting about it.
However any comments will be appreciated.
No comments yet.
Comments are disabled
Wisec is brought to you by...
Wisec is written and mantained by Stefano Di Paola.
Wisec uses open standards, including XHTML, CSS2, and XML-RPC.
All Rights Reserved 2004
All hosted messages and metadata are owned by their respective authors.