javascript - escape.alf.nu answers to questions 17,18 and 21 -

-

i found site escape.alf.nu. nerd sniped me hard , couldn't leave before solving or @ least knowing solutions challenges. answers blew mind. still can't solve 17, 18 , 21 , can't find on internet.

17 , 18 lead me read lot sop bypasses. bypasses (through frame names, address hashes, more recent postmessage()) require js code on both side. known can load javascript or css , maybe info out of requires specific input formats (even javascript error messages blocked in modern browsers). setting document.domain won't work though domains similar cant set on token17.alf.nu (or 18) iframe.

it seems me blatant violation of sop can bypassed browser vulnerabilities (like ones found on android default browsers). against style of other challenges have 1 requires specific browser. in 18 says "i expect 1 won't work in browsers", sounds if expects work in (so not vulnerability), , more importantly - if contradicts previous level should apparently work in browsers.

and there 21. 20 got more attention other late levels alf linked answer this question proof short answer "not quite enough". answer people gave level defining function called "window" or "console" - definition gets hoisted top of scope, before statement, , console.foo never checked. works because runs inside function scope. if tried bypass blocking of console (only theoretical there no longer known way of blocking it) couldn't define new window or console running in global scope , can't redefine names.

21 based on salman a's answer question. seems it's meant show code facebook used better alf's example, matters level runs code settimeout making sure runs in global scope , can't override window or console. i'm starting think level has no solution... found anything?


Comments

Post a Comment

Popular posts from this blog

python - mat is not a numerical tuple : openCV error -

-
i have write down code showing error ma not getting it: please help: showing mat not numerical tuple: import cv import cv2 capture = cv2.videocapture("j.3gp") while(1): _, frame1 = capture.read() grayimage1 = cv2.cvtcolor(frame1, cv2.color_bgr2gray) _, frame2 = capture.read() grayimage2 = cv2.cvtcolor(frame2, cv2.color_bgr2gray) differenceimage = cv2.absdiff(grayimage1,grayimage2) thresholdimage = cv2.threshold(differenceimage,25,255,cv2.thresh_binary) cv2.imshow("difference image", differenceimage) cv2.imshow("threshold image", thresholdimage) cv2.imshow("image", frame1) k = cv2.waitkey(30) & 0xff error arising : ----------------------------------------------------------------------------------------- traceback (most recent call last): file "desk.py", line 15, in <module> cv2.imshow("threshold image", thresholdimage) typeerror: mat not numerical tuple
Read more

c# - MSAA finds controls UI Automation doesn't -

-
i'm working on automating windows application. i'm using teststack white framework. i've hit problem. program has 'window' object cannot see inside of. white shows no controls inside of it. inspect.exe shows no controls inside of either when running in ui automation mode. if switch inspect msaa see controls inside fine. there anyway me use msaa c# handle on these controls? if can identify msaa functions need, can use p/invoke call them c#. here's example article doing msaa: http://www.codeproject.com/articles/38906/ui-automation-using-microsoft-active-accessibility also, pinvoke.net can used identify iaccessible (msaa) functions: http://www.pinvoke.net/search.aspx?search=iaccessible&namespace=[all] here's answer along lines: msaa com-based? finally, alternative p/invoke, might able use tlbimp.exe create wrapper assembly oleacc.dll, , access msaa functions through it. i'm not sure if works msaa, it's worth try. as e
Read more

wordpress - .htaccess: RewriteRule: bad flag delimiters -

-
pulling hair out on one. have following .htaccess file custom redirects in addition wordpress's default settings. when tested on local wamp server worked fine after moving production i'm not getting rewriterule: bad flag delimiters error in server log , after while site goes down internal server error any appreciated. in advance! <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^rockford_weddings___welcome\.html$ /wedding/ [r=301,l] rewriterule ^blog/?$ /journal/ [r=301,l] rewriterule ^blog/(.*)$ /$1 [r=301,l] rewriterule ^portraitinvestment/?$ /portraitinvestment\.pdf [r=301,l] rewriterule ^weddinginvestment/?$ /weddinginvestment\.pdf [r=301,l] rewriterule ^holidaycards2014/?$ /holidaycards2014\.pdf [r=301,l] </ifmodule> # begin wordpress <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^index\.php$ - [l] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewriterule . /index.php [l] </
Read more