使用Array的构造函数在漏洞利用工具包中混淆了Javascript
[英]Obfuscated Javascript in an exploit kit using Array's constructor
问题描述
I noticed some obfuscated Javascript in an Exploit Kit 
我在漏洞利用工具包中发现了一些混淆的Javascript
> a = []["constructor"]
Array() { [native code] }
> b = a["constructor"]
Function() { [native code] }
> b("console.log('a');")
anonymous() {
console.log('a');
}
> b("console.log('a');")()
a
or in other words 或者换句话说
> [].constructor.constructor("console.log('a');")()
a
Can someone explain what's happening here? 有人可以解释这里发生了什么吗? What's the constructor of a constructor of an Array? 什么是数组的构造函数?
2 个解决方案
解决方案1
1 已采纳 2016-07-01 18:32:06
[].constructor.constructor("console.log('a');")()
a
SO.. what is this? SO ..这是什么?
[].constructor.constructor
Function() { [native code] }
Ahha... so it is just a way to invoke the Function constructor, which takes a string to eval... then the final parens invoke it. 啊哈...所以这只是调用Function构造Function一种方法,该Function需要将一个字符串赋值给eval ...然后最后的parens会调用它。
Function("console.log('a')")() // Works with or without `new`
a
解决方案2
0 2016-07-01 18:32:35
You can enter [].constructor.constructor into any JS console and find out for yourself. 您可以在任何JS控制台中输入[].constructor.constructor并[].constructor.constructor查找。
[].constructor
-> Array() { [native code] }
[].constructor.constructor
-> Function() { [native code] }
[].constructor.constructor("console.log('a');")()
-> a
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.