Obfuscated Javascript in an exploit kit using Array's constructor
Question
I noticed some obfuscated Javascript in an Exploit Kit
> a = []["constructor"]
Array() { [native code] }
> b = a["constructor"]
Function() { [native code] }
> b("console.log('a');")
anonymous() {
console.log('a');
}
> b("console.log('a');")()
a
or in other words
> [].constructor.constructor("console.log('a');")()
a
Can someone explain what's happening here? What's the constructor of a constructor of an Array?
2 answers
solution1
1 ACCPTED 2016-07-01 18:32:06
[].constructor.constructor("console.log('a');")()
a
SO.. what is this?
[].constructor.constructor
Function() { [native code] }
Ahha... so it is just a way to invoke the Function constructor, which takes a string to eval... then the final parens invoke it.
Function("console.log('a')")() // Works with or without `new`
a
solution2
0 2016-07-01 18:32:35
You can enter [].constructor.constructor into any JS console and find out for yourself.
[].constructor
-> Array() { [native code] }
[].constructor.constructor
-> Function() { [native code] }
[].constructor.constructor("console.log('a');")()
-> a
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Generating string using obfuscated javascript
Using an array inside a constructor using Javascript
Is there a way to exploit the performance advantages of using prototype methods in JavaScript factory functions?
is this possible as an XSS exploit in Javascript
XSS javascript, exploit check
Blackhole Exploit / Javascript
obfuscated javascript code
Obfuscated Javascript code?
How to debug obfuscated JavaScript?
Decode obfuscated JavaScript
Related Tags