Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Hidden JavaScript Payload

Tags:

javascript

I found this javascript very strange, when I run on my console browser it gives me an alert with the following message

'Always be wary of Javascript containing quotes. No quotes = safe!'

I am very curious about it (really doesn't even know if this is a thing, is it useful for something?)

If any of you would like to share knowledge about this kind of "techniques" I will totally appreciate! :)

for(A in {A󠅬󠅷󠅡󠅹󠅳󠄠󠅢󠅥󠄠󠅷󠅡󠅲󠅹󠄠󠅯󠅦󠄠󠅊󠅡󠅶󠅡󠅳󠅣󠅲󠅩󠅰󠅴󠄠󠅣󠅯󠅮󠅴󠅡󠅩󠅮󠅩󠅮󠅧󠄠󠅱󠅵󠅯󠅴󠅥󠅳󠄮󠄠󠅎󠅯󠄠󠅱󠅵󠅯󠅴󠅥󠅳󠄠󠄽󠄠󠅳󠅡󠅦󠅥󠄡:0}){alert(unescape(escape(A).replace(/u.{8}/g,[])))};
like image 263
Pedro Sturmer Avatar asked Jul 30 '18 18:07

Pedro Sturmer


1 Answers

This is explained in detail on this blog post: https://www.stefanjudis.com/blog/hidden-messages-in-javascript-property-names/

The main "trick" to this snippet is that there are lots of invisible unicode characters between the { and the A here:

{A󠅬󠅷󠅡󠅹󠅳󠄠󠅢󠅥󠄠󠅷󠅡󠅲󠅹󠄠󠅯󠅦󠄠󠅊󠅡󠅶󠅡󠅳󠅣󠅲󠅩󠅰󠅴󠄠󠅣󠅯󠅮󠅴󠅡󠅩󠅮󠅩󠅮󠅧󠄠󠅱󠅵󠅯󠅴󠅥󠅳󠄮󠄠󠅎󠅯󠄠󠅱󠅵󠅯󠅴󠅥󠅳󠄠󠄽󠄠󠅳󠅡󠅦󠅥󠄡:0}

You can see the code points for them like this:

Object.keys({A󠅬󠅷󠅡󠅹󠅳󠄠󠅢󠅥󠄠󠅷󠅡󠅲󠅹󠄠󠅯󠅦󠄠󠅊󠅡󠅶󠅡󠅳󠅣󠅲󠅩󠅰󠅴󠄠󠅣󠅯󠅮󠅴󠅡󠅩󠅮󠅩󠅮󠅧󠄠󠅱󠅵󠅯󠅴󠅥󠅳󠄮󠄠󠅎󠅯󠄠󠅱󠅵󠅯󠅴󠅥󠅳󠄠󠄽󠄠󠅳󠅡󠅦󠅥󠄡:0})[0].split("").map(x => x.codePointAt(0))
// [65, 56128, 56684, 56128, 56695, 56128, 56673, 56128, 56697, 56128, 56691, 56128, 56608, 56128, 56674, 56128, 56677, 56128, 56608, 56128, 56695, 56128, 56673, 56128, 56690, 56128, 56697, 56128, 56608, 56128, 56687, 56128, 56678, 56128, 56608, 56128, 56650, 56128, 56673, 56128, 56694, 56128, 56673, 56128, 56691, 56128, 56675, 56128, 56690, 56128, 56681, 56128, 56688, 56128, 56692, 56128, 56608, 56128, 56675, 56128, 56687, 56128, 56686, 56128, 56692, 56128, 56673, 56128, 56681, 56128, 56686, 56128, 56681, 56128, 56686, 56128, 56679, 56128, 56608, 56128, 56689, 56128, 56693, 56128, 56687, 56128, 56692, 56128, 56677, 56128, 56691, 56128, 56622, 56128, 56608, 56128, 56654, 56128, 56687, 56128, 56608, 56128, 56689, 56128, 56693, 56128, 56687, 56128, 56692, 56128, 56677, 56128, 56691, 56128, 56608, 56128, 56637, 56128, 56608, 56128, 56691, 56128, 56673, 56128, 56678, 56128, 56677, 56128, 56609]
like image 116
Peter Olson Avatar answered Sep 30 '22 11:09

Peter Olson