+ 11
[🏆 challenge 🏆🎮] Most innovative way to exploit!!! ⚠🎰💡🌐🚨
I have used eval and have directly assigned it to the innerHTML of a div which makes it vurnerable to some kind of exploitation. So, the challenge is to make a one liner to input into my code which would produce the most unexpected output. https://code.sololearn.com/Wlu3v8uYHIsv/?ref=app
12 Answers
+ 13
here's something then
paste this:
document.body.innerHTML
and see what happens when you try to input something in the new input element in the bottom of the page
+ 20
document.body.innerHTML=null should do it
althought it's onlymon the client side
if it worked with a server that fetches some info and then eval it then it would cause more harm
cool code nonetheless :)
edit
i see now you did almost what i did in your code comments xD
whatever you do, stay away from while(true) 😅
+ 14
the people wants mayhem!!
(╯°□°)╯︵ ┻━┻
+ 9
should really try alert(abc())
heaps of fun 🤗
+ 8
I think many have not understood the challenge so I am explaining it.
The eval() function in js executes the code given to it as a string. In my code, I have done-
var x= eval(inputbox.value);
//so, this executes the value of the inputbox and if any value is returned then assigns it to x
div.innerHTML =x;//excluding try-catch
// so the returned value is written into the div.
So, the challenge is to give a input which will exploit this vulnerability and give unexpected output.
Eg- alert("Hacked!!!")
If you put double quotes then it is directely displayed.
Eg- "<marquee>Hacked!!!</marquee>"
So, you guys, just give a try to this challenge.
+ 8
@Burey This one is great!!!
+ 8
pasting this:
abc=0
will display 0 and then break your code so next use attempt will not display your custom error message, but console normal error about 'abc is not a function' ;P
+ 6
@Burey Your idea is good; but, the challenge is to create the most unexpected output. Not the most damaging. Still, good idea.
+ 6
Nice ones @Burey and @visph
+ 5
document.body.innerHTML is very interesting xD
+ 3
so we actually can have constructive content regarding security/hacking. 👍