CVE-2011-3441
CVE-2011-3246
A series of regex-writing challenges.
A series of XSS challenges: here's some unsafe code; exploit it! Shortest code wins.

My CSS-fu is weak; please use a recent browser.

Some rights reserved.

Random, semi-related image by AmUnivers.

GOTO for Java

PHP has finally taken the plunge into the 1960s by implementing GOTO. Here's an implementation for Java.

This stupid hack was inspired by

Example

       1 public class GotoDemo {
       2     public static void main(String[] args) {
       3         int i = 3;
       4         System.out.println(i);
       5         i = i - 1;
       6         if (i >= 0) {
       7             GotoFactory.getSharedInstance().getGoto().go(4);
       8         }
       9         
      10         try {
      11             System.out.print("Hell");
      12             if (Math.random() > 0) throw new Exception();            
      13             System.out.println("World!");
      14         } catch (Exception e) {
      15             System.out.print("o ");
      16             GotoFactory.getSharedInstance().getGoto().go(13);            
      17         }
      18     }
      19 }

Running it:

$ java -cp bin:asm-3.1.jar GotoClassLoader GotoDemo           
   3
   2
   1
   0
   Hello World!

Caveats

I spent all of 30 minutes on this, so there are some caveats:

  • No computed goto.
  • Jumping past a variable definition will cause the verifier to reject your class, if you're lucky.
  • It doesn't even handle packages properly; I didn't bother to swap dots and slashes.
  • All classes must be compiled with line number information.

Source code

Source code here. Requires the ASM library.

Comments