CVE-2011-3441
CVE-2011-3246
A series of regex-writing challenges.
A series of XSS challenges: here's some unsafe code; exploit it! Shortest code wins.

My CSS-fu is weak; please use a recent browser.

Some rights reserved.

Random, semi-related image by Robert Couse-Baker.

ASCII/UTF-8 SWFs

I needed some valid SWF files with constrained character sets for an injection PoC. Putting them here in case someone else needs some.

Valid UTF-8

Raw file | Hex | Disassembly

This one is technically not a valid SWF file, but undefined tags are ignored by the player, so it still works. The invalid chunks are needed to get around the fact that the push opcode (0x96) used to introduce string constants can only appear as part of a utf-8 sequence.

ASCII only

Raw file | Hex | Disassembly

This one avoids constants altogether by spinning its own strings out of pieces of fluff it finds lying around: The current time stamp xored with itself is 0. The length of "0" is 1. From there, you can use + to create the other positive integers, then pass them to ActionAsciiToChar to create the strings you need.

Alok's

Alok Menghrajani optimized the shit out of the ASCII flash. 79 bytes, no nulls, no high bytes. Needs parameters to work.

Comments