[ tor-browser ].git.dasho

509075-1.html (601B)

      1 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
      2 <html>
      3  <script>
      4 
      5    var txt = document.createTextNode("");
      6    var b = document.createElement("b");
      7    var w = b["watch"];
      8    var txtdg = txt["__lookupGetter__"];
      9    w["__defineGetter__"]("toString",txtdg);
     10    var obj = {
     11      variable: 910,
     12      fun: function() {
     13        w["toString"]();
     14      }
     15    };
     16 
     17    function vuln()
     18    {
     19      window.status = "" + obj.variable;
     20      try{
     21        obj.fun();
     22      }catch(er){}
     23      return obj;
     24    }
     25 
     26    var ret = vuln();
     27  </script>
     28 </html>

	tor-browser The Tor Browser
	git clone https://git.dasho.dev/tor-browser.git
	Log \| Files \| Refs \| README \| LICENSE