Closed GoogleCodeExporter closed 9 years ago
Hi!
Thanks for the suggestion and info! The main problem with this exploit is that
it generates some errors if you try to emulate the JS code encoded with the
jjencoder:
PyV8
RangeError: Maximum call stack size exceeded ( @ 0: -1 )
SpiderMonkey
exception from uncaught JavaScript throw: java.lang.StackOverflowError
I will try to talk with the people involved in the development of PyV8 to see
if it can be solved. If not, then probably I will add this feature ;)
Original comment by josemigu...@gmail.com
on 15 Dec 2013 at 2:23
Taking a further look at this I have seen that being able to modify the stack
limit when the Javascript code is executed in PyV8 would solve the problem. I
am waiting for a response about it...
It is similar to this request and solution:
https://code.google.com/p/v8/issues/detail?id=2896
Original comment by josemigu...@gmail.com
on 15 Dec 2013 at 7:02
A new command (js_jjdecode) has been added in r210 to decode this type of
obfuscated Javascript code. Also, updating the PyV8 version it is possible to
change the stacklimit and avoid the error "Maximum call stack size exceeded".
This change will be added soon.
Original comment by josemigu...@gmail.com
on 2 Feb 2014 at 7:56
Original issue reported on code.google.com by
poxyran...@gmail.com
on 12 Dec 2013 at 12:28