Post Reply 
JSProperties.ptxt bug
Jul. 19, 2011, 03:42 AM
Post: #1
JSProperties.ptxt bug
http://forum.proxcn.info/viewtopic.php?f=3&t=394

Am I the only one seeing a Proxomitron syntax error dialog at http://fxtrade.oanda.com/analysis/forex-order-book ?
You may have to open the Proxomitron's main dialog to see the error dialog.

.png  syntaxerror.png (Size: 10.5 KB / Downloads: 882)

JSProperties.ptxt contains

Code:
## ||||||||||||||||||||||||||||||||| Exploits |||||||||||||||||||||||||||||||||

FileSystemObject&                       $SET(#=.NOFileSystemObject)
  $SET(0=$TST(volat=*.log:[12]c.*)$ADDLST(Log-Rare,WEB JS_Prop\t.\3 \t\u)) &&\5

KeyFrame(^ [^(])&                       $SET(#=.NOKeyFrame)
  $SET(0=$TST(volat=*.log:[12]c.*)$ADDLST(Log-Rare,WEB JS_Prop\t.\3 \t\u)) &&\5

callee \)+ .toString \( \)&&            $SET(#=.NO)\#&
  $SET(0=$TST(volat=*.log:[12]c.*)$ADDLST(Log-Rare,WEB JS_Prop\t.\3 \t\u)) &&\5

setCLSID(^$TST(keyword=*.a_jsmeth.*))&  $SET(#=.NOsetCLSID)
  $SET(0=$TST(volat=*.log:[12]c.*)$ADDLST(Log-Rare,WEB JS_Prop\t.\3 \t\u)) &&\5

CreateObject (^$TST(keyword=*.a_jsmeth.*))
  $NEST(\(,(*\,)+{1} " ' ,\))&&         $SET(#=.NO)\#&
  $SET(0=$TST(volat=*.log:[12]c.*)$ADDLST(Log-Rare,WEB JS_Prop\t.\3 \t\u)) &&\5

fromCharCode \((^$TST(keyword=*.a_jsmeth.*))
  (^ enkripsi)(($INEST(\(,\))|*)\)&& parseInt \( [a-z_][a-z0-9_]+.substr*
  | [#0:*] \+ [#0:*]*|*(\^|\& (\(|255))*&&      $SET(#=\(prxVoidV,)\#)&
  $SET(0=$TST(volat=*.log:[12]c.*)$ADDLST(Log-Rare,WEB JS_Prop\t.\3 \t\u)) &&\5

The Match of "Block/Modify: Sel. JS Properties" and "<a>...: Block sel. JS Properties" contains "\3".
The Replace of "Block/Modify: Sel. JS Properties" and "<a>...: Block sel. JS Properties" contains "\0".

It looks like \3 may capture strings that cause problems when "$SET(0" executes $ADDLST.

For now, I'm changing \3 to $WESC(\3).
.ptxt  JSProperties.ptxt (Size: 5.06 KB / Downloads: 880)

This will make the Log-Rare entries look ugly, however.

Code:
WEB JS_Prop    .fromCharCode\(g.charCodeAt\(h\)^f\[\(f\[d\]\+f\[b\]\)%256\]\)     http://fxtrade.oanda.com/wandacache/ob-06a465144feb1de7a4850186d2dc70902306fa21.js

Filters in question
Code:
[Patterns]
Name = "Block/Modify: Sel. JS Properties     07.04.02 [sd] (d.2)"
Active = TRUE
URL = "($TST(hCT=*html)|$TYPE(js)|$TYPE(vbs))(^$TST(keyword=*.(a_js|a_jsprop).*))"
Limit = 128
Match = ".$TST(script=[1s]*)($LST(JSProperties))\3((^[a-z.])|.(^php|asp|cgi|htm)[a-z])\2"
        "&"
        "$SET(eHits=$TST(\5=$TST(hCT=*html)*)$GET(eHits)"
        "%3Cspan class=%22Pr0xFly-Span%22%3E$GET(mHead) JS Property:%3C/span%3E"
        "    $ESC(\3)%3Cbr class=%22Pr0xFly-Br%22 /%3E"
        ")"
        "($TST(volat=*.log:2*)$ADDLST(Log-Main,[$DTM(d T)]\tWEB JS_Prop\t.\3 \t\u)|)"
Replace = "\@\2\0"

Name = "<a>...: Block sel. JS Properties     09.05.20 (multi) [sd] (d.1)"
Active = TRUE
Multi = TRUE
URL = "$TST(hCT=*html)(^$TST(keyword=*.(a_js|a_jsprop).*))"
Limit = 1024
Match = "$NEST(<a\s(^class\=\\+"+Pr0XFl),(*\s|)(on[a-z]+=|href="+ javascript:)*,>)"
        "|$NEST(<body\s,(*\s|)on[a-z]+=*,>)"
        "|$NEST(<img,*\son[a-z]+=*,>)"
        "|$NEST(<base,*\son[a-z]+=*,>)"
        ""
        "&(^$TST(script=*)|$TST(comment=1))<\1\s"
        "&&("
        ""
        "\#(.($LST(JSProperties))\3([^a-z.]|.[a-z])\#|on("
        "(contextmenu|copy|cut|dragstart|paste|selectstart)\7=$AV(\6)"
        "|(mousedown)\7=$AV( return \(+ false&\6)"
        "|mouseover$SET(#=onmoueseover)"
        "(="status=($AV(*)|(\&[a-z0-9#]+;|[^;])++);)\# return (\(|)true(\)|);+$SET(3=overstatus)"
        ") )"
        "&&($TST(\6=*)$SET(3=\6)$SET(2=on\7)|(*\s((on[a-z]+)\2=|href="+ (javascript)\2:))+)"
        "($TST(volat=*.log:2*)$ADDLST(Log-Main,[$DTM(d T)]\tWEB JS_Prop_\1 \t\2 \t\3 \t\u)|)*"
        ""
        ")+{1,*}\#"
Replace = "\0\@"
Add Thank You Quote this message in a reply
Jul. 19, 2011, 09:36 AM
Post: #2
RE: JSProperties.ptxt bug
(Jul. 19, 2011 03:42 AM)JJoe Wrote:  Am I the only one seeing a Proxomitron syntax error dialog at http://fxtrade.oanda.com/analysis/forex-order-book ?
You may have to open the Proxomitron's main dialog to see the error dialog.

I didn't see that syntax error dialog with Proxomitron's main dialog opened.

It does was caught into Log-Rare without causing any problems:

Code:
WEB JS_Prop    .fromCharCode(g.charCodeAt(h)^f[(f[d]+f[b])%256])     http://fxtrade.oanda.com/wandacache/ob-06a465144feb1de7a4850186d2dc70902306fa21.js
Add Thank You Quote this message in a reply
Jul. 21, 2011, 05:25 AM
Post: #3
.
I also get the same Log-Rare entry with no error message.
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: