Commit Graph

9 Commits (15345da9d8d2982aaf29efef7a9d96edbb62cc65)

Author SHA1 Message Date
William Vu 61b30e8b60
Land #2869, pre-release title/desc fixes 2014-01-13 14:29:27 -06:00
Tod Beardsley 671027a126
Pre-release title/desc fixes 2014-01-13 13:57:34 -06:00
Joe Vennix f11322b29f Oh right, msftidy. 2014-01-13 13:44:34 -06:00
Joe Vennix f78ec1eeb2 Make sure we unwrap the SecurityWrapper. 2014-01-12 10:46:23 -06:00
Joe Vennix fb1a038024 Update async API to actually be async in all cases.
This avoids zalgo. Also optionally checks the return value
of the compiled Function in XSS to allow you to use send()
or an explicit return, which is maybe more natural for
synchronous xss payloads.
2014-01-07 16:17:34 -06:00
Joe Vennix 49d1285d1b Add explicit json require. 2014-01-06 11:15:10 -06:00
Joe Vennix 723c0480ab Fix description to be accurate. 2014-01-04 19:06:01 -06:00
Joe Vennix f2f68a61aa Use shell primitives instead of resorting to
echo hacks.
2014-01-04 19:00:36 -06:00
Joe Vennix b9c46cde47 Refactor runCmd, allow js exec.
* Updates exec payload to not touch disk
* Adds XSS module that uses hiddenWindow (to avoid X-Frame-Options)
2014-01-04 08:46:57 -06:00