关联漏洞
标题:
Google Chrome V8 缓冲区错误漏洞
(CVE-2017-15428)
描述:Google Chrome是美国谷歌(Google)公司开发的一款Web浏览器。V8是其中的一套开源JavaScript引擎。 Google Chrome 62.0.3202.94之前版本中的V8存在越界读取漏洞,该漏洞源于V8 builtins字符串生成器没有进行充分的数据验证。远程攻击者可借助特制的HTML页面利用该漏洞在沙盒内执行任意代码。
描述
An exploit for CVE-2017-15428
介绍
# CVE-2017-15428
## Information
This is an exploit for the V8 vulnerability [CVE-2017-15428](https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html), which was discovered in 2017 by Zhao Qixun (@S0rryMybad) of the Qihoo 360 Vulcan Team. I did not have any involvement in the discovery of this bug. This exploit was written as part of my final year thesis at university.
## Acknowledgments
- Samuel Groß for dependencies utilized on this exploit.
- Richard Zhu & Amat Cama [for their work on CVE-2019-13698](https://www.secrss.com/articles/12165).
文件快照
[4.0K] /data/pocs/30b4869d8a9a1c378f1bde601bc2fab8279490e2
├── [ 276] exploit.html
├── [5.0K] int64.js
├── [ 584] README.md
├── [ 443] ready.js
├── [4.0K] shellcode_dev
│ ├── [ 284] asm_to_shellcode
│ ├── [ 74] compile_exec
│ ├── [ 589] execve.asm
│ ├── [ 298] shellcode.asm
│ └── [ 229] shellcode.cc
├── [7.5K] test-minified.js
└── [2.2K] utils.js
1 directory, 11 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。