Git Product home page Git Product logo

cve-2019-5786's Introduction

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86.

This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe.

  • host iframe.html on one site and exploit.html, exploit.js and wokrer.js on another. Change line 13 in iframe.html to the URL of exploit.html
  • start chrome with the --no-sandbox argument
  • navigate to iframe.html

cve-2019-5786's People

Contributors

exodusintel avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

fcpasses harry1080 bb33bb 4ga1n diazraelwang mm0x00 killvxk crackercat thomasking2014 sdxztysan dothanthitiendiettiende raystyle allpaca leonluffy eternalsakura nask0 dezhub fatgrass hyabcd ormicron pentestbr hckmaple aaaaagold liuchengyan fengzihk slowmistio nu110x benderpan steven1ay appleu0 secoba 1337g samouly shimizukawasaki chennqqi cc-crack lcamry maplege chandler2009 barretlee simon0105 hhy5277 like0x shantanu561993 qing-q wutongyudemo ch-rigu iamawhalez uncia littledj007 amesianx anquanscan superf0sh qsdj ch0pin 0xr0 halcon1698 naeemshah lsh4ck cybathreat k1ns0 imulmul soulxhades unlimitedg idkwim dohki c0de3 modulexcite kliebenberg 5l1v3r1 fengjixuchui darkfunct mmg1 ddddyyy hhhhelix armorunicorn ckexploits reshahar anti-ghosts afwu

cve-2019-5786's Issues

Why sandbox must be disabled?

I am confused, why does the POC require to disable sandbox while in actual exploit it is not a requirement.
thanks

Can't reproduce

Let me know if I'm doing something stupid. On a Linux host OS, I modify iframe.html to use my exploit.html: e.g:

git diff
diff --git a/iframe.html b/iframe.html
index c4c9d91..4e017bb 100644
--- a/iframe.html
+++ b/iframe.html
@@ -10,7 +10,7 @@
                 } catch (e) {}

                 iframe = document.createElement('iframe');
-                iframe.src = 'http://127.0.0.1/exploit.html';
+                iframe.src = 'http://192.168.1.9:8000/exploit.html';
                 iframe.id = 'myframe';
                 document.body.appendChild(iframe);
                 console.log(document.getElementById('myframe'));

Then I use python -m SimpleHTTPServer to host it.
With a Windows 7 (I tried both x86 and x64) VM, with Google_Chrome_(32bit)_v72.0.3626.119.exe, and, chrome.exe --no-sandbox.

I always get the same result after the iframe refreshes:

VirtualBox_Windows 7 (x86)_04_05_2019_17_54_49

I was expecting to see calc.exe
Many thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.