2019-06-16
[public] 34.8K views, 1.33K likes, 11.0 dislikes audio only
Part 4: We finally look at the actual exploit code. We start by understanding the addrof() primitive used to leak the address of a JavaScript object in memory.
test.js: https://gist.github.com/LiveOverflow/ee5fb772334ec985094f77c91be60492
Crash investigation: https://webkit.org/blog/6411/javascriptcore-csi-a-crash-site-investigation-story/
The Exploit: https://github.com/LinusHenze/WebKit-RegEx-Exploit
Saelo's exploit: https://github.com/saelo/cve-2018-4233/blob/master/pwn.js
Playlist: /youtube/video/5tEdSoZ3mmE
-=[ π΄οΈAdvertisement ]=-
This video is supported by SSD Secure Disclosure: https://ssd-disclosure.com/
Offensive Security Conference TyphoonCon: https://typhooncon.com/
-=[ β€οΈ Support ]=-
β per Video: https://www.patreon.com/join/liveoverflow
β per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join
-=[ π΄ Stuff I use ]=-
β Microphone:* https://geni.us/ntg3b
β Graphics tablet:* https://geni.us/wacom-intuos
β Camera#1 for streaming:* https://geni.us/sony-camera
β Lens for streaming:* https://geni.us/sony-lense
β Connect Camera#1 to PC:* https://geni.us/cam-link
β Keyboard:* https://geni.us/mech-keyboard
β Old Microphone:* https://geni.us/mic-at2020usb
US Store Front:* https://www.amazon.com/shop/liveoverflow
-=[ π Social ]=-
β Twitter: https://twitter.com/LiveOverflow/
β Website: https://liveoverflow.com/
β Subreddit: https://www.reddit.com/r/LiveOverflow/
β Facebook: https://www.facebook.com/LiveOverflow/
-=[ π P.S. ]=-
All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.
#browserexploitation