Giters

cloudwindby / browser_pwn

browser pwn, main work now

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

browser_pwn

browser pwn, main work now.

writeup will be published on zxsq at first, and then on my blog after a while.

  • browser_pwn_basic_knowledge

    description: some basic knowledge and scripts of browser pwn.

    related link: None

    finished date: 2019

  • starctf2019-oob

    description: d8 basic pwn game, with oob vuln.

    writeup: https://t.zsxq.com/VrrfyBm

    related link: None

    finished date: 2019

  • 数字经济-final-browser

    description: callback of Object::ToNumber to form uaf and oob write.

    writeup: https://t.zsxq.com/z7MzbYn

    related link: None

    finished date: 2019

  • plaidctf2018-roll_a_d8

    description: oob vuln in array.form

    writeup: https://t.zsxq.com/iybi2JE

    related link: chromium commit

    finished date: 2019

  • array_prototype_map_oob_write

    description: a oob write vuln in array.prototype.map function, with abusing use of Symbol.species

    writeup: https://t.zsxq.com/6IufUBI

    official link: chromium commit

    finished date: 2019

  • cve-2018-17463

    description: ObjectCreate's side effect annotation

    writeup: https://t.zsxq.com/ynUvNni

    official link: chromium commit

    finished date: 2020.01.06

  • 34c3ctf-v9

    description: exp for v9 in 34c3ctf, bug in redundancy-elimination

    writeup: https://t.zsxq.com/jqv3JEE

    official link: v9

    finished date: 2020.01.12

  • 35c3ctf-krautflare

    description: exp for krautflare in 34c3ctf, bug in type optimization

    writeup: https://t.zsxq.com/3ZRFEIi

    official link: Issue 1710: Chrome: V8: incorrect type information on Math.expm1

    finished date: 2020.01.25

  • google-ctf2018-final-just-in-time

    description: exp for just in time game in google ctf 2018 final, bug in type optimization, with the characteristic of Number.MAX_SAFE_INTEGER.

    writeup: https://t.zsxq.com/JMnUFyV

    official link: pwn-just-in-time

    finished date: 2020.02.04

  • qwb2019-final-groupupjs

    description: exp for qwb 2019 final groupupjs, oob bug in kUint32LessThan.

    writeup: https://t.zsxq.com/3jaaieI

    official link: None

    finished date: 2020.02.08

  • cve-2016-5168

    description: invalidate stable map assumption for globals on creankshaft, exploit with null String object

    writeup: https://t.zsxq.com/bey3NjI

    official link: Fix

    finished date: 2020.02.18

  • cve-2017-5070

    description: invalid side effection judge for global value.

    writeup: None

    official link: issue

    finished date: 2020.02.24

  • cve-2020-6418

    description: JSCreate can have side effects, bug in receiver maps inference.

    writeup: browser-pwn cve-2020-6418漏洞分析

    official link: commit

    finished date: 2020.02.28

About

browser pwn, main work now

Languages

Language:C++ 67.4%Language:Assembly 22.0%Language:JavaScript 10.5%Language:Shell 0.1%