WebKitGTK 2.1.2 (Ubuntu 14.04) – Heap based Buffer Overflow

• Exploit Database
• 119 阅读

• 作者： Ren Kimura
  日期： 2017-08-19
• 类别：

  • local
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/44204/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46

  # CVE-2014-1303 PoC for Linux CVE-2014-1303 (WebKit Heap based BOF) proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability (CVE-2014-1303) on **Linux**.   **NOTE:** Original exploit is written for Mac OS X and PS4 (PlayStation4).   I&apos;ve ported and tested work on Ubuntu 14.04, [WebKitGTK 2.1.2](https://webkitgtk.org/releases/)   ## Usage Firstly you need to run simple web server, </code><code> $ python server.py </code><code> then </code><code> $ cd /path/to/webkitgtk2.1.2/ $ ./Programs/GtkLauncher http://localhost </code><code> You can run several tests like, - Crash ROP (Jump to invalid address like 0xdeadbeefdeadbeef) - Get PID (Get current PID) - Code Execution (Load and execute payload from outer network) - File System Dump (Dump "/dev" entries)   ## Description **exploit.html** .....trigger vulnerability and jump to ROP chain **scripts/roputil.js** .....utilities for ROP building **scripts/syscall.js** .....syscall ROP chains **scripts/code.js**.....hard coded remote loader **loader/**.....simple remote loader (written in C) **loader/bin2js**.....convert binary to js variables (for loader)   ## Purpose I&apos;ve created this WebKit PoC for education in my course. I couldn&apos;t, of course, use actual PS4 console in my lecture for legal reason :(   ## Reference CVE 2014-1303 Proof Of Concept for PS4 (https://github.com/Fire30/PS4-2014-1303-POC) Liang Chen, WEBKIT EVERYWHERE: SECURE OR NOT? [BHEU14] (https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not.PDF)     Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44204.zip