50

GitHub - exodusintel/CVE-2019-5786: FileReader Exploit

 5 years ago
source link: https://github.com/exodusintel/CVE-2019-5786
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

README.md

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86.

This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe.

  • host iframe.html on one site and exploit.html, exploit.js and wokrer.js on another. Change line 13 in iframe.html to the URL of exploit.html
  • start chrome with the --no-sandbox argument
  • navigate to iframe.html

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK