Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // <6.00 bug (not exploitable) found by TheFloW, JS adaptation by CelesteBlue only useful for when we find an actual vulnerable syscall
- var try_sys_randomized_path_leak = function() {
- var mem = p.malloc(0x1000000); // allocate buffer
- alert(p.hexdump(mem, 0x500)); // display zeroed buffer
- var len_pointer = p.malloc(0x08); // allocate length
- p.write8(len_pointer, new int64(0, 2147483648)); // write length: 0x8000000000000000
- alert(p.hexdump(len_pointer, 8)); // display length
- alert(p.syscall("sys_randomized_path", 0, mem, len_pointer)); // trigger bug
- alert(p.hexdump(mem, 0x500)); // display buffer, should have been modified if success
- };
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement