zer0pts CTF 2023 flipper (pwn) Author's Writeup
Written by [Xion]
Linux kernel heap-relative 1-bit flip primitive, LPE to read flag.
Xion leesh3288
leesh3288
/ !zer0pts_ctf_2023_flipper_author_writeup.md
Last active
July 29, 2023 09:15
zer0pts CTF 2023 flipper (pwn) Author's Writeup
leesh3288
/ vm2_3.9.19_sandbox_escape_2.md
Last active
March 30, 2024 07:00
Sandbox Escape in vm2@3.9.19 via custom inspect function
leesh3288
/ vm2_3.9.19_sandbox_escape_1.md
Last active
April 8, 2024 16:37
Sandbox Escape in vm2@3.9.19 via `Promise[@@species]`
leesh3288
/ vm2_3.9.16_sandbox_escape.md
Last active
April 7, 2024 01:14
Sandbox Escape in vm2@3.9.16
There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.
leesh3288
/ vm2_3.9.15_sandbox_escape.md
Last active
November 29, 2023 10:51
Sandbox Escape in vm2@3.9.15
There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.