Skip to content

Instantly share code, notes, and snippets.

View leesh3288's full-sized avatar

Xion leesh3288

  • Carnegie Mellon University
  • Pittsburgh, PA
  • X @0x10n
View GitHub Profile
@leesh3288
leesh3288 / !zer0pts_ctf_2023_flipper_author_writeup.md
Last active July 29, 2023 09:15
zer0pts CTF 2023 flipper (pwn) Author's Writeup

zer0pts CTF 2023 flipper (pwn) Author's Writeup

Written by [Xion]

Challenge Summary

Linux kernel heap-relative 1-bit flip primitive, LPE to read flag.

Author's solution

@leesh3288
leesh3288 / vm2_3.9.19_sandbox_escape_2.md
Last active July 19, 2024 22:44
Sandbox Escape in vm2@3.9.19 via custom inspect function

Sandbox Escape in vm2@3.9.19 via custom inspect function

Summary

In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.19_sandbox_escape_1.md
Last active July 19, 2024 22:43
Sandbox Escape in vm2@3.9.19 via `Promise[@@species]`

Sandbox Escape in vm2@3.9.19 via Promise[@@species]

Summary

In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with @@species accessor property allowing attackers to escape the sandbox and run arbitrary code.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.16_sandbox_escape.md
Last active April 7, 2024 01:14
Sandbox Escape in vm2@3.9.16

Sandbox Escape in vm2@3.9.16

Summary

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.15_sandbox_escape.md
Last active November 29, 2023 10:51
Sandbox Escape in vm2@3.9.15

Sandbox Escape in vm2@3.9.15

Summary

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept