Code Monkey home page Code Monkey logo

browser_pwn's Introduction

browser_pwn

browser pwn, main work now.

  • browser_pwn_basic_knowledge

    description: some basic knowledge and scripts of browser pwn.

    related link: None

    finished date: 2019

  • starctf2019-oob

    description: d8 basic pwn game, with oob vuln.

    writeup: None

    related link: None

  • 数字经济-final-browser

    description: callback of Object::ToNumber to form uaf and oob write.

    writeup: None

    related link: None

    finished date: 2019

  • plaidctf2018-roll_a_d8

    description: oob vuln in array.form

    writeup: None

    related link: chromium commit

    finished date: 2019

  • array_prototype_map_oob_write

    description: a oob write vuln in array.prototype.map function, with abusing use of Symbol.species

    writeup: None

    official link: chromium commit

    finished date: 2019

  • cve-2018-17463

    description: ObjectCreate's side effect annotation

    writeup: None

    official link: chromium commit

    finished date: 2020

  • 34c3ctf-v9

    description: exp for v9 in 34c3ctf, bug in redundancy-elimination

    writeup: None

    official link: v9

    finished date: 2020

  • 35c3ctf-krautflare

    description: exp for krautflare in 34c3ctf, bug in type optimization

    writeup: None

    official link: Issue 1710: Chrome: V8: incorrect type information on Math.expm1

    finished date: 2020

  • google-ctf2018-final-just-in-time

    description: exp for just in time game in google ctf 2018 final, bug in type optimization, with the characteristic of Number.MAX_SAFE_INTEGER.

    writeup: None

    official link: pwn-just-in-time

    finished date: 2020

  • qwb2019-final-groupupjs

    description: exp for qwb 2019 final groupupjs, oob bug in kUint32LessThan.

    writeup: None

    official link: None

    finished date: 2020

  • cve-2016-5168

    description: invalidate stable map assumption for globals on creankshaft, exploit with null String object

    writeup: None

    official link: Fix

    finished date: 2020

  • cve-2017-5070

    description: invalid side effection judge for global value.

    writeup: None

    official link: issue

    finished date: 2020

  • cve-2020-6418

    description: JSCreate can have side effects, bug in receiver maps inference.

    writeup: browser-pwn cve-2020-6418漏洞分析

    official link: commit

    finished date: 2020

  • Issue 762874

    description: The Typer put the wrong type on String.indexOf and String.lastIndexOf builtins, with an off by one on the upper bound. exploit it on version 6.3 and 7.4

    writeup: None

    official link: commit-762874

    commit-7bb6dc0e06fa158df508bc8997f0fce4e33512a5

    finished date: 2020

  • Issue 913296

    description: wrong typing of SpeculativeSafeIntegerSubtract, just a poc, failed to build exploit.

    writeup: None

    official link: commit-913296

    finished date: 2020

  • cve-2019-5782

    description: wrong typing of ArgumentsLength, easy to exploit.

    writeup: None

    official link: commit-8e4588915ba7a9d9d744075781cea114d49f0c7b

    finished date: 2020

  • issue-944062

    description: missing map checks in the reducer of array.indexOf and array.includes.

    writeup: None

    official link: commit-e80082bf549aa26d6e30f114a23a05df9c510849

    finished date: 2020

  • issue-746946

    description: error generate elements kind transitions from stable maps..

    writeup: None

    official link: commit-ea55b873f2ed8336604540a532cbd460eeb66430

    finished date: 2020

  • rwctf2019-Accessible

    description: deleting the FieldTypeDependency of property access cuases the vuln

    writeup: None

    official link: None

    finished date: 2020

  • wctf2019-Independence_Day

    description: patch compilation dependancy and no expose wasm problem

    writeup: None

    official link: Independence Day (win)

    finished date: 2020

  • issue-941743

    description: Array.prototype.map wrong ElementsKind for output array.

    writeup: None

    official link: commit

    finished date: 2020

  • issue-799263

    description: missing Kill transition-kind source map in load elimination.

    writeup: None

    official link: commit

    finished date: 2020

browser_pwn's People

Contributors

crackercat avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.