Chen Qin hellok
hellok
/ gist:5187002
Created
March 18, 2013 13:04
CVE-2013-1493 EXP get from some online hex-editor
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* */ import java.applet.Applet; | |
| /* */ import java.awt.color.ColorSpace; | |
| /* */ import java.awt.image.BufferedImage; | |
| /* */ import java.awt.image.ColorConvertOp; | |
| /* */ import java.awt.image.ColorModel; | |
| /* */ import java.awt.image.ComponentColorModel; | |
| /* */ import java.awt.image.ComponentSampleModel; | |
| /* */ import java.awt.image.DataBuffer; | |
| /* */ import java.awt.image.SampleModel; | |
| /* */ import java.awt.image.WritableRaster; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://stealth.openwall.net/xSports/clown-newuser.c | |
| http://www.openwall.com/lists/oss-security/2013/03/13/8 | |
| Seems like CLONE_NEWUSER|CLONE_FS might be a forbidden | |
| combination. | |
| During evaluating the new user namespace thingie, it turned out | |
| that its trivially exploitable to get a (real) uid 0, | |
| as demonstrated here: | |
| The trick is to setup a chroot in your CLONE_NEWUSER, | |
| but also affecting the parent, which is running |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://blog.chromium.org/2013/03/pwnium-3-and-pwn2own-results.html | |
| https://sites.google.com/a/chromium.org/dev/Home/chromium-security | |
| use three bugs | |
| two: | |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0913 | |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0915 | |
| http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git;a=commit;h=c79efdf2b7f68f985922a8272d64269ecd490477 | |
| also: | |
| http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html |
hellok
/ CVE-2013-1427
Last active
December 15, 2015 03:39
#Insecure Temporary File Creation Vulnerability# lighttpd CVE-2013-1427
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://cwe.mitre.org/data/definitions/377.html | |
| http://book.douban.com/subject/3030910/ | |
| http://book.douban.com/subject/1775982/ | |
| http://seclists.org/fulldisclosure/2013/Mar/153 | |
| lighttpd is prone to an insecure temporary-file-creation vulnerability. | |
| Local attackers may be able to perform symbolic-link attacks to overwrite arbitrary files in the context of the affected application. Other attacks may also be possible. |
hellok
/ gist:5202679
Last active
December 15, 2015 04:38
#half-day bug#incredible excellent #SVM##cool#
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://immunityinc.com/downloads/infiltrate_miaubiz.pdf |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://cansecwest.com/csw13archive.html | |
| article: | |
| 1.An Android Hacker's Journey | |
| //Ecosystem | |
| //Attack Surface:Like an ocean… | |
| //for book:Android Hacker’s Handbook | |
| 2.Reflecting on Reflection - Exploiting Reflection Vulnerabilities in Managed Languages | |
| //.net&&java exploit |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-1796 | |
| https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=c300aa64ddf57d9c5d9c898a64b36877345dd4a9 | |
| KVM: x86: fix for buffer overflow in handling of MSR_KVM_SYSTEM_TIME (CVE-2013-1796) |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
hellok
/ dongda_4-15.html
Created
April 16, 2013 11:11
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <html> | |
| <head> | |
| <script type="text/javascript" src="./deployJava.js"></script> | |
| <script type="text/javascript" src="./swfobject.js"></script> | |
| </head> | |
| <body></body> | |
| <script type="text/javascript"> | |
| function Get() { | |
| var Then = new Date() ; |
hellok
/ syscan2013.txt
Last active
December 17, 2015 01:48
awesome!
1.Bochspwn: Exploiting Kernel Race Conditions Found via Memory Access Patterns
2.fuzzing on arm
3.mxss
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http://syscan.org/index.php/download/get/ddb4560bbc9413c5f10a65da68a49c8a/SyScan2013_DAY2_SPEAKER09_j00ru_Coldwind_Exploiting_Kernel_Race_Conditions_Found_via_Memory_Access_Patterns.zip | |
| http://syscan.org/index.php/download/get/58c49d4dc30f29bb144d5f48459c193d/SyScan2013_DAY2_SPEAKER11_Miaubiz_Coaching_A_Squad_of_Allwinners.zip | |
| http://syscan.org/index.php/download/get/05ed4f38660638e775f8e291bfc4e970/SyScan2013_DAY1_SPEAKER04_Mario_Heiderich_innerhtml_apocalypse.zip |