Sergio Paganoni wizche
wizche
/ asov_checkshit_singlefile.txt
Created
December 15, 2019 08:16
— forked from andreafioraldi/asov_cheatshit_singlefile.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ___ ____ ______ __ | |
| / | / __ \/ ___/ | / / | |
| / /| |/ / / /\__ \| | / / | |
| / ___ / /_/ /___/ /| |/ / | |
| /_/__||||||_//____/ |___/__ _____ __ _ __ | |
| / ____/ /_ ___ _____/ /_/ ___// /_ (_) /_ | |
| / / / __ \/ _ \/ ___/ __/\__ \/ __ \/ / __/ | |
| / /___/ / / / __/ /__/ /_ ___/ / / / / / /_ | |
| \____/_/ /_/\___/\___/\__//____/_/ /_/_/\__/ |
wizche
/ exploit.js
Created
March 22, 2021 13:45
— forked from eboda/exploit.js
Exploit for Chakrazy challenge from PlaidCTF 2017 - ChakraCore exploit
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //////////////////////////////////////////////////////////////////////////// | |
| // | |
| // The vulnerability was that the following line of code could change the type of the | |
| // underlying Array from JavascriptNativeIntArray to JavascriptArray: | |
| // | |
| // spreadableCheckedAndTrue = JavascriptOperators::IsConcatSpreadable(aItem) != FALSE; | |
| // | |
| // As can be seen in the provided .diff, the check for whether the type of the pDestArray has changed | |
| // was removed. If the aItem then is not a JavascriptArray, the following code path is taken: | |
| // else |