Apple Safari 4.0.5 – ‘parent.close()’ Memory Corruption (ASLR + DEP Bypass)

• Exploit Database
• 117 阅读

• 作者： Alexey Sintsov
  日期： 2010-05-15
• 类别：

  • remote
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12614/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24

  Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/12614.zip (safari_parent_close_sintsov.zip)   Unzip and run START.htm   This exploit use JIT-SPRAY for DEP and ASLR bypass. jit-shellcode: system("notepad")   0day.html - use 0x09090101 address for CALL JITed shellcode.     START.htm -> iff.htm -> if1.htm -> 0day.html | | | | JIT-SPRAY parent.close(); 0x09090101 - JITed * ESI=0x09090101 shellcode * CALL ESI   By Alexey Sintsov from Digital Security Research Group   [www.dsecrg.com]