23 lines
484 B
Text
Executable file
23 lines
484 B
Text
Executable file
Download:
|
|
http://www.exploit-db.com/sploits/safari_parent_close_sintsov.zip
|
|
|
|
Unzip and run START.htm
|
|
|
|
This exploit use JIT-SPRAY for DEP and ASLR bypass.
|
|
jit-shellcode: system("notepad")
|
|
|
|
0day.html - use 0x09090101 address for CALL JITed shellcode.
|
|
|
|
|
|
START.htm -> iff.htm -> if1.htm -> 0day.html
|
|
| |
|
|
| |
|
|
JIT-SPRAY parent.close();
|
|
0x09090101 - JITed * ESI=0x09090101
|
|
shellcode * CALL ESI
|
|
|
|
By Alexey Sintsov
|
|
from
|
|
Digital Security Research Group
|
|
|
|
[www.dsecrg.com]
|