23 lines
No EOL
550 B
Text
23 lines
No EOL
550 B
Text
Download:
|
|
https://github.com/offensive-security/exploit-database-bin-sploits/raw/master/bin-sploits/12614.zip (safari_parent_close_sintsov.zip)
|
|
|
|
Unzip and run START.htm
|
|
|
|
This exploit use JIT-SPRAY for DEP and ASLR bypass.
|
|
jit-shellcode: system("notepad")
|
|
|
|
0day.html - use 0x09090101 address for CALL JITed shellcode.
|
|
|
|
|
|
START.htm -> iff.htm -> if1.htm -> 0day.html
|
|
| |
|
|
| |
|
|
JIT-SPRAY parent.close();
|
|
0x09090101 - JITed * ESI=0x09090101
|
|
shellcode * CALL ESI
|
|
|
|
By Alexey Sintsov
|
|
from
|
|
Digital Security Research Group
|
|
|
|
[www.dsecrg.com] |