CVE-2017-15428 PoC — Google Chrome V8 缓冲区错误漏洞

Source

https://github.com/w1ldb1t/CVE-2017-15428

Associated Vulnerability

Title:Google Chrome V8 缓冲区错误漏洞 (CVE-2017-15428)
Description:Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。V8是其中的一套开源JavaScript引擎。 Google Chrome 62.0.3202.94之前版本中的V8存在越界读取漏洞，该漏洞源于V8 builtins字符串生成器没有进行充分的数据验证。远程攻击者可借助特制的HTML页面利用该漏洞在沙盒内执行任意代码。

Description

An exploit for CVE-2017-15428.

Readme

# CVE-2017-15428

## Information

This is an exploit for the V8 vulnerability [CVE-2017-15428](https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html), which was discovered in 2017 by Zhao Qixun (@S0rryMybad) of the Qihoo 360 Vulcan Team. I did not have any involvement in the discovery of this bug. This exploit was written as part of my final year thesis at university.

## Acknowledgments

- Samuel Groß for dependencies utilized on this exploit.
- Richard Zhu & Amat Cama [for their work on CVE-2019-13698](https://www.secrss.com/articles/12165).

File Snapshot


 [4.0K]  /data/pocs/a2b57359aa48255d959ab4bf574ec6d1574c3047
├── [ 276]  exploit.html
├── [5.0K]  int64.js
├── [ 584]  README.md
├── [ 443]  ready.js
├── [4.0K]  shellcode_dev
│   ├── [ 284]  asm_to_shellcode
│   ├── [  74]  compile_exec
│   ├── [ 589]  execve.asm
│   ├── [ 298]  shellcode.asm
│   └── [ 229]  shellcode.cc
├── [7.5K]  test-minified.js
└── [2.2K]  utils.js

1 directory, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!