CVE-2019-5786 PoC — Google Chrome FileReader 资源管理错误漏洞

Source

https://github.com/exodusintel/CVE-2019-5786

Associated Vulnerability

Title:Google Chrome FileReader 资源管理错误漏洞 (CVE-2019-5786)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。FileReader是其中的一个文件读取插件。 Google Chrome 72.0.3626.121之前版本中的FileReader存在资源管理错误漏洞。攻击者可利用该漏洞在浏览器的上下文中执行任意代码或可能造成拒绝服务。

Description

FileReader Exploit

Readme

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86. 

This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe.

* host iframe.html on one site and exploit.html, exploit.js and wokrer.js on another. Change line 13 in iframe.html to the URL of exploit.html
* start chrome with the --no-sandbox argument
* navigate to iframe.html

File Snapshot


 [4.0K]  /data/pocs/b8f461d499721825f959801599e5c10a7986ba7d
├── [ 219]  exploit.html
├── [ 11K]  exploit.js
├── [1.1K]  iframe.html
├── [ 483]  README.md
└── [  30]  worker.js

0 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!