Javascript Exploits
Javascript Exploits¶
Awesome Browser Exploit Github
How it Works¶
Fuzzing¶
The Power-Of Pair
Browser Fuzzing
Taking Browsers Fuzzing To The Next (DOM) Level
DOM fuzzer - domato
browser fuzzing framework - morph
browser fuzzing and crash management framework - grinder
Browser Fuzzing with a Twist
Browser fuzzing - peach
从零开始学Fuzzing系列:浏览器挖掘框架Morph诞生记 Learn Fuzzing from Very Start: the Birth of Browser Vulnerability Detection Framework Morph(Chinese)
A Review of Fuzzing Tools and Methods
Writeup and Exploit Tech¶
it-sec catalog browser exploitation chapter Dead Link
2014 - Smashing The Browser: From Vulnerability Discovery To Exploit
smash the browser
JS library for writing exploits
Pwn2Own 2017: UAF in JSC::CachedCall
Collections¶
Browser logic-based vulnerabilities DB
Case Study of JavaScript Engine Vulnerabilities
Chrome v8¶
How it Works¶
v8 github mirror(docs within)
on-stack replacement in v8
A tour of V8: Garbage Collection
A tour of V8: object representation
v8 fast properties
learning v8
Write ups and Exploits¶
Mobile Pwn2Own Autumn 2013 - Chrome on Android - Exploit Writeup
Exploit an OOB bug in newer version of V8
IE¶
How it Works¶
Microsoft Edge MemGC Internals
Your Chakra Is Not Aligned
Write ups and Exploits¶
2014 - Write Once, Pwn Anywhere
2014 - IE 11 0day & Windows 8.1 Exploit
2014 - IE11 Sandbox Escapes Presentation
2015 - Spartan 0day & Exploit
2015 - 浏览器漏洞攻防对抗的艺术 Art of browser Vulnerability attack and defense (Chinese)
2016 - Windows 10 x64 edge 0day and exploit
2017 - 1-Day Browser & Kernel Exploitation
2017 - From Out of Memory to Remote Code Executio
2019 - Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1
IE Mitigation¶
Public slides and demo code of bypassing security protection in the latest Windows Internet Explorer.
2017 - CROSS THE WALL-BYPASS ALL MODERN MITIGATIONS OF MICROSOFT EDGE
Browser security mitigations against memory corruption vulnerabilities
Browsers and app specific security mitigation (Russian) part 1
Browsers and app specific security mitigation (Russian) part 2
Browsers and app specific security mitigation (Russian) part 3
Webkit¶
Write ups and Exploits¶
Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
setAttributeNodeNS UAF
How it Works¶
JSC loves ES6
JavaScriptCore, the WebKit JS implementation
saelo's Pwn2Own 2018 Safari + macOS
Write ups and Exploits¶
Attacking WebKit Applications by exploiting memory corruption bugs
Firefox¶
OR'LYEH? The Shadow over Firefox
Remote Code Execution in Firefox beyond memory corruptions
Write ups and Exploits¶
CVE-2018-5129: Out-of-bounds write with malformed IPC messages Dead Link
Safari¶
Pwn2Own 2017: UAF in JSC::CachedCall (WebKit)
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
Attribution is hard — at least for Dock: A Safari sandbox escape & LPE