CVE-2017-15428 PoC — Google Chrome V8 缓冲区错误漏洞

Source

https://github.com/w1ldb1t/CVE-2017-15428

Associated Vulnerability

Title:Google Chrome V8 缓冲区错误漏洞 (CVE-2017-15428)
Description:Insufficient data validation in V8 builtins string generator could lead to out of bounds read and write access in V8 in Google Chrome prior to 62.0.3202.94 and allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

Description

An exploit for CVE-2017-15428.

Readme

# CVE-2017-15428

## Information

This is an exploit for the V8 vulnerability [CVE-2017-15428](https://chromereleases.googleblog.com/2017/11/stable-channel-update-for-desktop_13.html), which was discovered in 2017 by Zhao Qixun (@S0rryMybad) of the Qihoo 360 Vulcan Team. I did not have any involvement in the discovery of this bug. This exploit was written as part of my final year thesis at university.

## Acknowledgments

- Samuel Groß for dependencies utilized on this exploit.
- Richard Zhu & Amat Cama [for their work on CVE-2019-13698](https://www.secrss.com/articles/12165).

File Snapshot


 [4.0K]  /data/pocs/a2b57359aa48255d959ab4bf574ec6d1574c3047
├── [ 276]  exploit.html
├── [5.0K]  int64.js
├── [ 584]  README.md
├── [ 443]  ready.js
├── [4.0K]  shellcode_dev
│   ├── [ 284]  asm_to_shellcode
│   ├── [  74]  compile_exec
│   ├── [ 589]  execve.asm
│   ├── [ 298]  shellcode.asm
│   └── [ 229]  shellcode.cc
├── [7.5K]  test-minified.js
└── [2.2K]  utils.js

1 directory, 11 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!