Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1020 CNY

100%
Buy Us a Coffee

CVE-2019-5786 PoC — Google Chrome FileReader 资源管理错误漏洞

Source
https://github.com/exodusintel/CVE-2019-5786
Associated Vulnerability
Title:Google Chrome FileReader 资源管理错误漏洞 (CVE-2019-5786)
Description:Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
Description
FileReader Exploit
Readme
CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86. 

This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe.

* host iframe.html on one site and exploit.html, exploit.js and wokrer.js on another. Change line 13 in iframe.html to the URL of exploit.html
* start chrome with the --no-sandbox argument
* navigate to iframe.html
File Snapshot

 [4.0K]  /data/pocs/b8f461d499721825f959801599e5c10a7986ba7d
├── [ 219]  exploit.html
├── [ 11K]  exploit.js
├── [1.1K]  iframe.html
├── [ 483]  README.md
└── [  30]  worker.js

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →