This only gives you code execution in userland.This vulnerability was patched in 6.50 firmware!.wkexploit.js - Contains the heart of the WebKit exploit.syscalls.js - Contains an (incomplete) list of system calls to use for post-exploit stuff.rop.js - Contains a framework for ROP chains. index.html - Contains post-exploit code, going from arb.Note: It's been patched in the 6.50 firmware update. Credit for the bug discovery is to lokihardt from Google Project Zero (p0). It will then setup a framework to run ROP chains in index.html and by default will provide two hyperlinks to run test ROP chains - one for running the sys_getpid() syscall, and the other for running the sys_getuid() syscall to get the PID and user ID of the process respectively.Įach file contains a comment at the top giving a brief explanation of what the file contains and how the exploit works. The exploit first establishes an arbitrary read/write primitive as well as an arbitrary object address leak in wkexploit.js. This repo contains a proof-of-concept (PoC) RCE exploit targeting the PlayStation 4 on firmware 6.20 leveraging CVE-2018-4441.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |