Part 4: We finally look at the actual exploit code. We start by understanding the addrof() primitive used to leak the address of a JavaScript object in memory.

test.js: https://gist.github.com/LiveOverflow/ee5fb772334ec985094f77c91be60492
Crash investigation: https://webkit.org/blog/6411/javascriptcore-csi-a-crash-site-investigation-story/
The Exploit: https://github.com/LinusHenze/WebKit-RegEx-Exploit
The Fix: https://github.com/WebKit/webkit/commit/7cf9d2911af9f255e0301ea16604c9fa4af340e2?diff=split#diff-fb5fbac6e9d7542468cfeed930e241c0L66
Saelo's exploit: https://github.com/saelo/cve-2018-4233/blob/master/pwn.js

Playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t

-=[ 🕴️Advertisement ]=-

This video is supported by SSD Secure Disclosure: https://ssd-disclosure.com/
Offensive Security Conference TyphoonCon: https://typhooncon.com/

-=[ ❤️ Support ]=-

→ per Video: https://www.patreon.com/join/liveoverflow
→ per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join

-=[ 🔴 Stuff I use ]=-

→ Microphone:* https://amzn.to/2LW6ldx
→ Graphics tablet:* https://amzn.to/2C8djYj
→ Camera#1 for streaming:* https://amzn.to/2SJ66VM
→ Lens for streaming:* https://amzn.to/2CdG31I
→ Connect Camera#1 to PC:* https://amzn.to/2VDRhWj
→ Camera#2 for electronics:* https://amzn.to/2LWxehv
→ Lens for macro shots:* https://amzn.to/2C5tXrw
→ Keyboard:* https://amzn.to/2LZgCFD
→ Headphones:* https://amzn.to/2M2KhxW

-=[ 🐕 Social ]=-

→ Twitter: https://twitter.com/LiveOverflow/
→ Website: https://liveoverflow.com/
→ Subreddit: https://www.reddit.com/r/LiveOverflow/
→ Facebook: https://www.facebook.com/LiveOverflow/

-=[ 📄 P.S. ]=-

All links with "*" are affiliate links.
LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm.

#browserexploitation