CVE-2014-1303 (WebKit Heap based BOF) proof of concept for Linux.
This repository demonstrates the WebKit heap based buffer overflow vulnerability (CVE-2014-1303) on Linux.
NOTE: Original exploit is written for Mac OS X and PS4 (PlayStation4).
I've ported and tested work on Ubuntu 14.04, WebKitGTK 2.1.2
Firstly you need to run simple web server,
$ python server.py
then
$ cd /path/to/webkitgtk2.1.2/
$ ./Programs/GtkLauncher http://localhost
You can run several tests like,
- Crash ROP (Jump to invalid address like 0xdeadbeefdeadbeef)
- Get PID (Get current PID)
- Code Execution (Load and execute payload from outer network)
- File System Dump (Dump "/dev" entries)
exploit.html ..... trigger vulnerability and jump to ROP chain
scripts/roputil.js ..... utilities for ROP building
scripts/syscall.js ..... syscall ROP chains
scripts/code.js ..... hard coded remote loader
loader/ ..... simple remote loader (written in C)
loader/bin2js ..... convert binary to js variables (for loader)
I've created this WebKit PoC for education in my course.
I couldn't, of course, use actual PS4 console in my lecture for legal reason :(
CVE 2014-1303 Proof Of Concept for PS4
(https://github.com/Fire30/PS4-2014-1303-POC)
Liang Chen, WEBKIT EVERYWHERE: SECURE OR NOT? [BHEU14]
(https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not.PDF)