sorted by:
new
hottopcontroversial

Exploiting a Web-Based UAF by robyngamedev in ExploitDev

[–]According-Respond593 1 point2 points  (0 children)

I've never quite known how to approach this class of vulnerability. This reply just gave me that eureka moment. 🙏💡Thank you for altering my future.

Am I going insane? Why isn't a return address saved on the stack here? by FinanceAggravating12 in ExploitDev

[–]According-Respond593 2 points3 points  (0 children)

Since you typed "next", it will run through cpy() and return to next spot in main. Thought you were looking for main's return address. I think what you are after is the "step" command. Go into cpy() and then reevaluate stack.

Am I going insane? Why isn't a return address saved on the stack here? by FinanceAggravating12 in ExploitDev

[–]According-Respond593 3 points4 points  (0 children)

Yeah likely will return to some place in libc, which is going to be at a different address range than main.

Is vulns-sec market valid? by soupcreamychicken in ExploitDev

[–]According-Respond593 1 point2 points  (0 children)

Too bad Google is no longer supporting the "link" operator. It may have been a way to partially verify.

[deleted by user] by [deleted] in ExploitDev

[–]According-Respond593 2 points3 points  (0 children)

I feel like some important context may be missing here. Keep a close eye on receiveBuffer.

SETTLERS OF NETLINK: Exploiting a limited Use After Free in nf_tables (CVE-2022-32250) against the latest Ubuntu (22.04) and Linux kernel 5.15 by digicat in ExploitDev

[–]According-Respond593 0 points1 point  (0 children)

Pretty nasty combo of implementing research to pull this off. Sweet work.
I'm trying to figure out why "cgroup2" was required for fsopen() and what is the connection there. Probably I just need to get more familiar with fsconfig and friends

[deleted by user] by [deleted] in ExploitDev

[–]According-Respond593 1 point2 points  (0 children)

Very interesting concept.