exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 19 of 19 RSS Feed

Files from Man Yue Mo

First Active2017-09-07
Last Active2023-06-11
Chrome JIT Compiler Type Confusion
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a type confusion bug in the JIT compiler of Chrome that can be used to achieve remote code execution.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2021-30632
SHA-256 | 30eeadf8f371d4a17379456833c3996be91c75c93e2bc055f9e6f40682fc5995
Chrome V8 Logic Bug / Use-After-Free
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept for a logic bug in the implementation of the garbage collector (GC) in v8 (the JavaScript interpreter of Chrome). The exploit poc.js is tested on v8 version 9.4.146.16 (commit 452f57b), which is the version shipped with Chrome 94.0.4606.61, the one before the bug was fixed, on Ubuntu 20.04.

tags | exploit, javascript, proof of concept
systems | linux, ubuntu
advisories | CVE-2021-37975
SHA-256 | 9bcd05375f4716e560bf2a6e62f7e0eed58e6eb6f38f4070b6205036e9ca28ca
Chrome Renderer Type Confusion / Remote Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept remote code execution exploit that demonstrates a vulnerability in the Chrome renderer sandbox by simply visiting a malicious website.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2022-1134
SHA-256 | 0bef9994895034465485b3ccc1c259c22c1bde140f7e3d288d935477095db1e7
Chrome WebAudio Use-After-Free
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a Chrome use-after-free vulnerability of non-garbage-collected objects, which is allocated by the PartitionAlloc memory allocator.

tags | exploit, proof of concept
advisories | CVE-2020-6449
SHA-256 | 3c22f0abad82c2cbf4c1d29bf8cfddf026899fc8272a11d1fea6c2c2b02b6e21
Chrome Renderer Remote Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a Chrome renderer remote code execution vulnerability.

tags | exploit, remote, code execution, proof of concept
advisories | CVE-2020-15972
SHA-256 | 9fe14db33f51b4c5ac882ae3b87ce8ce4342d37160fda598491088767b81b67e
Chrome Sandbox Escape
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit that demonstrates a bug that can be used to escape the Chrome sandbox from a compromised renderer. Two exploits are included, one for the 64 bit version 90.0.4430.91 and the other is for the 32 bit version 88.0.4324.181. The build configs are in the corresponding sub directories.

tags | exploit, proof of concept
advisories | CVE-2021-30528
SHA-256 | 6f9069e00ff5656306f2637f1524304a8b31f78226021e7cf37a36cd64d05030
Qualcomm NPU Use-After-Free / Information Leak
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept code that exploits three bugs that can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. Kernel code is executed in the context of the root user and the exploit also disable SELinux. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3BUB5, Baseband A715FXXU3BUB4 and Kernel version 4.14.190-20973144.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2021-1940, CVE-2021-1968, CVE-2021-1969
SHA-256 | d7fb13a8e212690bea66fdff3ce4d52d05a239e824796af7a580b4f67ac5a57d
Qualcomm Adreno GPU Information Leak
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for an information leak vulnerability in the Qualcomm Adreno GPU. The bug can be used to leak information in other user apps, as well as in the kernel from an untrusted app. The directory adreno_user contains a proof-of-concept for leaking memory from other applications. It will repeatedly trigger the bug and read the stale information contained in memory pages.

tags | exploit, kernel, proof of concept
advisories | CVE-2022-25664
SHA-256 | 14a7bc813fbfd5b0814582d935ba39c5649faf3bc3609e054c88db47e4159c41
Qualcomm kgsl Driver Use-After-Free
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Qualcomm kgsl driver use-after-free proof of concept exploit. The bug can be used to gain arbitrary kernel memory read and write from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Samsung Galaxy Z Flip 3 (European version SM-F711B) with firmware version F711BXXS2BUL6, Baseband F711BXXU2BUL4 and Kernel version 5.4.86-qgki-23063627-abF711BXXS2BUL6 (EUX region).

tags | exploit, arbitrary, kernel, root, proof of concept
advisories | CVE-2022-22057
SHA-256 | 013038a08c172f14d7c3c6abb8e3556978d9037f5c5e575225e2ff3cf63e5655
Qualcomm kgsl Driver Use-After-Free
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Qualcomm kgsel driver proof of concept use-after-free exploit. The bug can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3ATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683.

tags | exploit, arbitrary, kernel, code execution, proof of concept
advisories | CVE-2020-11239
SHA-256 | b38ccffb8c90b392f46848fba04831d2ef7063a8f36bb2c4835fd662f0d5379e
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for Android on Arm Mali GPU with a kernel driver bug that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 with the November 2022 and January 2023 patch.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2022-46395
SHA-256 | 1c81e6cc4abcfe0ecb1417d1ee980963d887a2109472ab157bbd2c2fa62921ef
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for the Arm Mali GPU that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6. The original exploit that was sent to Google is included as hello-jni.c as a reference and was tested on the July 2022 patch of the Pixel 6. Due to the fact that Pixel 6 cannot be downgraded from Android 13 to Android 12, an updated version of the exploit, mali_shrinker_mmap.c is included, which supports various firmware in Android 13, including the December patch, which is the latest affected version.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2022-38181
SHA-256 | bc50f9e9f9fe69b36613124dc79ca07e6c6523713f3c1192a6204b4ec7783f2c
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for a memory corruption vulnerability in the Arm Mali GPU kernel driver that was reported in January of 2022. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 and supports patch levels from November 2021 to February 2022. It is easy to add support for other firmware by changing a few image offsets.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
advisories | CVE-2022-20186
SHA-256 | 66eea2398301c881c76dc1359392bb4e7585bacb1998c8e4de619ba964588857
Android Arm Mali GPU Arbitrary Code Execution
Posted Jun 11, 2023
Authored by Man Yue Mo, GitHub Security Lab

Proof of concept exploit for GHSL-2023-005. A security patch from the upstream Arm Mali driver somehow got missed out in the update for the Pixel phones and was reported to Google in January 2023. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 for devices running the January 2023 patch.

tags | exploit, arbitrary, kernel, root, code execution, proof of concept
SHA-256 | b4dee085caf18f3a2b27ef4e7e723670fff60eb3022abf602e9819d7317518e8
Apache Struts 2 Namespace Redirect OGNL Injection
Posted Sep 7, 2018
Authored by wvu, Man Yue Mo, hook-s3c, asoto-r7 | Site metasploit.com

This Metasploit module exploits a remote code execution vulnerability in Apache Struts versions 2.3 through 2.3.4, and 2.5 through 2.5.16. Remote code execution can be performed via an endpoint that makes use of a redirect action. Native payloads will be converted to executables and dropped in the server's temp dir. If this fails, try a cmd/* payload, which won't have to write to the disk.

tags | exploit, remote, code execution
advisories | CVE-2018-11776
SHA-256 | d4db47de622ab194cae5e05a485e3f4743601277e19a6aa2f5275bcad5350dab
Apache Struts 2.x Remote Code Execution
Posted Aug 23, 2018
Authored by Man Yue Mo

Man Yue Mo from the Semmle Security Research team noticed that Apache Struts versions 2.3 to 2.3.34 and 2.5 to 2.5.16 suffer from possible remote code execution vulnerabilities.

tags | advisory, remote, vulnerability, code execution
advisories | CVE-2018-11776
SHA-256 | e28e551a6d08832d9693c14547ef8d1e1b8a7bb9af46ee2af406329dc5a086c7
Apache Batik 1.9.1 Information Disclosure
Posted May 24, 2018
Authored by Man Yue Mo

Apache Batik versions 1.0 through 1.9.1 suffer from an information disclosure vulnerability.

tags | advisory, info disclosure
advisories | CVE-2018-8013
SHA-256 | d87dbb7678fbb6eb6da6bf65eb0b618a7feb53279e67f7829e550cf9653ed0db
Apache Hadoop 0.23.x Private File Disclosure
Posted Jan 21, 2018
Authored by Man Yue Mo

A vulnerability allows a cluster user to expose private files owned by the user running the MapReduce job history server process. The malicious user can construct a configuration file containing XML directives that reference sensitive files on the MapReduce job history server host. Apache Hadoop versions 0.23.0 to 0.23.11, 2.0.0-alpha to 2.8.2, and 3.0.0-alpha to 3.0.0-beta1 are affected.

tags | advisory, info disclosure
advisories | CVE-2017-15713
SHA-256 | 44afdb4249889150e46420353b4fd75f8d2b9440d52d85f80b903040c511074b
Apache Struts 2 REST Plugin XStream Remote Code Execution
Posted Sep 7, 2017
Authored by wvu, Man Yue Mo | Site metasploit.com

Apache Struts versions 2.5 through 2.5.12 using the REST plugin are vulnerable to a Java deserialization attack in the XStream library.

tags | exploit, java
advisories | CVE-2017-9805
SHA-256 | 733707ff1693492ed26a3fc45635dfec661cbb6f0cba034160e94e43f171f6b9
Page 1 of 1
Back1Next

File Archive:

February 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    16 Files
  • 2
    Feb 2nd
    19 Files
  • 3
    Feb 3rd
    0 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    24 Files
  • 6
    Feb 6th
    2 Files
  • 7
    Feb 7th
    10 Files
  • 8
    Feb 8th
    25 Files
  • 9
    Feb 9th
    37 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    17 Files
  • 13
    Feb 13th
    20 Files
  • 14
    Feb 14th
    25 Files
  • 15
    Feb 15th
    15 Files
  • 16
    Feb 16th
    6 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    35 Files
  • 20
    Feb 20th
    25 Files
  • 21
    Feb 21st
    18 Files
  • 22
    Feb 22nd
    15 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files
  • 29
    Feb 29th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close