Proof of concept exploit for an authentication bypass vulnerability in polkit.
458437eef69ad8bf3f51e3b80d608d2052ad08a989fbda8025248aff1d4b2a27Proof of concept exploit for a type confusion bug in the JIT compiler of Chrome that can be used to achieve remote code execution.
30eeadf8f371d4a17379456833c3996be91c75c93e2bc055f9e6f40682fc5995Proof of concept for a logic bug in the implementation of the garbage collector (GC) in v8 (the JavaScript interpreter of Chrome). The exploit poc.js is tested on v8 version 9.4.146.16 (commit 452f57b), which is the version shipped with Chrome 94.0.4606.61, the one before the bug was fixed, on Ubuntu 20.04.
9bcd05375f4716e560bf2a6e62f7e0eed58e6eb6f38f4070b6205036e9ca28caProof of concept remote code execution exploit that demonstrates a vulnerability in the Chrome renderer sandbox by simply visiting a malicious website.
0bef9994895034465485b3ccc1c259c22c1bde140f7e3d288d935477095db1e7Proof of concept exploit for a Chrome use-after-free vulnerability of non-garbage-collected objects, which is allocated by the PartitionAlloc memory allocator.
3c22f0abad82c2cbf4c1d29bf8cfddf026899fc8272a11d1fea6c2c2b02b6e21Proof of concept exploit for a Chrome renderer remote code execution vulnerability.
9fe14db33f51b4c5ac882ae3b87ce8ce4342d37160fda598491088767b81b67eProof of concept exploit that demonstrates a bug in the beta version of Chrome v86 that can be used to escape the Chrome sandbox from a compromised renderer.
b0c911b35a3da8ed4e47de3b6f2acdb186d98212584981d214eb86e01f442f36Proof of concept exploit that demonstrates a bug that can be used to escape the Chrome sandbox from a compromised renderer. Two exploits are included, one for the 64 bit version 90.0.4430.91 and the other is for the 32 bit version 88.0.4324.181. The build configs are in the corresponding sub directories.
6f9069e00ff5656306f2637f1524304a8b31f78226021e7cf37a36cd64d05030Proof of concept exploit for a command injection vulnerability in the CImg library. The vulnerability was fixed in version 2.3.4.
6ef5d7dcb85c308d39aa850e6468244ceb1dac7d7125ea9aa8dd53e5b5db5a01Apache Struts remote code execution proof of concept exploit that affects versions prior to 2.3.35 and 2.5.17.
378f12002cded8ad65b82350acd98b42b3b0fa65d697cfb00d3661569e72472fProof of concept code that exploits three bugs that can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. Kernel code is executed in the context of the root user and the exploit also disable SELinux. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3BUB5, Baseband A715FXXU3BUB4 and Kernel version 4.14.190-20973144.
d7fb13a8e212690bea66fdff3ce4d52d05a239e824796af7a580b4f67ac5a57dProof of concept exploit for an information leak vulnerability in the Qualcomm Adreno GPU. The bug can be used to leak information in other user apps, as well as in the kernel from an untrusted app. The directory adreno_user contains a proof-of-concept for leaking memory from other applications. It will repeatedly trigger the bug and read the stale information contained in memory pages.
14a7bc813fbfd5b0814582d935ba39c5649faf3bc3609e054c88db47e4159c41Qualcomm kgsl driver use-after-free proof of concept exploit. The bug can be used to gain arbitrary kernel memory read and write from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Samsung Galaxy Z Flip 3 (European version SM-F711B) with firmware version F711BXXS2BUL6, Baseband F711BXXU2BUL4 and Kernel version 5.4.86-qgki-23063627-abF711BXXS2BUL6 (EUX region).
013038a08c172f14d7c3c6abb8e3556978d9037f5c5e575225e2ff3cf63e5655Qualcomm kgsel driver proof of concept use-after-free exploit. The bug can be used to gain arbitrary kernel code execution, read and write from the untrusted app domain. The exploit is tested on Samsung Galaxy A71 with firmware version A715FXXU3ATJ2, Baseband A715FXXU3ATI5 and Kernel version 4.14.117-19828683.
b38ccffb8c90b392f46848fba04831d2ef7063a8f36bb2c4835fd662f0d5379eProof of concept exploit for Android on Arm Mali GPU with a kernel driver bug that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 with the November 2022 and January 2023 patch.
1c81e6cc4abcfe0ecb1417d1ee980963d887a2109472ab157bbd2c2fa62921efProof of concept exploit for the Arm Mali GPU that can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6. The original exploit that was sent to Google is included as hello-jni.c as a reference and was tested on the July 2022 patch of the Pixel 6. Due to the fact that Pixel 6 cannot be downgraded from Android 13 to Android 12, an updated version of the exploit, mali_shrinker_mmap.c is included, which supports various firmware in Android 13, including the December patch, which is the latest affected version.
bc50f9e9f9fe69b36613124dc79ca07e6c6523713f3c1192a6204b4ec7783f2cProof of concept exploit for a memory corruption vulnerability in the Arm Mali GPU kernel driver that was reported in January of 2022. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 and supports patch levels from November 2021 to February 2022. It is easy to add support for other firmware by changing a few image offsets.
66eea2398301c881c76dc1359392bb4e7585bacb1998c8e4de619ba964588857Proof of concept exploit for GHSL-2023-005. A security patch from the upstream Arm Mali driver somehow got missed out in the update for the Pixel phones and was reported to Google in January 2023. The bug can be used to gain arbitrary kernel code execution from the untrusted app domain, which is then used to disable SELinux and gain root. The exploit is tested on the Google Pixel 6 for devices running the January 2023 patch.
b4dee085caf18f3a2b27ef4e7e723670fff60eb3022abf602e9819d7317518e8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed