Want a free Safari 0day? (Ok, it's actually a 1day because it's fixed in the latest WebKit version, but it still works in the latest version of Safari) Then go to https://github.com/LinusHenze/WebKit-RegEx-Exploit … Please don't do evil stuff with this.
-
-
Replying to @LinusHenze
Hm, I've not been able to produce anything other than this in Safari: Here we go... [-] Initialization failed
1 reply 0 retweets 0 likes -
Replying to @wdormann
You need to have a WebSocket Server running at Port 5000, see logging.js
1 reply 0 retweets 0 likes -
Replying to @LinusHenze
Ah, it looks like that could have been it?pic.twitter.com/XdpKEFK625
1 reply 0 retweets 8 likes -
Replying to @wdormann
Yep. I’ve also updated the Readme so others know this as well. Btw, the Hello world line is printed by the injected assembly code which is currently the only thing it does.
2 replies 0 retweets 4 likes -
Replying to @LinusHenze @wdormann
So with this, would you be able to run shell commands? (Learning LoL)
2 replies 0 retweets 0 likes
That will require more coding, as Safari has sandboxing to prevent easy demos like popping calc. But this exploit appears to allow for arbitrary shellcode execution. For example, here I set RAX to a value that I chose and then tried to jump to it (which obviously crashes).pic.twitter.com/Kx052bt2IV
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.