WebKit RegExp Exploit addrof() walk-through

Part 4: We finally look at the actual exploit code. We start by understanding the addrof() primitive used to leak the address of a JavaScript object in memory. test.js: https://gist.github.com/LiveOverflow/ee5fb772334ec985094f77c91be60492 Crash investigation: https://webkit.org/blog/6411/javascriptcore-csi-a-crash-site-investigation-story/ The Exploit: https://github.com/LinusHenze/WebKit-RegEx-Exploit The Fix: https://github.com/WebKit/webkit/commit/7cf9d2911af9f255e0301ea16604c9fa4af340e2?diff=split#diff-fb5fbac6e9d7542468cfeed930e241c0L66 Saelo's exploit: https://github.com/saelo/cve-2018-4233/blob/master/pwn.js Playlist: https://www.youtube.com/watch?v=5tEdSoZ3mmE&list=PLhixgUqwRTjwufDsT1ntgOY9yjZgg5H_t -=[ 🕴️Advertisement ]=- This video is supported by SSD Secure Disclosure: https://ssd-disclosure.com/ Offensive Security Conference TyphoonCon: https://typhooncon.com/ -=[ ❤️ Support ]=- → per Video: https://www.patreon.com/join/liveoverflow → per Month: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w/join -=[ 🔴 Stuff I use ]=- → Microphone:* https://geni.us/ntg3b → Graphics tablet:* https://geni.us/wacom-intuos → Camera#1 for streaming:* https://geni.us/sony-camera → Lens for streaming:* https://geni.us/sony-lense → Connect Camera#1 to PC:* https://geni.us/cam-link → Keyboard:* https://geni.us/mech-keyboard → Old Microphone:* https://geni.us/mic-at2020usb US Store Front:* https://www.amazon.com/shop/liveoverflow -=[ 🐕 Social ]=- → Twitter: https://twitter.com/LiveOverflow/ → Website: https://liveoverflow.com/ → Subreddit: https://www.reddit.com/r/LiveOverflow/ → Facebook: https://www.facebook.com/LiveOverflow/ -=[ 📄 P.S. ]=- All links with "*" are affiliate links. LiveOverflow / Security Flag GmbH is part of the Amazon Affiliate Partner Programm. #browserexploitation