Skip to content

Commit f3c2c4c

Browse files
egibsegibs
committed
Add exploitdb ascii example
Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
1 parent 5e1d646 commit f3c2c4c

2 files changed

Lines changed: 34 additions & 2 deletions

File tree

pkg/action/archive_test.go

Lines changed: 8 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -292,7 +292,10 @@ func TestScanInvalidArchive(t *testing.T) {
292292
MinRisk: 0,
293293
Renderer: r,
294294
Rules: yrs,
295-
ScanPaths: []string{"testdata/joblib_0.9.4.dev0_compressed_cache_size_pickle_py35_np19.gz"},
295+
ScanPaths: []string{
296+
"testdata/17419.zip",
297+
"testdata/joblib_0.9.4.dev0_compressed_cache_size_pickle_py35_np19.gz",
298+
},
296299
}
297300
_, err = Scan(ctx, mc)
298301
err = extractError(err)
@@ -326,7 +329,10 @@ func TestScanInvalidArchiveIgnore(t *testing.T) {
326329
MinRisk: 0,
327330
Renderer: r,
328331
Rules: yrs,
329-
ScanPaths: []string{"testdata/joblib_0.9.4.dev0_compressed_cache_size_pickle_py35_np19.gz"},
332+
ScanPaths: []string{
333+
"testdata/17419.zip",
334+
"testdata/joblib_0.9.4.dev0_compressed_cache_size_pickle_py35_np19.gz",
335+
},
330336
}
331337
res, err := Scan(ctx, mc)
332338
if err != nil {

pkg/action/testdata/17419.zip

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,26 @@
1+
Advisory :
2+
3+
4+
Abysssec Public Exploit :
5+
6+
This module exploits a code execution vulnerability in Mozilla
7+
Firefox <= 3.6.16 caused by nsTreeSelection element. The specific flaw
8+
exists within the way Firefox handles user defined functions of
9+
a nsTreeSelection element. When executing the function
10+
invalidateSelection it is possible to free the nsTreeSelection object
11+
that the function operates on. Any further operations on the freed
12+
object can result in remote code execution.this exploit module is only
13+
tested on win7 and used a Another JAVA ROPto defeat DEP/ASLR (due to
14+
there is no more non-aslr module in Firefox) and in my tests works
15+
reliably on Windows7.
16+
17+
there is two version of this exploit XP and 7 and both use different
18+
method that used in MSF Exploit bounty !
19+
20+
XP Version: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17419-1.zip (nsTreeRange_XP.zip)
21+
Win7 Version: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17419-2.zip (nsTreeRange_7.zip)
22+
23+
24+
25+
26+
questions / comments : Info [at] abysssec.com

0 commit comments

Comments
 (0)