|
You are here |
pwning.net | ||
| | | | |
wachter-space.de
|
|
| | | | | This is a writeup of an easy/medium pwn challenge called "Profile" featuring a type confusion, some GOT overwriting, and a funny but unnecessary one gadget exploit for the fun of it. We are given the following files: main.c profile (binary) Dockerfile docker-compose.yml Let's look at main.c and see if we can spot a vulnerability from the provided source code. #include #include #include #include struct person_t { int id; int age; char *name; }; void get_value(const char *msg, void *pval) { printf("%s", ms... | |
| | | | |
www.da.vidbuchanan.co.uk
|
|
| | | | | ||
| | | | |
blog.pspaul.de
|
|
| | | | | Last year, @swapgs and I found a fun bug in the popular enterprise VPN solution Zscaler. The VPN client used the pacparser library to decide which HTTP requests to proxied based on a PAC file. | |
| | | | |
balintmagyar.com
|
|
| | | Fixed in version 16.2.0.0128 - $11,250 bug bounty | ||