tags:v8CTFchromelearning_resource original link: Exploiting V8 at openECSC newsletter link: exploits.club Weekly Newsletter 23
Exploits Club Summary:
“CTFs don’t help in the real world”. Yeah, well tell that to this challenge, which requires going from a V8 bug to shell. The challenge from openECSC introduces some new functionality in the V8 engine via a buggy patch. After identifying the vulnerability, exploitation follows the common pattern of “read arbitrary addresses (
addrof), create fake objects (fakeobj), and eventually reach arbitrary code execution.” If you are interested in getting started with V8 exploitation, this challenge and the subsequent write-up from @rebane2001 are a great place to get your feet wet.