- Overflow from
stdin stucture till
- Create fake
fastbin chunks to get overlapping chunk and leak.
__malloc_hook using fastbin attack.
- overflow the
char candle counter stored in the wax structure and trigger uaf.
- Use the uaf to trigger double free and get shell.
- Finding Picture-In-Picture application capability.
- Most recently viewed web activity in Picture-In-Picture application on the device.
- Finding the last modified timestamp of the file that maps names to IP’s accessed.
- Leak with Format String bug.
- Use the arbitrary heap pointer write to overwrite
- Inject shellode in heap and get code execution in
- Out-of bounds index write allows byte-by-byte overwrite of return address
- Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
- Leak libc with puts and execute a ret2libc to get shell
mmap_threshold with null and trim top chunk size.
- Null out last 2 bytes of stdin’s
_IO_buf_base and brute force to get allocation on stdin.
- Overwrite one of the jump tables with win function to get shell.
- Part-1: .bzr file retrival using any tool
- Part-1: exploiting ssrf via ffmpeg to read /flag file to a video and download it before it gets deleted