- Carefully arranging structs on stack so as to overwrite saved rip , without corrupting the stack canary.
- Leak libc with puts and execute a ret2libc to get shell
Writeup from InCTFi 2019 bartender
tl;dr Windows 32-bit SEH exploitation
tl;dr 2 element overflow in Array when jit compiled
Uint8Arrayto get a overflow in an
ArrayBufferand proceed to convert this to arbitrary read-write and execute shellcode.