cscosu / ctf-writeups Goto Github PK
View Code? Open in Web Editor NEWWrite-ups for the Buckeye Bureau of BOF
Write-ups for the Buckeye Bureau of BOF
Hi there! First of all, thank you for sharing these great CTF writeups! They are useful for others to learn more about these cybersecurity topics.
I would like to kindly check about something related to the mooosl
challenge writeup.
In the Semi-arbitrary write section, it was mentioned that the dequeue
function to unlink a struct meta
does not have the "safe unlinking" integrity check (i.e., cur->next->prev == cur
and cur->prev->next == cur
).
If the integrity check was present, could you kindly elaborate on how it would prevent the exploit from being successfully executed? Couldn't we simply control the values of cur->next->prev
and cur->prev->next
to point to the same address of the fake struct meta
so that it passes such an integrity check? Or is this action being prevented by something that I am not aware of?
Do let me know your thoughts on this. @ndrewh
Thank you!
Best regards,
James Raphael Tiovalen
Can you provide more detail about where you saw this function and how it lead you to finding the vulnerability? Following your write up the vulnerability itself makes sense, but where did you find this?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.