You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is a problem with CTinyJS :: condition. On the TinyJS.cpp + 1813 line, a null pointer reference is triggered, as shown in the figure:
The reason for the vulnerability is that when using the shift function to obtain the value of the js expression, the obtained object value b is empty, and it is not verified whether b is empty, and then b-> var refers to b, causing the vulnerability.
PoC construction
In the process of declaring a variable, a null pointer can be caused by adding a null character.
That is, an empty character is added after an element of the array.
The text was updated successfully, but these errors were encountered:
Enviroment
poc:
https://drive.google.com/open?id=1mnLo6dzO3586JNhV1MtG-0VWEQZIOUzH
vulnerability description:
It is a problem with CTinyJS :: condition. On the TinyJS.cpp + 1813 line, a null pointer reference is triggered, as shown in the figure:
The reason for the vulnerability is that when using the shift function to obtain the value of the js expression, the obtained object value b is empty, and it is not verified whether b is empty, and then b-> var refers to b, causing the vulnerability.
PoC construction
In the process of declaring a variable, a null pointer can be caused by adding a null character.
That is, an empty character is added after an element of the array.
The text was updated successfully, but these errors were encountered: