-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add exploit for Chrome version 83.0.4103.97 #14060
Conversation
Thanks for your pull request! Before this can be merged, we need the following documentation for your module: |
modules/exploits/multi/browser/chrome_newfixedarray_sizecheck.rb
Outdated
Show resolved
Hide resolved
Excellent work @r4j0x00 ! |
Thanks for your pull request! Before this pull request can be merged, it must pass the checks of our automated linting tools. We use Rubocop and msftidy to ensure the quality of our code. This can be ran from the root directory of Metasploit:
You can automate most of these changes with the
Please update your branch after these have been made, and reach out if you have any problems. |
@r4j0x00 Do you have the .deb package for that version for it so I can test it? |
@xaitax you can get the linux build here - https://chromium.cypress.io/linux/stable/83.0.4103.97 |
@r4j0x00 Thanks a lot. Got it to work on a |
I gave this a quick test on OSX and it worked maybe 5/10 times: I wonder if reliability can be improved with an iframe that retries the exploit on failure. |
@r4j0x00 any progress on the documentation? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @r4j0x00, thanks for you module! I've just a couple of suggestions. Please add some documentation when you get the chance. Thanks!
update: there's a cve for it now CVE-2020-6507 |
The exploit success rate is now 9/10 times. |
I can merge this later this week, apologies for the delay! |
@r4j0x00 this was extremely unreliable during my testing and I can no longer get a session from it. Can you test it with msf and ensure you get a session? |
I'm going to put this in the attic for now as whilst its a very nice module, I've not heard anything from @r4j0x00 r.e updates to address the reliability issues and generally speaking anything below 50% reliability we generally don't tend to merge in. @r4j0x00 If you are able to improve the reliability of this exploit though, then please feel free to continue contributing and we will reopen this PR. |
Thanks for your contribution to Metasploit Framework! We've looked at this pull request, and we agree that it seems like a good addition to Metasploit, but it looks like it is not quite ready to land. We've labeled it What does this generally mean? It could be one or more of several things:
We would love to land this pull request when it's ready. If you have a chance to address all comments, we would be happy to reopen and discuss how to merge this! |
Verification
List the steps needed to make sure this thing works
msfconsole
use exploit/multi/browser/chrome_newfixedarray_sizecheck
set uripath /
set lhost 127.0.0.1
set srvhost 127.0.0.1
exploit
e.g: