CVE-2014-1303 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

CVE 2014-1303 Proof Of Concept for PS4 ============== This repository contains a poc for the CVE 2014-1303 originally disclosed by Liang Chen. It has been tested to work on system firmware 2.03, but should work for systems on a firmware < 2.50, the ROP test will however only work on 2.03. Usage ============== You need to edit the dns.conf to point to the ip address of your machine, and modify your consoles dns settings to point to it as well. Then run `python fakedns.py -c dns.conf` then `python server.py` Debug output will come from this process. Navigate to the User's Guide page on the PS4 and various information should be printed to the console. The ROP test will print what is stored in the rsp register. Continuing execution after rsp is pivoted still needs to be done. Acknowledgements ================ Liang Chen thexyz dreadlyei Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44200.zip

# CVE-2014-1303 PoC for Linux CVE-2014-1303 (WebKit Heap based BOF) proof of concept for Linux. This repository demonstrates the WebKit heap based buffer overflow vulnerability (CVE-2014-1303) on **Linux**. **NOTE:** Original exploit is written for Mac OS X and PS4 (PlayStation4). I've ported and tested work on Ubuntu 14.04, [WebKitGTK 2.1.2](https://webkitgtk.org/releases/) ## Usage Firstly you need to run simple web server, ``` $ python server.py ``` then ``` $ cd /path/to/webkitgtk2.1.2/ $ ./Programs/GtkLauncher http://localhost ``` You can run several tests like, - Crash ROP (Jump to invalid address like 0xdeadbeefdeadbeef) - Get PID (Get current PID) - Code Execution (Load and execute payload from outer network) - File System Dump (Dump "/dev" entries) ## Description **exploit.html** ..... trigger vulnerability and jump to ROP chain **scripts/roputil.js** ..... utilities for ROP building **scripts/syscall.js** ..... syscall ROP chains **scripts/code.js** ..... hard coded remote loader **loader/** ..... simple remote loader (written in C) **loader/bin2js** ..... convert binary to js variables (for loader) ## Purpose I've created this WebKit PoC for education in my course. I couldn't, of course, use actual PS4 console in my lecture for legal reason :( ## Reference CVE 2014-1303 Proof Of Concept for PS4 (https://github.com/Fire30/PS4-2014-1303-POC) Liang Chen, WEBKIT EVERYWHERE: SECURE OR NOT? [BHEU14] (https://www.blackhat.com/docs/eu-14/materials/eu-14-Chen-WebKit-Everywhere-Secure-Or-Not.PDF) Download: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44204.zip