主页 / 2017滴滴安全大会 / Many Birds, One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
-
作者Kun Yang(@KelwinYang)
-
简介
- SQLite
- Known Attacks on SQLite
- Memory Corruption
- Fuzzing SQLite
- Data Types in SQLite
- Virtual Table Mechanism
- Complicated Extensions
- Complex Features vs Simple Type System
- Answers from SQLite source code
- Web SQL Database
- SQLite in browser is filtered
- Database Authorizer
- Android has disabled fts3_tokenizer
- Even SQLite itself
- WebKit has overridden the function now
- Bonus
- Whitelist function optimize
- Type Confusion
- FTS3 Tricks
- What do we control?
- Exploitation Strategy
- One Exploitation Path for Arbitrary RW
- Let's start a long journey...
- sqlite3Fts3Optimize
- ASLR Bypass
- Shellcode Execution
-
提示本站仅做资料的整理和索引,转载引用请注明出处
相关推荐
-
2016-09-08 11:59:39 -
2023-11-25 17:09:42.454603 -
2021-11-08 10:24:11.537102 -
2017-07-24 03:23:19
附件下载
-
Many.Birds,.One.Stone.杨坤.pdf