主页 / 2017滴滴安全大会 / Many Birds, One Stone: Exploiting a Single SQLite Vulnerability Across Multiple Software
-
作者Kun Yang(@KelwinYang)
-
简介
- SQLite
- Known Attacks on SQLite
- Memory Corruption
- Fuzzing SQLite
- Data Types in SQLite
- Virtual Table Mechanism
- Complicated Extensions
- Complex Features vs Simple Type System
- Answers from SQLite source code
- Web SQL Database
- SQLite in browser is filtered
- Database Authorizer
- Android has disabled fts3_tokenizer
- Even SQLite itself
- WebKit has overridden the function now
- Bonus
- Whitelist function optimize
- Type Confusion
- FTS3 Tricks
- What do we control?
- Exploitation Strategy
- One Exploitation Path for Arbitrary RW
- Let's start a long journey...
- sqlite3Fts3Optimize
- ASLR Bypass
- Shellcode Execution
-
提示本站仅做资料的整理和索引,转载引用请注明出处
相关推荐
-
2016-06-18 02:42:33 -
2017-07-26 15:36:22 -
2018-09-08 10:40:22 -
2023-11-24 16:20:47.843331
附件下载
-
Many.Birds,.One.Stone.杨坤.pdf