I just found a potential zero day in java
it looks like i found out how to corrupt the stack in the java vm
it attempted to write data to an arbitrary spot in memory on the host machine
the entire process dumped with an access violation
what do i do now?
Java arbitrary write vulnerability
Parker Lee
Other urls found in this thread:
Tyler Lewis
ask money, patent the zero day
Brandon Butler
an exception was thrown you have found nothing
Charles Lee
from who? i already googled for oracle java bug bountys and found none
Kayden White
read the dump.
it happend in the host machine not the jvm and attempted to write data to an arbitrary point in memory, 0x179
Oliver Young
>from who?
oracle, idiot
Adam Gomez
>from who
Sun micro systems
Justin Butler
i wont even know how to work the proposal. do i just email them and ask for money for the bug? Do i say I can sell it to someone if they dont want to buy it?
to whom it may concern:
Your code proclaims to run contained within a vm, so so called Java Virtual Machine, with no direct access to the host memory.
Woe is you. cry for all that is good and holy for this is no longer.
Gibme moneys or I sells on dark web.
Robert Morgan
>javafx
cringe
Zachary Fisher
Sell exploit to Zerodium and profit.
zerodium.com
Grayson Jones
too late i already sold it for $10000 lamo
Oliver Powell
Does it make use of Unsafe? That's probably not considered a bug then
Bentley Richardson
looks good, itll take some time to write the actual exploit, as it sits its just an attempt to write arbitrary memory.. ill def hold on to this tho and work on it thanks
Benjamin Clark
windows 10 already got your keystrokes while you were typing that malformed code. just wait for party van.
Noah Lewis
youre probably running it on debug mode
Angel Flores
can you control the write address and the data written?
Cameron Cruz
Sell it to Zerodium, if you just care about money.
Elijah Ward
>when your pajeet code is so shit not only does it crash the java environment, it crashes the virtualization behind it
poo in loo
Gavin Walker
The problem is that even if you manage to control the memory location the data is written to, you can't write to another process' memory location, and anything your current process is privileged to do at the OS level, you probably could do that already with the java code itself.
Not saying Java to native code isn't an upgrade, it's iust not a very big one. And even then to get it you have to deal with stack randomization.
But that's all theoretical, you probably don't have access to even that anyways.
You can try your sample on the open source jse and see what's actually happening in the code.
Dominic Thomas
>caring about javafx
Good work potentially having found a problem in something no one uses.
Maybe you'll get a medal!
Christian King
Go back to Egypt please