I just found a potential zero day in java
it looks like i found out how to corrupt the stack in the java vm
it attempted to write data to an arbitrary spot in memory on the host machine
the entire process dumped with an access violation
what do i do now?
Java arbitrary write vulnerability
Other urls found in this thread:
ask money, patent the zero day
an exception was thrown you have found nothing
from who? i already googled for oracle java bug bountys and found none
read the dump.
it happend in the host machine not the jvm and attempted to write data to an arbitrary point in memory, 0x179
>from who?
oracle, idiot
>from who
Sun micro systems
i wont even know how to work the proposal. do i just email them and ask for money for the bug? Do i say I can sell it to someone if they dont want to buy it?
to whom it may concern:
Your code proclaims to run contained within a vm, so so called Java Virtual Machine, with no direct access to the host memory.
Woe is you. cry for all that is good and holy for this is no longer.
Gibme moneys or I sells on dark web.
>javafx
cringe
Sell exploit to Zerodium and profit.
zerodium.com
too late i already sold it for $10000 lamo
Does it make use of Unsafe? That's probably not considered a bug then
looks good, itll take some time to write the actual exploit, as it sits its just an attempt to write arbitrary memory.. ill def hold on to this tho and work on it thanks
windows 10 already got your keystrokes while you were typing that malformed code. just wait for party van.
youre probably running it on debug mode
can you control the write address and the data written?
Sell it to Zerodium, if you just care about money.
>when your pajeet code is so shit not only does it crash the java environment, it crashes the virtualization behind it
poo in loo
The problem is that even if you manage to control the memory location the data is written to, you can't write to another process' memory location, and anything your current process is privileged to do at the OS level, you probably could do that already with the java code itself.
Not saying Java to native code isn't an upgrade, it's iust not a very big one. And even then to get it you have to deal with stack randomization.
But that's all theoretical, you probably don't have access to even that anyways.
You can try your sample on the open source jse and see what's actually happening in the code.
>caring about javafx
Good work potentially having found a problem in something no one uses.
Maybe you'll get a medal!
Go back to Egypt please