Skip to content

Commit 25fcbd4

Browse files
author
Tod Beardsley
committed
Landing rapid7#1733, setting a sensible heapsray offset
@wchen-r7 says that nobody's using it today, much less relying on the default, so this should make no functional difference to any browser exploits.
2 parents d5e717a + d28db8a commit 25fcbd4

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

lib/msf/core/exploit/http/server.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -800,7 +800,7 @@ def js_base64
800800
# The "sprayHeap" JavaScript function supports the following arguments:
801801
# shellcode => The shellcode to spray in JavaScript. Note: Avoid null bytes.
802802
# objId => Optional. The ID for a <div> HTML tag.
803-
# offset => Optional. Number of bytes to align the shellcode, default: 0x104
803+
# offset => Optional. Number of bytes to align the shellcode, default: 0x00
804804
# heapBlockSize => Optional. Allocation size, default: 0x80000
805805
# maxAllocs => Optional. Number of allocation calls, default: 0x350
806806
#
@@ -825,7 +825,7 @@ def js_property_spray
825825
objId = oArg.objId;
826826
827827
if (shellcode == undefined) { throw "Missing argument: shellcode"; }
828-
if (offset == undefined) { offset = 0x104; }
828+
if (offset == undefined) { offset = 0x00; }
829829
if (heapBlockSize == undefined) { heapBlockSize = 0x80000; }
830830
if (maxAllocs == undefined) { maxAllocs = 0x350; }
831831

0 commit comments

Comments
 (0)