• XSS.stack #1 – первый литературный журнал от юзеров форума

Куплю эксплойт RCE protocolhandler (aka Follina)

В этой теме можно использовать автоматический гарант!

Новая сделка
Отслеживать
AlterAPT

AlterAPT

HDD-drive
Пользователь
Регистрация
23.03.2022
Сообщения
32
Реакции
16
Готов приобрести 0day/1day(notfix) уязвимость обработчика protocolhandler
Требования: запуск команды, исполнение кода
Url должен быть включен в пакет Windows, или предустановленное приложение
Желательно: редроп текущего процесса(запуск вне основного процесса)
бюджет 350k$ (работа строго через гаранта)
 
Последнее редактирование:
Windefender сказал(а):
IE would be completely disabled in windows. All researchers after follina are trying to find code execution in URI handlers. If one is vulnerable we will soon see some exploit.
by the time of public publication, any exploit associated with the protocol handler will be detected and possibly patched, finding an exploit for it is not an easy task, I personally know 3 non-patched URLs, but they all work when the registry is modified (parameters), and I hope that there will be a person who can offer a non-standard solution
 
AlterAPT сказал(а):
by the time of public publication, any exploit associated with the protocol handler will be detected and possibly patched, finding an exploit for it is not an easy task, I personally know 3 non-patched URLs, but they all work when the registry is modified (parameters), and I hope that there will be a person who can offer a non-standard solution
if someone can build a working fix for folina using a working URI that dont need editing of any components as registery, would it be eligible to 400k ?
 
no1 сказал(а):
if someone can build a working fix for folina using a working URI that dont need editing of any components as registery, would it be eligible to 400k ?
The thread author already mentioned such price. And if it is multiple sale, and price lower I would also be interested.
 
admin


Напишите ответ...
Верх