This blog is related to our COMP 527 project.
In this project, we extend the work done by Chabbi et. al. in Fall 2011 titled Effective Browser
Exploit with Return-Oriented Programming (ROP) via JavaScript JIT. Return-Oriented
programming is based on the notion of using a series of gadgets to achieve a desired goal.
These gadgets are snippets of code extracted from pre-loaded library code such as glibc. ROP
utilizes an existing vulnerability such as buffer overflow to fill the stack with a chain of
procedure calls to required gadgets. The chained procedure calls when knitted
together constitute a substantial exploit which allows intruders to execute malicious code.
Java Script is a popular scripting language used to build the client-side face of web applications.
Hence, JS is the vehicle for our exploit. We plan to demonstrate the exploit performed by Chabbi
et. al. via Mozillas JIT engine, namely ionmonkey, instead of the Chrome V8 engine. We plan to
exploit the fact that ionmonkey loads libstdc++ library into the address space, and allows
client-side JS to access the library.