Skip to content

Instantly share code, notes, and snippets.

View leesh3288's full-sized avatar

Seunghyun Lee leesh3288

465 followers · 2 following
  • Carnegie Mellon University
  • Pittsburgh, PA
  • X @0x10n
View GitHub Profile
@leesh3288
leesh3288 / hashcommit.md
Last active October 12, 2025 00:18 
19454731c8f1f02417a032359afe39634ef63637b37d03ce9e7ffcaa56f251ba
760d08175f8ff76fdf2e4aab2fdf2a3ec747e123e9079d6187784b0771f587a3
e8ebed8ff807d764fbdaa04dac4fb149d7646b245a6102de7fe87691f526e333
9567ea8fab2de8d32a52d492a77f90fc3a3cfad8cb600bfd3f27be28ce8e3edf
d2a2d0ac44e52b62935a1a1cf8e8535953bfe5e4648fe5436f12f97d865c6754
9d14306a63b105c000348bc0da00e00f08a7efaa2720d2acd9c3e22748b01dfd
302224a26e4710424669c63a788c05c00c092db7cff6c7054002eba467c90a40
75d5dc356eb149c98f2ff8149091fde40298fcecde4a9b2019f0af2273eb1eaa
cfeee6162a1b4181972697c94985a78cbf4b26d0082e17ef133e4470bd3e5f48
@leesh3288
leesh3288 / !zer0pts_ctf_2023_flipper_author_writeup.md
Last active July 29, 2023 09:15
zer0pts CTF 2023 flipper (pwn) Author's Writeup

zer0pts CTF 2023 flipper (pwn) Author's Writeup

Written by [Xion]

Challenge Summary

Linux kernel heap-relative 1-bit flip primitive, LPE to read flag.

Author's solution

@leesh3288
leesh3288 / vm2_3.9.19_sandbox_escape_2.md
Last active November 15, 2024 03:49
Sandbox Escape in [email protected] via custom inspect function

Sandbox Escape in [email protected] via custom inspect function

Summary

In vm2 for versions up to 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.19_sandbox_escape_1.md
Last active September 22, 2025 09:35
Sandbox Escape in [email protected] via `Promise[@@species]`

Sandbox Escape in [email protected] via Promise[@@species]

Summary

In vm2 for versions up to 3.9.19, Promise handler sanitization can be bypassed with @@species accessor property allowing attackers to escape the sandbox and run arbitrary code.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.16_sandbox_escape.md
Last active March 18, 2025 19:33
Sandbox Escape in [email protected]

Sandbox Escape in [email protected]

Summary

There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside handleException() which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept

@leesh3288
leesh3288 / vm2_3.9.15_sandbox_escape.md
Last active September 17, 2025 09:19
Sandbox Escape in [email protected]

Sandbox Escape in [email protected]

Summary

There exists a vulnerability in source code transformer (exception sanitization logic) of vm2 for versions up to 3.9.15, allowing attackers to bypass handleException() and leak unsanitized host exceptions which can be used to escape the sandbox and run arbitrary code in host context.

Proof of Concept