Skip to content

Collection of vulnerable WebAssembly applications, client-side and server-side.

Notifications You must be signed in to change notification settings

ManuMassi/vuln_wasm

Repository files navigation

vuln_wasm

Collection of vulnerable WebAssembly applications, client-side and server-side.

These applications are specifically built to be vulnerable, for the study of WebAssembly security.
In particular, I tried to implement the most common vulnerabilities present in the C language and ported them to WASM applications.

The following vulnerabilities are implemented:

  • Buffer overflow (BOF) client-side, leading to an XSS attack
  • Buffer overflow (BOF) server-side, leading to an RCE attack
  • Format string vulnerability client-side and server-side, leading to arbitrary write and read
  • Redirecting Indirect Cals(ret2win): BOF that allows to call an arbitrary function
  • Use After Free Heap vulnerability, server-side.
  • Integer Overflow
  • Arbitrary Array Access

About

Collection of vulnerable WebAssembly applications, client-side and server-side.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published