The_Maxu

123 posts

The_Maxu

@The_Maxu

Katılım Nisan 2016

88 Takip Edilen128 Takipçiler

The_Maxu@The_Maxu·19 Mar

@notnotzecoxao Ok... Path Traversal in PSDescriptorFactory to overwrite the internal /userprefs file with a poisoned Java object (Payload) that, when processed without filters by readObject() in UserPreferenceManagerImpl, executes arbitrary code... ???

English

593

Jose Coixao@notnotzecoxao·19 Mar

some diffs from ps5 bdjstack 12.00 and 13.00

English

206

18.5K

The_Maxu@The_Maxu·19 Mar

@CelesteBlue123 @ps3120 file:///app0/bdjstack/lib/ext/sunjce_provider.jar/../../../../../disc/BDMV/JAR/00000.jar

English

120

leftthebird @CelesteBlue123·19 Mar

@ps3120 Please disclose the source code.

English

706

120@ps3120·18 Mar

github.com/ps3120/ps3120.… iso bdj 1304 uploaded to github, it's just a user exploit, a kernel exploit is missing, patched on 13.50 and not work on 13.00 and 13.02

English

125

13.2K

The_Maxu@The_Maxu·20 Şub

@bts_leandro x.com/i/status/19419…

The_Maxu@The_Maxu

WTF? #PS4 12.00 ¿OOB?

QME

kstack@bts_leandro·20 Şub

Fullscreen Crash Bug tested in ps4 12.00! dont work on latest firmware. kstackbr.github.io/POC/

English

7.4K

The_Maxu@The_Maxu·20 Şub

@bts_leandro @aldostools 🧐

QME

235

The_Maxu@The_Maxu·31 Oca

@CelesteBlue123 In Java, you can use `!` to access the internal contents of a JAR file and load a specific class. It's simply one of the easy ways to exploit the bug before the patch.

English

141

leftthebird @CelesteBlue123·31 Oca

@The_Maxu Why do you need the exclamation mark (!)? I would think doing instead .jar../../payload.jar.

English

138

The_Maxu retweetledi

Jose Coixao@notnotzecoxao·28 Oca

differences between 13.02 and 13.04 (what i could find at least)

English

280

55.2K

The_Maxu@The_Maxu·30 Oca

@notnotzecoxao The validation logic still relies on string-based path handling (indexOf(".jar") and startsWith()), which is fragile by design...

English

1.6K

The_Maxu retweetledi

Jose Coixao@notnotzecoxao·30 Oca

i've deleted previous tweet, but 15432 asked me to repost it again, so yeah. path traversal is still possible on 13.04 because sony fucked big time. expect it to be patched on something like 13.50 or 14.00 though. and if you think hackerone is what made the scene prosper, you are wrong :)

English

258

26.4K

The_Maxu@The_Maxu·30 Oca

@notnotzecoxao 😉

QME

1.1K

The_Maxu retweetledi

Kameleonre_@Kameleonre_·28 Oca

Smells like Bdjb for ps4 13.00 😜

Jose Coixao@notnotzecoxao

differences between 13.02 and 13.04 (what i could find at least)

English

159

18.2K

The_Maxu@The_Maxu·28 Oca

@spammail350362 @notnotzecoxao BD-J bug where JAR paths were improperly validated. Using .jar!/../../payload.jar could trick the runtime into treating an external JAR as if it were in lib/ext and grant it AllPermission. The patch trims the path at .jar before canonicalization. Sandbox escape via path confusion

English

12.1K

spammail@spammail350362·28 Oca

@The_Maxu @notnotzecoxao What does this (.jar!) mean?

English

728

The_Maxu@The_Maxu·26 Oca

@m0ur0ne @BlieDieBlaDie WTF? Escribí eso en noviembre... Que mal te debes de sentir por dentro... ¿Y ahora cambias la historia diciendo que es otro? Lo que hay que ver... Por lo menos espero que hagas buen uso del dinero. Un saludo.

Español

🇲‌🇴‌🇺‌🇺‌🇺‌㋡ ▢ △ 🆇@m0ur0ne·25 Oca

@The_Maxu @BlieDieBlaDie Llorá bebé , quieres que te invete a algo ? TONTO. Tengo muchos reportes, idiotaaaaa, ni si quiera me pagaron por el que crees. BOBO. x.com/i/status/19865…

🇲‌🇴‌🇺‌🇺‌🇺‌㋡ ▢ △ 🆇@m0ur0ne

I've been sending reports for years with old account, and with this new one after insisting for almost a year, they finally listened to me this time. Sometimes you have to be persistent and insistent to get them to pay attention.🍾🥲

Español

Nathan Fargo@ntfargo·7 Kas

Sorry, guys I need to find a WebKit memory exhaustion “bug” and report it to Sony on HackerOne for $10K. That guy found a gem, lol: web.archive.org/web/2025100901…

English

102

25.1K

The_Maxu@The_Maxu·1 Oca

@Bushigan Good job, boss!😉

English