%PDF- <> %âãÏÓ endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 28 0 R 29 0 R] /MediaBox[ 0 0 595.5 842.25] /Contents 4 0 R/Group<>/Tabs/S>> endobj ºaâÚÎΞ-ÌE1ÍØÄ÷{òò2ÿ ÛÖ^ÔÀá TÎ{¦?§®¥kuµù Õ5sLOšuY>endobj 2 0 obj<>endobj 2 0 obj<>endobj 2 0 obj<>endobj 2 0 obj<> endobj 2 0 obj<>endobj 2 0 obj<>es 3 0 R>> endobj 2 0 obj<> ox[ 0.000000 0.000000 609.600000 935.600000]/Fi endobj 3 0 obj<> endobj 7 1 obj<>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI]>>/Subtype/Form>> stream

nadelinn - rinduu

Command :
ikan Uploader :
Directory :  /proc/thread-self/root/home/ubuntu/node-v16.18.1/test/parallel/
Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 
Current File : //proc/thread-self/root/home/ubuntu/node-v16.18.1/test/parallel/test-crypto-psychic-signatures.js
'use strict';
const common = require('../common');
if (!common.hasCrypto)
  common.skip('missing crypto');

const assert = require('assert');

const crypto = require('crypto');

// Tests for CVE-2022-21449
// https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
// Dubbed "Psychic Signatures", these signatures bypassed the ECDSA signature
// verification implementation in Java in 15, 16, 17, and 18. OpenSSL is not
// (and was not) vulnerable so these are a precaution.

const vectors = {
  'ieee-p1363': [
    Buffer.from('0000000000000000000000000000000000000000000000000000000000000000' +
      '0000000000000000000000000000000000000000000000000000000000000000', 'hex'),
    Buffer.from('ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' +
      'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551', 'hex'),
  ],
  'der': [
    Buffer.from('3046022100' +
      '0000000000000000000000000000000000000000000000000000000000000000' +
      '022100' +
      '0000000000000000000000000000000000000000000000000000000000000000', 'hex'),
    Buffer.from('3046022100' +
      'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551' +
      '022100' +
      'ffffffff00000000ffffffffffffffffbce6faada7179e84f3b9cac2fc632551', 'hex'),
  ],
};

const keyPair = crypto.generateKeyPairSync('ec', {
  namedCurve: 'P-256',
  publicKeyEncoding: {
    format: 'der',
    type: 'spki'
  },
});

const data = Buffer.from('Hello!');

for (const [encoding, signatures] of Object.entries(vectors)) {
  for (const signature of signatures) {
    const key = {
      key: keyPair.publicKey,
      format: 'der',
      type: 'spki',
      dsaEncoding: encoding,
    };

    // one-shot sync
    assert.strictEqual(
      crypto.verify(
        'sha256',
        data,
        key,
        signature,
      ),
      false,
    );

    // one-shot async
    crypto.verify(
      'sha256',
      data,
      key,
      signature,
      common.mustSucceed((verified) => assert.strictEqual(verified, false)),
    );

    // stream
    assert.strictEqual(
      crypto.createVerify('sha256')
        .update(data)
        .verify(key, signature),
      false,
    );

    // webcrypto
    crypto.webcrypto.subtle.importKey(
      'spki',
      keyPair.publicKey,
      { name: 'ECDSA', namedCurve: 'P-256' },
      false,
      ['verify'],
    ).then((publicKey) => {
      return crypto.webcrypto.subtle.verify(
        { name: 'ECDSA', hash: 'SHA-256' },
        publicKey,
        signature,
        data,
      );
    }).then(common.mustCall((verified) => {
      assert.strictEqual(verified, false);
    }));
  }
}

Kontol Shell Bypass