Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
-
Updated
Jun 13, 2020 - JavaScript
Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
Automated client-side template injection (sandbox escape/bypass) detection for AngularJS v1.x.
PoC for CVE-2022-28281 a Mozilla Firefox Out of bounds write.
Glass Cage is a zero-click PNG-based RCE chain in iOS 18.2.1, bypassing LockDown mode protection by exploiting ImageIO (CVE-2025-43300), then WebKit(CVE-2025-24201) and Core Media(CVE-2025-24085) to achieve sandbox escape, kernel-level access, and device bricking. Triggered via iMessage, it enables full compromise with no user interaction.
Tribell Edge Sandbox Escape - PoCs of Edge's legacy vulnerabilities BadgeUpdateManager / TileFlyoutUpdateManager / ToastNotificationManager to exploit cross-boundary XmlDocument sharing and escape Edge’s LPAC sandbox (CVE-2019-0555).
Check if your sandbox can be escaped.
This is a POC of a sandbox escape by found by Siguza. Works up to iOS 13.4.1.
Hands-on Android offensive security labs focused on real-world exploitation and system internals.
Professional exploit for CVE-2024-28397: Js2Py Sandbox Escape leading to Remote Code Execution (RCE). Includes modular payload generation.
Technical analysis and Proof of Concept (PoC) regarding environment variable exfiltration in containerized cloud sandboxes via side-channel data leaks.
Verified solutions to the six labs of MIT 6.1600 Foundations of Computer Security (educational self-study): hashing, Merkle trees, ECDSA/WEP breaks, timing+SSH side channels, sandbox escapes, fuzzing
Security research and proof-of-concept demonstrations for multiple LiteLLM vulnerabilities, including Authentication Bypass, SSRF, and Sandbox Escape findings.
March 26th, 2026 submissions closed May 8th, 2026. Google's official threat release on May 11th, 2026 has multiple issues described almost word for word as my March 26th, 2026 VRP submissions. Plus, I used the exploit to document
Generate weaponized PDF and Excel files to test browser document-rendering XSS and sandbox-escape defenses — 100+ research-based payloads across Chrome, Firefox, Safari, Edge & Office 365 Web. For authorized testing only.
Validating DNS Exfiltration and Python Pickle RCE Attack Chains in AI Code Execution Sandboxes
CVE-2026-53753 — Crawl4AI <0.8.7 unauthenticated RCE (AST sandbox escape via gi_frame.f_back). Lab + PoC, verified e2e.
CVE-2026-44789 — n8n <1.123.43 HTTP Request pagination prototype pollution to RCE (NODE_OPTIONS runner-spawn gadget). Lab + automated PoC, verified e2e.
A simple lab created for testing CSTI vulnerability in AngularJS version 1.0.8, 1.3.20 and 1.5.8 using Sandbox Escape.
Cross-platform sandbox isolation audit tool in Rust. Evaluates configuration parameters to profile system integrity, process mitigations, network/PID namespaces, SECCOMP filtering, etc. for escape pivots.
Add a description, image, and links to the sandbox-escape topic page so that developers can more easily learn about it.
To associate your repository with the sandbox-escape topic, visit your repo's landing page and select "manage topics."