Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] XSS leading to code execution #11

Closed
thefLink opened this issue May 17, 2018 · 2 comments
Closed

[Security] XSS leading to code execution #11

thefLink opened this issue May 17, 2018 · 2 comments
Labels
Security Security and stability
Projects
v1.0.5

Comments

@thefLink
Copy link

Description
A XSS vulnerability exists that leads to arbitrary code execution

Version

  • v1.0.4
  • Tested on: Linux

To reproduce
Steps to reproduce the behavior:

  1. Create a new project
  2. Create a new Note with the value:
<img src="asdf" onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">
  1. See the popup
    xss

Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.
@IceEnd IceEnd added wontfix This will not be worked on and removed wontfix This will not be worked on labels May 17, 2018
@IceEnd
Copy link
Owner

IceEnd commented May 18, 2018
edited
Loading

Hi, this software runs on a personal computer, XSS will only damage his own computer and will not affect others.

But given the security, I'll handle the preview HTML and make the software more secure.

Thanks very much!

@IceEnd IceEnd added the Security Security and stability label May 18, 2018
@IceEnd IceEnd added this to In progress in v1.0.5 May 18, 2018
@IceEnd IceEnd moved this from In progress to To do in v1.0.5 May 18, 2018
@IceEnd IceEnd moved this from To do to Done in v1.0.5 May 20, 2018
@IceEnd
Copy link
Owner

IceEnd commented Jun 1, 2018

Fixes. ver1.0.5

@IceEnd IceEnd closed this as completed Jun 1, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Security Security and stability
Projects
No open projects
v1.0.5
  
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@IceEnd @thefLink