New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security] XSS leading to code execution #11

Closed
thefLink opened this Issue May 17, 2018 · 2 comments

Comments

Projects
2 participants
@thefLink

thefLink commented May 17, 2018

Description
A XSS vulnerability exists that leads to arbitrary code execution

Version

  • v1.0.4
  • Tested on: Linux

To reproduce
Steps to reproduce the behavior:

  1. Create a new project
  2. Create a new Note with the value:
<img src="asdf" onerror="var os = require('os'); var hostname = os.platform(); var homedir = os.homedir(); alert('Host:' + hostname + 'directory: ' + homedir);">
  1. See the popup
    xss

Expected behavior
This cross site scripting vulnerability allows an attacker to execute arbitrary code on the victims machine by creating a malicious note. In the worst case this will lead to a reverse shell. I am not going to paste the code for the reverse shell here for obvious reasons.

@IceEnd IceEnd added wontfix and removed wontfix labels May 17, 2018

@IceEnd

This comment has been minimized.

Owner

IceEnd commented May 18, 2018

Hi, this software runs on a personal computer, XSS will only damage his own computer and will not affect others.

But given the security, I'll handle the preview HTML and make the software more secure.

Thanks very much!

@IceEnd IceEnd added the Security label May 18, 2018

@IceEnd IceEnd added this to In progress in v1.0.5 May 18, 2018

@IceEnd IceEnd moved this from In progress to To do in v1.0.5 May 18, 2018

@IceEnd IceEnd moved this from To do to Done in v1.0.5 May 20, 2018

@IceEnd

This comment has been minimized.

Owner

IceEnd commented Jun 1, 2018

Fixes. ver1.0.5

@IceEnd IceEnd closed this Jun 1, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment