Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
XSS to Code execution vulnerability #156
"XSS to code execution vulnerability due to enabled node integration"
Due to the combination of XSS occuring on a page where nodeIntegration is enabled (in Electron for browserWindow instance nodeIntegration defaults to true), XSS evolves into code execution. For example if user opens a markdown file with following contents or pastes it to the writing area,
it will open alert box with the hostname and the homedirectory of the machine the application is
Possible scenario: Reverse shell
Attacker crafts a markdown file ’payload.md’ and makes it publicly available for download or tricks the victim to download it and open it with the Shiba application. Attacker starts netcat and listens on a port 1337 to receive /etc/passwd file content form the victim’s machine. Victim has downloaded and opened the file in Shiba application. If victim now hovers over the file content on the markdown editor, the payload gets executed on the background and the attacker receives the ‘/etc/passwd’ file content from the victim’s machine.
As node modules can be required, the attack scenario could be anything of the attacks imagination,