XSS to Code execution vulnerability #156
Comments
|
See #153 |
|
Sure, the project is currently suspended, but as long as the previous version is available to be downloaded, people are exposed to using a version of Moeeditor with a code execution vulnerability. |
|
now, you can look this repo, this inherited Moeditor. |
|
I'm sorry that now I have no time on developping, so let's fix the XSS bugs when the new version is started. |
|
@silviavali Hi. Could you email me your report? (see my profile for email address) |
|
How are you related to the project (do I have permission by the project owner to send you the report)? |
|
My email address is huanghaorui301@gmail.com |
|
Report e-mailed to huanghaorui301@gmail.com @Menci |
"XSS to code execution vulnerability due to enabled node integration"Version 0.2.0-beta Description: MoeEditor is a markdown editor which allows to create and view .md files. However, the user input - content of the markdown file being viewed in the application, is not encoded properly for the output document which results in XSS. Improper encoding for the output document can result in XSS in any web application or any application using web technologies like HTML, JavaScript or CSS. At the moment XSS occurs in a browser window where node integration has been enabled, therefore the payload can be used to also require node modules like ’os’ hence also access operating systems native primitives. Due to the combination of XSS occuring on a page where nodeIntegration is enabled (in Electron for browserWindow instance nodeIntegration defaults to true), XSS evolves into code execution. For example if user opens a markdown file with following contents or pastes it to the writing area, Payload: it will open alert box with the hostname and the homedirectory of the machine the application is Possible scenario: Reverse shellAttacker crafts a markdown file ’payload.md’ and makes it publicly available for download or tricks the victim to download it and open it with the Shiba application. Attacker starts netcat and listens on a port 1337 to receive /etc/passwd file content form the victim’s machine. Victim has downloaded and opened the file in Shiba application. If victim now hovers over the file content on the markdown editor, the payload gets executed on the background and the attacker receives the ‘/etc/passwd’ file content from the victim’s machine. As node modules can be required, the attack scenario could be anything of the attacks imagination, |

Hello,
I would like to report a XSS vulnerability in your application that leads to code execution.
I have a working poc that I dont want to post publicly.
Please contact me at silviavali14@gmail.com
The text was updated successfully, but these errors were encountered: