New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Vulnerability: XSS to RCE #105
Comments
|
In this regard, I think the users of Gridea are users themselves, and the content written by Markdown in the article is also written by users themselves. therefore, most users know what they are writing and will not attack themselves, will they? Please correct me if my understanding is wrong. |
|
You are right, users do not attack themselves actively, so the probability of using this vulnerability is low. My hypothetical scenario is that when a user is inadvertently or induced to include malicious code in the editor (such as a reference to someone else's article), they may not notice the malicious code in their content and easily try to preview it, then I've executed the code I need on their OS. |
|
不无可能 |
|
fixed |
Hi, I found an XSS vulnerability that can cause RCE.
And I recorded a GIF to demonstrate controlling the local win10 through this vulnerability.
Cause of vulnerability
The post content editing area does not filter or prevent the running of js script, resulting in the use of XSS to call Nodejs module ( for example: child_process.exec() ) to achieve arbitrary code execution. If the user imports content containing malicious code, the vulnerability will be triggered.
Payload
The text was updated successfully, but these errors were encountered: