The following research will be published in an upcoming conference.
During the end of prototype pollution research, BlackFan and I came across a Prototype Pollution XSS in a web application that has a Desktop Application using ~Electron. So, I tried to escalate it to Remote Code Execution in the Desktop App and eventually I was able to get Remote Code Execution. Eventually, Prototype Pollution research came to an end, and started working on Electron Application and I think the research turned out pretty well.
The number of Applications Pwned: 16
The number of times Applications Pwned: 21
|Application||Description||Link to Blog/Advisory||CVE|
More Apps and Description, will be updated after the presenting at a conference
Research Publishing Team
Mohan Sri Rama Krishna P (s1r1us)
William Bowling (vakzz)
Max Garrett (TheGrandPew)
Aaditya Purani (knapstack)
Sergey Bobrov (Black2Fan)
Masato Kinugawa (kinugawamasato)
Harsh Jaiswal (rootxharsh)