Typora Version 0.9.9.21.1 (1913) Remote Code Execution Vulnerability
Description:
Typora fails to sanitize input on HTML attributes. Abusing the file:\\ URI scheme on HTML attributes can result in arbitrary code execution. The below proof of concepts will execute calculator when opened inside of Typora (MacOS, Linux, Windows). Attached are screenshots as well as the .md files that trigger the vulnerability (PoC.zip).
Tested On: MacOS 10.14.2, Ubuntu 18.04, Windows 10
Typora Version 0.9.9.21.1 (1913) Remote Code Execution Vulnerability
Description:
Typora fails to sanitize input on HTML attributes. Abusing the
file:\\URI scheme on HTML attributes can result in arbitrary code execution. The below proof of concepts will execute calculator when opened inside of Typora (MacOS, Linux, Windows). Attached are screenshots as well as the .md files that trigger the vulnerability (PoC.zip).Tested On: MacOS 10.14.2, Ubuntu 18.04, Windows 10
Proof of Concepts:
MacOS:
Windows:
Linux:
PoC.zip
The text was updated successfully, but these errors were encountered: