You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
nodeIntegration is set to true, which allows access to node features from the renderer process.
This can allow an attacker to escape out of the renderer process and execute code on the target’s computer.
How to reproduce the vulnerability:
Simply create a new note.
Embed the following code into the note: <a onmouseover="alert('lets do some calculus :D'); try{ const {shell} = require('electron'); shell.openExternal('file:C:/Windows/System32/calc.exe') }catch(e){alert(e)}">Open Calculator</a>
Hover over the "Open Calculator" text.
Video Demonstration:
202308171930.mp4
Attacker to Victim Scenario:
An attacker can simply create a malicious markdown file, CheckOutMyNotes.md, and make it publicly available for download or trick the victims to downloading and opening the file with the knowte application.
Impact:
I have showcased my payload to open the calculator application as proof of concept for Remote Code Execution. However, alternative payloads could enable the attacker to achieve remote access to the target's system. Consequently, the potential impact on confidentiality, integrity, and availability stemming from this vulnerability should be categorized as significant.
The text was updated successfully, but these errors were encountered:
Vulnerability:
nodeIntegration
is set totrue
, which allows access to node features from the renderer process.This can allow an attacker to escape out of the renderer process and execute code on the target’s computer.
How to reproduce the vulnerability:
<a onmouseover="alert('lets do some calculus :D'); try{ const {shell} = require('electron'); shell.openExternal('file:C:/Windows/System32/calc.exe') }catch(e){alert(e)}">Open Calculator</a>
Video Demonstration:
202308171930.mp4
Attacker to Victim Scenario:
An attacker can simply create a malicious markdown file,
CheckOutMyNotes.md
, and make it publicly available for download or trick the victims to downloading and opening the file with the knowte application.Impact:
I have showcased my payload to open the calculator application as proof of concept for Remote Code Execution. However, alternative payloads could enable the attacker to achieve remote access to the target's system. Consequently, the potential impact on confidentiality, integrity, and availability stemming from this vulnerability should be categorized as significant.
The text was updated successfully, but these errors were encountered: