How to resolve Electron WebPreferences remote Command execution vulnerability CVE-2018-15685 02/24 Update SLTechnology News&Howtos

How to resolve Electron WebPreferences remote Command execution vulnerability CVE-2018-15685

2025-02-24 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Shulou(Shulou.com)05/31 Report--

This article introduces how to analyze Electron WebPreferences remote command execution vulnerability CVE-2018-15685, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Vulnerability description

1. Vulnerability number: CVE-2018-15685

two。 Affect the version:

3. The cause of the vulnerability:

Electron is an open source library developed by Github to build cross-platform desktop applications using HTML,CSS and JavaScript. Electron does this by merging Chromium and Node.js into the same runtime environment and packaging them into applications under Mac,Windows and Linux systems.

When `nodeIntegration= Electron is set (default), the JavaScript on the page cannot access the built-in library of node.js. CVE-2018-15685 bypasses this restriction, resulting in the ability to execute arbitrary commands in situations where the user can execute JavaScript, such as accessing third-party pages or when there is a XSS vulnerability in APP.

Startup environment: docker-compose up-d

VulnIP:192.168.1.232

After the environment is started, visit `http://your-ip:8080` to see the default home page of Electron.

Compile APP

Execute the following command to compile an application that contains vulnerabilities:

````docker-compose run-e PLATFORM=win64-- rm electron```

The value of PLATFORM is the operating system running the application. Available options are: `win64`, `win32`, `mac`, `linux`.

After the compilation is complete, execute the following command to start the web service:

````docker-compose run-- rm-p 8080pur80 web```

At this point, you can download the compiled application by visiting `http://your-ip:8080/cve-2018-15685.tar.gz`.

Loophole discovery

Follow the version of ElasticSearch

Vulnerability exploitation

Open the application locally:

Click submit, and the contents of the input box will be displayed in the application, where there is obviously a XSS vulnerability.

We submit'

As you can see, the calc.exe has successfully ejected:

On how to parse the Electron WebPreferences remote command execution vulnerability CVE-2018-15685 is shared here, I hope the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.