Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

How to implement Windows client 6.15 local file reading and remote command execution vulnerability analysis

2025-03-01 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)05/31 Report--

This article introduces how to achieve Windows client 6.15 local file reading and remote command execution vulnerability analysis, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Preface of 0x00

On 2018-09-20, my then colleague @ sebao told me that my impression note had fixed his XSS loophole and entered the Hall of Fame. It happened that on National Day, there were several cases of client-side XSS causing command execution. I wanted to look for similar problems in the impression note client. In the subsequent testing process, I not only found a vulnerability in the original XSS fix scheme, took advantage of this XSS vulnerability to achieve local file reading and remote command execution, but also achieved remote attacks by sharing notes.

Brief introduction of 0x01 vulnerabilities

Impression Note Windows client version 6.14 fixed a stored XSS.

Since only the entry point of XSS was fixed and no filter was added at the exit, an attacker could generate a stored XSS in the client version 6.14 and trigger it in version 6.15.

The presentation mode of impression notes is implemented using NodeWebKit, and the Nodejs code can be injected into the display mode through the stored XSS.

After various attempts, the local file reading and remote command execution are finally realized through the injected Nodejs code.

0x02 impression Note Windows client 6.14 Storage XSS vulnerability

The storage XSS vulnerabilities discovered by @ sebao can be triggered as follows: 1. Add a picture to your notes. Right-click and rename the picture to "onclick=alert (1)" > .jpg "3. Double-click to open the note and click on the picture to successfully pop up the box.

After testing, the official way to fix the XSS is as follows: filter at the renamed place >,

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Notes vulnerabilities commands clients clients files impressions attempts code versions questions tests content features pictures success trumpets time patterns attacks vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple macOS Microsoft Redmi NVidia Apple Xiaomi OPPO Reno Shulou Information Linux Docker Shulou Technology vpn Shulou Tech Info MariaDB MySQL Huawei macOS Microsoft Redmi NVidia Apple Xiaomi OPPO Reno Shulou Information Linux Docker Shulou Technology vpn Shulou Tech Info MariaDB MySQL Huawei

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report