2021-10-03 21:46:05 +01:00
id : node-integration-enabled
info :
2022-05-20 17:38:52 -04:00
name : Electron Applications - Cross-Site Scripting & Remote Code Execution
2021-10-03 21:46:05 +01:00
author : me9187
severity : critical
2022-05-20 17:38:52 -04:00
description : |
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
2021-10-04 18:17:45 +05:30
reference :
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
2024-01-14 14:51:50 +05:30
tags : electron,file,nodejs,xss
2024-01-04 12:16:23 +05:30
2021-10-03 21:46:05 +01:00
file :
- extensions :
- all
matchers :
- type : word
words :
2023-10-14 16:57:55 +05:30
- "nodeIntegration: true"
2024-12-01 13:57:55 +00:00
# digest: 4b0a00483046022100a4de0131fb3858ce97cd9b81ddee915682a26e502382538cd9337fd214dedafd022100ac570647986eb2d47f7b7f5501c4b3772ed7e9e40347d2ffb9640a049497ec48:922c64590222798bb761d5b6d8e72950
