admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-09 20:23:21 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
c87966731dbb0fb2b685818a2d43765a94de70d8
nuclei-templates/file/electron/node-integration-enabled.yaml

21 lines
885 B
YAML
Raw Normal View History

Create node-integration.yaml
2021-10-03 21:46:05 +01:00
id: node-integration-enabled
info:
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements
2022-05-20 17:38:52 -04:00
name: Electron Applications - Cross-Site Scripting & Remote Code Execution
Create node-integration.yaml
2021-10-03 21:46:05 +01:00
author: me9187
severity: critical
Dashboard Content Enhancements (#4456) Dashboard Content Enhancements
2022-05-20 17:38:52 -04:00
description: |
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
Update and rename node-integration.yaml to node-integration-enabled.yaml
2021-10-04 18:17:45 +05:30
reference:
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
auto tagging via templateman
2024-01-14 14:51:50 +05:30
tags: electron,file,nodejs,xss
final lint fix
2024-01-04 12:16:23 +05:30
Create node-integration.yaml
2021-10-03 21:46:05 +01:00
file:
- extensions:
- all
matchers:
- type: word
words:
templateman update
2023-10-14 16:57:55 +05:30
- "nodeIntegration: true"
Auto Template Signing [Fri Jan 26 08:31:11 UTC 2024] :robot:
2024-01-26 08:31:11 +00:00
# digest: 4a0a0047304502204786705d88a14d1888a277cc5d93556cfec1f62f07c6b52fc67bd398eacad084022100d8b0127552cdfea68abfa470f367757cf4d7496dc287ac4826131928c2526233:922c64590222798bb761d5b6d8e72950
Reference in New Issue Copy Permalink