mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-01 16:23:32 +08:00
21 lines
887 B
YAML
21 lines
887 B
YAML
id: node-integration-enabled
|
|
|
|
info:
|
|
name: Electron Applications - Cross-Site Scripting & Remote Code Execution
|
|
author: me9187
|
|
severity: critical
|
|
description: |
|
|
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
|
|
reference:
|
|
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
|
|
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
|
|
tags: electron,file,nodejs,xss
|
|
|
|
file:
|
|
- extensions:
|
|
- all
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "nodeIntegration: true"
|
|
# digest: 4b0a00483046022100a4de0131fb3858ce97cd9b81ddee915682a26e502382538cd9337fd214dedafd022100ac570647986eb2d47f7b7f5501c4b3772ed7e9e40347d2ffb9640a049497ec48:922c64590222798bb761d5b6d8e72950 |