nuclei-templates/file/electron/node-integration-enabled.yaml

22 lines
689 B
YAML
Raw Normal View History

2021-10-03 20:46:05 +00:00
id: node-integration-enabled
info:
name: Electron Applications - Cross-Site Scripting & Remote Code Execution
2021-10-03 20:46:05 +00:00
author: me9187
severity: critical
description: |
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
reference:
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
tags: electron,file,nodejs
2021-10-03 20:46:05 +00:00
file:
- extensions:
- all
matchers:
- type: word
words:
2023-07-06 05:54:47 +00:00
- "nodeIntegration: true"