2021-10-03 20:46:05 +00:00
id : node-integration-enabled
info :
2022-05-20 21:38:52 +00:00
name : Electron Applications - Cross-Site Scripting & Remote Code Execution
2021-10-03 20:46:05 +00:00
author : me9187
severity : critical
2022-05-20 21:38:52 +00:00
description : |
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
2021-10-04 12:47:45 +00:00
reference :
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
tags : electron,file,nodejs
2021-10-03 20:46:05 +00:00
file :
- extensions :
- all
matchers :
- type : word
words :
2021-10-03 20:50:50 +00:00
- "nodeIntegration: true"
2022-05-20 21:38:52 +00:00
# Enhanced by mp on 2022/05/19
