daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update node-integration-enabled.yaml

patch-1
Prince Chaddha 2022-05-20 12:04:13 +05:30 committed by GitHub
parent 016a85da6e
commit f4b6664ae3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
file/electron/node-integration-enabled.yaml
View File

@ -4,7 +4,8 @@ info:
name: Electron Applications - Cross-Site Scripting & Remote Code Execution
author: me9187
severity: critical
description: Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
description: |
Electron Applications is susceptible to remote code execution by way of cross-site scripting via nodeIntegration by calling require('child_process').exec('COMMAND');.
reference:
- https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
- https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps