Title: TBA
The following research will be published in an upcoming conference.
During the end of prototype pollution research, BlackFan and I came across a Prototype Pollution XSS in a web application that has a Desktop Application using ~Electron. So, I tried to escalate it to Remote Code Execution in the Desktop App and eventually I was able to get Remote Code Execution. Eventually, Prototype Pollution research came to an end, and started working on Electron Application and I think the research turned out pretty well.
The number of Applications Pwned: 18
The number of times Applications Pwned: 23
| Application | Description | Link to Blog/Advisory | CVE |
|---|---|---|---|
| Discord | - | - | - |
| VSCode | - | https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43908 | CVE-2021-43908 |
| Rocket.chat | - | https://ssd-disclosure.com/ssd-advisory-rocket-chat-client-side-remote-code-execution/ | - |
| Element | - | https://github.com/vector-im/element-desktop/security/advisories/GHSA-mjrg-9f8r-h3m7 | CVE-2022-23597 |
| Microsoft Teams | File Read | - | - |
More Apps and Description, will be updated after the presenting at a conference
Mohan Sri Rama Krishna P (s1r1us)
William Bowling (vakzz)
Max Garrett (TheGrandPew)
Aaditya Purani (knapstack)
Yudaii (ptr-yudai)
Sergey Bobrov (Black2Fan)
Masato Kinugawa (kinugawamasato)
Harsh Jaiswal (rootxharsh)
Terjanq (terjanq)