Skip to content

msrkp/electron-research

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 

Repository files navigation

Electron Research

Title: TBA

Intro

The following research will be published in an upcoming conference.

During the end of prototype pollution research, BlackFan and I came across a Prototype Pollution XSS in a web application that has a Desktop Application using ~Electron. So, I tried to escalate it to Remote Code Execution in the Desktop App and eventually I was able to get Remote Code Execution. Eventually, Prototype Pollution research came to an end, and started working on Electron Application and I think the research turned out pretty well.

Stats

The number of Applications Pwned: 18

The number of times Applications Pwned: 23

Applications Pwned

Application Description Link to Blog/Advisory CVE
Discord - - -
VSCode - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43908 CVE-2021-43908
Rocket.chat - https://ssd-disclosure.com/ssd-advisory-rocket-chat-client-side-remote-code-execution/ -
Element - https://github.com/vector-im/element-desktop/security/advisories/GHSA-mjrg-9f8r-h3m7 CVE-2022-23597
Microsoft Teams File Read - -

More Apps and Description, will be updated after the presenting at a conference

Research Publishing Team

Mohan Sri Rama Krishna P (s1r1us)

William Bowling (vakzz)

Max Garrett (TheGrandPew)

Aaditya Purani (knapstack)

Collabarators

Yudaii (ptr-yudai)

Sergey Bobrov (Black2Fan)

Masato Kinugawa (kinugawamasato)

Harsh Jaiswal (rootxharsh)

Terjanq (terjanq)

About

Electron Research

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published