aaronxu/vulhub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
vulhub/electron/CVE-2018-1000006/README.md
Aaron 63285f61aa
Some checks failed
Vulhub Format Check and Lint / format-check (push) Has been cancelled
Details
Vulhub Format Check and Lint / markdown-check (push) Has been cancelled
Details
Vulhub Docker Image CI / longtime-images-test (push) Has been cancelled
Details
Vulhub Docker Image CI / images-test (push) Has been cancelled
Details
first commit
2025-09-06 16:08:15 +08:00

42 lines
1.8 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Electron Remote Code Execution VulnerabilityCVE-2018-1000006
[中文版本(Chinese version)](README.zh-cn.md)
Electron is an open source library developed by GitHub for building cross-platform desktop applications with HTML, CSS, and JavaScript. Electron accomplishes this by combining Chromium and Node.js into a single runtime and apps can be packaged for Mac, Windows, and Linux.
On Windows, if an application developed by Electron registers a Protocol Handler (allowing the user to call the application in the browser), a parameter injection vulnerability may occur and eventually cause remote code vulnerability on the user side.
Reference link:[Electron < v1.8.2-beta.4 远程命令执行漏洞—【CVE-2018-1000006】](https://xianzhi.aliyun.com/forum/topic/1990)
## Setup
Execute the following commands to compile an vulnerability application:
```
docker compose run -e ARCH=64 --rm electron
```
Because the software needs to run on the Windows platform, it is necessary to set the value of the ARCH to the number of bits of the platform: 32 or 64.
After the compilation completed, execute the following command to run the web service:
```
docker compose run --rm -p 8080:80 web
```
Now, access`http://your-ip:8080/`You can see the POC page.
## Exploit
First, on the POC page, click on the first link and download the compiled software `vulhub-app.tar.gz`. After the download is complete, extract it and run it once:
![](1.png)
This time the Protocol Handler will be registered.
Then, go back to the POC page and click on the second link. The target software and calculator will pop up:
![](2.png)
> If fails, it may be browser's reason. After testing, the new Chrome browser will call vulhub-app when it clicks on the POC, but it will not execute calc.exe.
Reference in New Issue View Git Blame Copy Permalink