day0xy
commented
1 month ago Hello i saw your issue - maybe it can be helpfull. https://github.com/s4vvysec/CVE-2024-4367-POC/blob/main/poc.py its another POC for same CVE , with ref to https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ there is a lot of schemes url/uri wich can be called in electron and other apps, os.
but cant reproduce ANYTHING in mine env with new versions))
Thank you, I've seen all of this before, but I still haven't tried it successfully. https://book.hacktricks.xyz/network-services-pentesting/pentesting-web/electron-desktop-apps
Hello i saw your issue - maybe it can be helpfull. https://github.com/s4vvysec/CVE-2024-4367-POC/blob/main/poc.py its another POC for same CVE , with ref to https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/ there is a lot of schemes url/uri wich can be called in electron and other apps, os.
but cant reproduce ANYTHING in mine env with new versions))