Proton v0.2.0 - XSS To RCE
|Name||Proton v0.2.0 - XSS To RCE|
|Affected versions||Version 0.2.0|
Proton v0.2.0 allows an attacker to create a malicious
link inside a markdown file. When the victim clicks the link,
the application opens the site in the current frame allowing
order to trigger an XSS attack. The
is set to on which allows the webpage to use
an attacker can leverage this to run OS commands.
Proof of Concept
Steps to reproduce
Create a markdown file with the following content.
rce.htmlfile with the following content on a server controlled by the attacker.
<script> require('child_process').exec('calc'); </script>
- Version: Proton v0.2.0.
- Operating System: Windows 10.0.19042 N/A Build 19042.
- Installer: Proton.Setup.0.2.0.exe
There is no exploit for the vulnerability but can be manually exploited.
By 2022-05-17 there is not a patch resolving the issue.
The vulnerability was discovered by Oscar Uribe from the Offensive Team of Fluid Attacks.
Vendor page https://github.com/steventhanna/proton/