关联漏洞
标题:
Evernote 安全漏洞
(CVE-2023-50643)
描述:Evernote(印象笔记)是美国Evernote公司的一套macOS平台的笔记软件。该软件可随时随地创建、管理、同步、搜索和共享笔记。 Evernote(MacOS) v.10.68.2版本存在安全漏洞,该漏洞源于允许远程攻击者通过 RunAsNode 和 enableNodeClilnspectArguments 组件执行任意代码。
描述
CVE-2023-50643
介绍
# CVE-2023-50643
CVE-2023-50643
An issue in Evernote for MacOS v.10.68.2 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components
There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r
<img width="769" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/11f3aef6-242b-44e8-90b8-c774d064d95d">
With this tool, we can check if the App is Vulnerable:
<img width="606" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/c4a922f9-1b82-4590-b412-8c543aca674f">
After validation, we can inject our code, and get a shell
<img width="713" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/6e783786-3098-417a-9475-54a4ce05ff77">
Enjoy Shell :)
<img width="811" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/d869f838-6dd9-40e9-85ea-fefb12aff4ed">
This CVE was only discovered with the help of a great friend and researcher - https://github.com/louiselalanne/CVE-2023-49314
文件快照
[4.0K] /data/pocs/4fb2a7d4a1086e89e2e8a9f338a429178f8270e1
└── [1.1K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。