CVE-2024-23739 PoC — Discord 安全漏洞

Source

https://github.com/V3x0r/CVE-2024-23739

Associated Vulnerability

Title:Discord 安全漏洞 (CVE-2024-23739)
Description:Discord是Discord公司的一个免费聊天服务。 Discord 0.0.291 版本之前存在安全漏洞，该漏洞源于通过 RunAsNode 和 enableNodeClilnspectArguments 设置可以执行任意代码。

Description

CVE-2024-23739

Readme

# CVE-2024-23739
An issue in Discord through 0.0.291 on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings.

 There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r
 <img width="442" alt="image" src="https://github.com/V3x0r/CVE-2024-23739/assets/83291215/86ad0991-6c71-4c1d-a9cf-b9299800b19e">

 

 
 With this tool, we can check if the App is Vulnerable:
 
 <img width="840" alt="image" src="https://github.com/V3x0r/CVE-2024-23739/assets/83291215/da94e15e-ab27-4846-825d-1c5e86694be3">

 
 
 After validation, we can inject our code, and get a shell
 
 
<img width="843" alt="image" src="https://github.com/V3x0r/CVE-2024-23739/assets/83291215/26702453-049c-4224-82b7-360319d8abad">



 Enjoy Your Shell :)

File Snapshot


 [4.0K]  /data/pocs/41a5bf5fcecd8ab8a8b97ff7eeca62b80ee1611b
└── [ 856]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!