CVE-2023-50643 PoC — Evernote 安全漏洞

Source

https://github.com/V3x0r/CVE-2023-50643

Associated Vulnerability

Title:Evernote 安全漏洞 (CVE-2023-50643)
Description:Evernote（印象笔记）是美国Evernote公司的一套macOS平台的笔记软件。该软件可随时随地创建、管理、同步、搜索和共享笔记。 Evernote（MacOS） v.10.68.2版本存在安全漏洞，该漏洞源于允许远程攻击者通过 RunAsNode 和 enableNodeClilnspectArguments 组件执行任意代码。

Description

CVE-2023-50643

Readme

# CVE-2023-50643
CVE-2023-50643

An issue in Evernote for MacOS v.10.68.2 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r


<img width="769" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/11f3aef6-242b-44e8-90b8-c774d064d95d">





 With this tool, we can check if the App is Vulnerable:



 
<img width="606" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/c4a922f9-1b82-4590-b412-8c543aca674f">



After validation, we can inject our code, and get a shell



 
 <img width="713" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/6e783786-3098-417a-9475-54a4ce05ff77">


 





Enjoy Shell :)





 
 <img width="811" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/d869f838-6dd9-40e9-85ea-fefb12aff4ed">


 

This CVE was only discovered with the help of a great friend and researcher - https://github.com/louiselalanne/CVE-2023-49314

File Snapshot


 [4.0K]  /data/pocs/4fb2a7d4a1086e89e2e8a9f338a429178f8270e1
└── [1.1K]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!