CVE-2020-9038 PoC — Joplin 跨站脚本漏洞

Source

https://github.com/JavierOlmedo/CVE-2020-9038

Associated Vulnerability

Title:Joplin 跨站脚本漏洞 (CVE-2020-9038)
Description:Joplin是一款开源的笔记和待办事项应用程序。 Joplin 1.0.184及之前版本中存在安全漏洞。攻击者可利用该漏洞读取任意文件。

Description

Disclosure report of CVE-2020-9038

Readme

# CVE-2020-9038
Disclosure report of CVE-2020-9038

More info:

- https://github.com/laurent22/joplin/commit/3db47b575b9cb0a765da3d283ba
- https://nvd.nist.gov/vuln/detail/CVE-2020-9038
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9038

File Snapshot


 [4.0K]  /data/pocs/7dfa0e9c4134d25386e798e823d9822ae4f61e1d
├── [4.0K]  dos
│   ├── [ 21M]  joplin-dos-via-mermaid.webm
│   └── [ 98K]  mermaid_payload.txt
├── [538K]  joplin-security-report.pdf
├── [ 248]  README.md
└── [4.0K]  xss
    ├── [ 556]  exploit.js
    ├── [ 13M]  joplin-xss.webm
    └── [  21]  SECRET.txt

2 directories, 7 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!