Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-35717 PoC — Zonetti Zonote 跨站脚本漏洞

Source
https://github.com/hmartos/cve-2020-35717
Associated Vulnerability
Title:Zonetti Zonote 跨站脚本漏洞 (CVE-2020-35717)
Description:Zonetti Zonote是Zonetti个人开发者的一款基于Javascript语言开发的用于提供Markdown格式笔记功能的软件。 zonote 0.4.0版本及之前版本存在跨站脚本漏洞,该漏洞允许远程代码执行(因为webPreferences中的节点集成是真实的)。
Description
Showcase repository for CVE-2020-35717
Readme
# CVE-2020–35717

[zonote](https://github.com/zonetti/zonote) allows XSS via crafted note, with resultant Remote Code Execution (because Node.js integration is enabled).

## Steps to exploit the vulnerability

- Download any zonote [affected version](https://github.com/zonetti/zonote/releases/tag/v0.4.0)
- Open zonote app
- Import [xss-rce.znt](./xss-rce.znt) in zonote via Menu > Open
- Hover over the different links in imported notes

<img src="./xss-rce.gif" width="95%">

## Disclosure Timeline

- 2020-12-26 Issue discovered and contact with the owner
- 2020-12-26 Owner express his intention of not maintaining the repository nor fixing the vulnerability
- 2021-01-01 Public disclosure of the vulnerability
File Snapshot

 [4.0K]  /data/pocs/e409a5dc443f21e8e6f0c0bd8ca5b5d2b7197f57
├── [ 718]  README.md
├── [1.5M]  xss-rce.gif
└── [ 745]  xss-rce.znt

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.