Electron Research Save

Electron Research

Project README

Electron Research

Title: TBA

Intro

The following research will be published in an upcoming conference.

During the end of prototype pollution research, BlackFan and I came across a Prototype Pollution XSS in a web application that has a Desktop Application using ~Electron. So, I tried to escalate it to Remote Code Execution in the Desktop App and eventually I was able to get Remote Code Execution. Eventually, Prototype Pollution research came to an end, and started working on Electron Application and I think the research turned out pretty well.

Stats

The number of Applications Pwned: 16

The number of times Applications Pwned: 21

Applications Pwned

Application Description Link to Blog/Advisory CVE
Discord - - -
VSCode - https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43908 CVE-2021-43908
Rocket.chat - https://ssd-disclosure.com/ssd-advisory-rocket-chat-client-side-remote-code-execution/ -

More Apps and Description, will be updated after the presenting at a conference

Research Publishing Team

Mohan Sri Rama Krishna P (s1r1us)

William Bowling (vakzz)

Max Garrett (TheGrandPew)

Aaditya Purani (knapstack)

Collabarators

Yudaii (ptr-yudai)

Sergey Bobrov (Black2Fan)

Masato Kinugawa (kinugawamasato)

Harsh Jaiswal (rootxharsh)

Terjanq (terjanq)

Open Source Agenda is not affiliated with "Electron Research" Project. README Source: msrkp/electron-research