Automattic: RCE via Print function [Simplenote 1.1.3 - Desktop app]

In Simplenote 1.1.3 - Desktop app there is a stored XSS vulnerability that can be used to execute arbitrary code. If there is malicious code in the note and the user tries to print it for example to save it as a PDF, the malicious code runs. This report is based on the report 291539, by Yasin...

Automattic: Improper markup sanitisation in Simplenote Android application.

Description The Simplenote Android application 1.5.6 still allows users to embed fully-fledged forms. html Sign in to Simplenote Please sign in Email Password Remember Me Forgot your password? F246484 A more convincing proof of concept could consist of hiding the form inside several paragraphs o...

Automattic: Crafted frame injection leading to form-based UI redressing.

Summary One can inject iframes into a note and create a login form that sends the user's details to a third-party server. Once again I will let the PoC do most of the explaining. PoC Paste the following snippet into a Simplenote and then view it in the preview panel. I am using the latest stable...

Automattic: [Simplenote for Windows] Client RCE via External JavaScript Inclusion leveraging Electron

Hi, A carefully crafted injection in the Markdown parser within Simplenote for Windows can be leveraged to achieve remote code execution via an external JavaScript file. The nature of Simplenote's content sharing system, which makes use of tags containing email addresses, means that an adversary...

Automattic: Improper markup sanitization.

Summary One can inject HTML into a note and create a login form that sends the user's details to a third-party server. This was a fun issue to play around with. I will let the PoC do most of the talking for a change. PoC Paste the following HTML into a Simplenote. I am using the Simplenote app...

Automattic: [app.simplenote.com] Stored XSS via Markdown SVG filter bypass

Hi, A carefully crafted injection used against the Markdown input parser can be leveraged to store and execute arbitrary JavaScript in the app.simplenote.com context. Proof of concept Before proceeding to reproduce this vulnerability, please log in to app.simplenote.com and create a new note with...

Simplenote - Customized SSL, Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Simplenote published at the 'play' market has multiple vulnerabilities...

Automattic: information disclosure

Use Google chrome 35.0.1916.114m for reproduction 1. go to https://app.simplenote.com/ 2. login into the app. 3. Now press logout, and press back button on browser. You will see the session back.This is the information disclosure vulnerability. I recommend checking for a valid, authenticated...