![]() ![]() Switching his focus to preload scripts, he found that Discord exposes a function that allows some permitted modules to be called (via ('MODULE-NAME')) into the web page. ![]() ![]() Kinugawa then deployed a technique for achieving RCE that he had outlined in a 2018 presentation to no avail. ![]() RELATED Discord users warned over QR code login scam that can result in pwned accounts However, the researcher discovered that this option was disabled, meaning that “a web page’s JavaScript can affect the execution of the Electron’s internal JavaScript code on the renderer, and preload scripts”. This should have precluded RCE courtesy of contextIsolation, introduced by Electron in response to a 2016 Cure53 penetration test to which Kinugawa contributed. The three-stage research process, which Kinugawa has documented in a blog post published yesterday (October 18, also available in Japanese), began with efforts to execute arbitrary JavaScript on Discord by first checking the BrowserWindow API options.īecause nodeIntegration was false in Discord's main window, the researcher couldn’t call require() directly in order to use Node.js features. Japanese researcher Masato Kinugawa was awarded $5,000 by Discord and $300 by Sketchfab through the platforms’ respective bug bounty programs. It also leveraged a cross-site scripting (XSS) flaw in the implementation of iframe embeds on 3D viewing platform Sketchfab, along with a navigation restriction bypass in Electron.ĭiscord, whose client is built on the Electron framework, is an instant messaging and VoIP application with more than 100 million active monthly users. The exploit (demonstrated in this video) capitalized on the fact that Discord had disabled the RCE-blocking contextIsolation option in Electron. A security researcher has achieved remote code execution (RCE) on Discord’s desktop application by chaining a trio of security vulnerabilities. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |