CVE-2024-23743
An issue in Notion for MacOS v.3.1.0 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components
There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r
![image](https://private-user-images.githubusercontent.com/83291215/291661827-163a92de-852f-4220-ba26-964862429a13.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk1ODM2NDMsIm5iZiI6MTcxOTU4MzM0MywicGF0aCI6Ii84MzI5MTIxNS8yOTE2NjE4MjctMTYzYTkyZGUtODUyZi00MjIwLWJhMjYtOTY0ODYyNDI5YTEzLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI4VDE0MDIyM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPWE3NmM4ZTc2ZjRiODAwYjdmMWRlNjc0MTM3YWZmYjk0YzI0MzRhMTliODU5M2QzYzY3YmZhNmI2YzQ3NDYyMmQmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.bzBjmc-A4pWB2BrrUR0xa_c86MBC-iN4FVzZylZyoLQ)
With this tool, we can check if the App is Vulnerable:
![image](https://private-user-images.githubusercontent.com/83291215/291662102-1df75e93-39d8-44c2-acfe-644cbaa909fc.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk1ODM2NDMsIm5iZiI6MTcxOTU4MzM0MywicGF0aCI6Ii84MzI5MTIxNS8yOTE2NjIxMDItMWRmNzVlOTMtMzlkOC00NGMyLWFjZmUtNjQ0Y2JhYTkwOWZjLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI4VDE0MDIyM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTc2N2FmMjJjZWU4OWQzNmI4NTkzMWVhOTllNzZjOGZmYjViMmZhMzZmZTA5ZmY3MWU3YWUzYzk1ODg3YWJmMGMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.yxNCCJH2o5r9pbQZxNiU38SchUb410zr1xn7Px2Uwe0)
After validation, we can inject our code, and get a shell
![image](https://private-user-images.githubusercontent.com/83291215/291662384-384ac802-10d4-437d-93ec-424764994698.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk1ODM2NDMsIm5iZiI6MTcxOTU4MzM0MywicGF0aCI6Ii84MzI5MTIxNS8yOTE2NjIzODQtMzg0YWM4MDItMTBkNC00MzdkLTkzZWMtNDI0NzY0OTk0Njk4LnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI4VDE0MDIyM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTgwZmE4ZGNhMzk3OWZjN2M0ZWNjNTQxMDdmMjNkZjMxMGE1OGY2ZWI5Y2Y2NTc1ZTFlYjRhODQwM2JhMjI3ZDkmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.Ja9UGrh_9Nro1ymEZAkmSXwf2wrDBvkdKWyzQ5ndGFo)
And Now, Enjoy your Shell:
![image](https://private-user-images.githubusercontent.com/83291215/291662540-6b22b5de-708d-4b10-8cd5-b2ab511fd1c1.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk1ODM2NDMsIm5iZiI6MTcxOTU4MzM0MywicGF0aCI6Ii84MzI5MTIxNS8yOTE2NjI1NDAtNmIyMmI1ZGUtNzA4ZC00YjEwLThjZDUtYjJhYjUxMWZkMWMxLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA2MjglMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNjI4VDE0MDIyM1omWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTA5ZGQ3MmNjYzlhOWNjN2E2ZjJhNmUyNjc3ODZhMWNiMWJkNGZkNDMyMzM1NjcxOTRkZDAyY2IwNGQ2MmNlY2ImWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.4AglAoHYvedrH7r8PkLTqnllO8UgEQxyGdx1W81y2NI)