Create node-integration.yaml

Castledev2022 · Oct 3, 2021 · 9e2a7aa · 9e2a7aa
1 parent 937db78
commit 9e2a7aa
Showing 1 changed file with 20 additions and 0 deletions.
diff --git a/file/electron/node-integration.yaml b/file/electron/node-integration.yaml
@@ -0,0 +1,20 @@
+id: node-integration-enabled
+
+info:
+  name: Node Integration Enabled
+  author: me9187
+  severity: critical
+  tags: electron,file
+  reference: https://blog.yeswehack.com/yeswerhackers/exploitation/pentesting-electron-applications/
+  # nodeIntegration in Electron Applications means you can turn XSS into RCE by calling require('child_process').exec('COMMAND');
+  # https://book.hacktricks.xyz/pentesting/pentesting-web/xss-to-rce-electron-desktop-apps
+
+file:
+  - extensions:
+      - all
+
+    matchers:
+
+      - type: word
+        words:
+         - "nodeIntegration: true"