bibisco icon indicating copy to clipboard operation
bibisco copied to clipboard
verified publisher icon andreafeccomandi

Bug: The Bibisco Desktop Application does not properly limit in-app navigation

Open masood opened this issue 2 years ago • 0 comments

Summary:

The Bibisco Desktop Application does not limit in-app navigation. As a result, the application’s window can be navigated to arbitrary third-party sites, resulting in malicious or potentially harmful domains being loaded within the application context. Additionally, the application enables node integration and disables context isolation – therefore malicious websites can perform remote code execution on the underlying system.

Platform(s) Affected:

All

Steps To Reproduce:

  1. Open the Bibisco Desktop Application from the command-line. Add a command-line switch --remote-debugging-port=8315 while running the application.

  2. Open a web browser on the same device and visit localhost:8315. The application can be interacted with via the DevTools protocol.

  3. Within the console, update the location, say, `window.location.href = “https://google.com/”.

  4. The Bibisco application window is navigated to https://google.com/, i.e., away from the application’s intended page.

Credit Information:

Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago

masood avatar Sep 13 '23 02:09 masood