dopamine icon indicating copy to clipboard operation
dopamine copied to clipboard

Published 20 hours ago verified publisher icon digimezzo

Dopamine does not sanitize links passed to the user's system

Open masood opened this issue 1 year ago • 0 comments

Summary

While the Dopamine Desktop Application opens links outside of the app by passing them to the system’s default browser, it does not sanitize these URLs, which can result in the execution of sensitive files on the user’s system.

Platform(s) Affected

MacOS, Linux, Windows

Steps To Reproduce

  1. Open the Dopamine Desktop Application from the command-line. Add a command-line switch --remote-debugging-port=8315 while running the application.

  2. Open a web browser on the same device and visit localhost:8315. The application can be interacted with via the DevTools protocol.

  3. [Access Sensitive File] Within the console, update the location, say, window.location = “file:///Applications/Emacs.app/Contents/MacOS/Emacs”. The file at the given path is opened. If this file is an executable, it is run by the system.

If a link were to be opened within the application, a user will have that sensitive file (if it exists), executed on their system.

-- Mir Masood Ali, PhD student, University of Illinois at Chicago Mohammad Ghasemisharif, PhD Candidate, University of Illinois at Chicago Chris Kanich, Associate Professor, University of Illinois at Chicago Jason Polakis, Associate Professor, University of Illinois at Chicago

masood avatar Oct 24 '23 19:10 masood