Exploits / Vulnerability Discovered : 2019-05-27 |
Type : remote |
Platform : macos
This exploit / vulnerability Typora 0.9.9.24.6 directory traversal is for educational purposes only and if it is used you will do on your own risk!
Summary:
Typora 0.9.9.24.6 on macOS allows directory traversal, for the execution of
arbitrary programs, via a file:/// or ../ substring in a shared note via
abusing URI schemes.
Technical observation:
A crafted URI can be used in a note to perform this attack using file:///
has an argument or by traversing to any directory like
(../../../../something.app).
Since, Typro also has a feature of sharing notes, in such case attacker
could leverage this vulnerability and send crafted notes to the
victim to perform any further attack.