CVE-2023-50643 PoC — Evernote 安全漏洞

Source

https://github.com/giovannipajeu1/CVE-2023-50643

Associated Vulnerability

Title:Evernote 安全漏洞 (CVE-2023-50643)
Description:An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components.

Description

CVE-2023-50643

Readme

# CVE-2023-50643
CVE-2023-50643

An issue in Evernote for MacOS v.10.68.2 allows a remote, attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components

There is a tool designed to automate the process of searching for vulnerabilities in electron: https://github.com/r3ggi/electroniz3r


<img width="769" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/11f3aef6-242b-44e8-90b8-c774d064d95d">





 With this tool, we can check if the App is Vulnerable:



 
<img width="606" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/c4a922f9-1b82-4590-b412-8c543aca674f">



After validation, we can inject our code, and get a shell



 
 <img width="713" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/6e783786-3098-417a-9475-54a4ce05ff77">


 





Enjoy Shell :)





 
 <img width="811" alt="image" src="https://github.com/V3x0r/CVE-XXXX-XXXX/assets/83291215/d869f838-6dd9-40e9-85ea-fefb12aff4ed">


 

This CVE was only discovered with the help of a great friend and researcher - https://github.com/louiselalanne/CVE-2023-49314

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!