CVE-2019-18426 PoC — Facebook WhatsApp 跨站脚本漏洞

Source

https://github.com/HumanSecurity/CVE-2019-18426

Associated Vulnerability

Title:Facebook WhatsApp 跨站脚本漏洞 (CVE-2019-18426)
Description:A vulnerability in WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10 allows cross-site scripting and local file reading. Exploiting the vulnerability requires the victim to click a link preview from a specially crafted text message.

Readme

# WhatsApp Vulnerabilities Disclosure - Open Redirect + CSP Bypass + Persistent XSS + FS read permissions + potential for RCE

## [CVE-2019-18426](https://nvd.nist.gov/vuln/detail/CVE-2019-18426)

## [Technical Article](./article/)

## [Original Vulnerabilities Disclosures Documents](./docs)

## [DEMO Vids!](./vids)

File Snapshot


 [4.0K]  /data/pocs/5f56888573dfb375da566f561aa1dfae71f30e3f
├── [4.0K]  article
│   ├── [ 14K]  1.jpg
│   ├── [ 23K]  2.jpg
│   ├── [ 21K]  3.jpg
│   ├── [ 38K]  4.jpg
│   ├── [193K]  5.jpg
│   ├── [285K]  6.jpg
│   ├── [179K]  7.jpg
│   ├── [205K]  8.jpg
│   ├── [181K]  9.jpg
│   └── [ 16K]  README.md
├── [4.0K]  docs
│   ├── [4.0K]  docx
│   │   ├── [9.1K]  WHATSAPP - CSP complete bypass using OBJECT tag [HIGH RISK].docx
│   │   ├── [9.3K]  WHATSAPP - One Click Open Redirect via URL filtering bypass using at sign (@) [MEDIUM RISK].docx
│   │   ├── [9.8K]  WHATSAPP - One Click Persistent XSS AND RCE via URL filtering bypass using javascript_ [HIGH RISK].docx
│   │   └── [9.9K]  WHATSAPP - One Click Persistent XSS via URL filtering bypass using javascript_ [HIGH RISK].docx
│   ├── [ 63K]  WHATSAPP - CSP complete bypass using OBJECT tag [HIGH RISK].pdf
│   ├── [ 76K]  WHATSAPP - One Click Open Redirect via URL filtering bypass using at sign (@) [MEDIUM RISK].pdf
│   ├── [ 73K]  WHATSAPP - One Click Persistent XSS AND RCE via URL filtering bypass using javascript_ [HIGH RISK].pdf
│   └── [ 80K]  WHATSAPP - One Click Persistent XSS via URL filtering bypass using javascript_ [HIGH RISK].pdf
├── [ 11K]  LICENSE
├── [ 318]  README.md
└── [4.0K]  vids
    ├── [9.2M]  NON_TECHNICAL_RISK_SIMULATION.mkv
    ├── [ 158]  README.md
    └── [ 26M]  TECHNICAL_EXPLOITATION_SIMULATION.mkv

4 directories, 23 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!