Based in San Francisco Bay Area, Securesql is a blog by John Menerick. His insights dissect complex systems, offering a masterclass in cyber guardianship through expert analysis and cutting-edge protective strategies.

Unpatched Cloud9 XSS and potential remote code execution vulnerability

John Menerick

While coding with the awesome Cloud9 IDE, I found an interesting cross site scripting vulnerability in C9. Within editors.js, there exists a DOM-based cross site scripting vulnerability and potential remote code execution.

XSS

The vulnerable code flow starts on line 881. Then the malicious entity is passed through loadFileFromHash's function (line 994. Returns on line 1031.) Then the malicious entity is passed to DOM on line 883.

 

RCE

Since C9 runs on Node.js, there exists a possibility of the XSS becoming remote code execution.   But I do not see the obvious code flow path to have the XSS interpreted by Node.js.  It is plausible though.  

 

Source:  

https://github.com/ajaxorg/cloud9.git

 

 

 

Batik parse double vulnerability

Malicious mobile power station