- Vulnerability Subject: RCE via XSS
- Vulnerability Version: <= Beekeeper-Studio-4.1.13
- Attack Type: Remote Code Execution
- Attack Vectors: To exploit the vulnerability, one must insert malicious scripts into the column names of the table. When hovering the mouse over the corresponding column(tabulator-header-contents), a preview (tabulator-popup-container) should execute, allowing the exploitation to take place.
- Reserved CVE Number: CVE-2024-23995
Step 1) Create a database containing column names written with malicious scripts.
Step 2) If the attacker is using SQLite, distribute the DB file; for other databases, distribute the connection information for the DB server.
Step 3) The victim connects to the database, goes into the table, and hovers the mouse over the column names, triggering the execution of the corresponding scripts.
Step 4) Since there are no restrictions on access permissions for local data, example statements like work successfully.
- While other popup containers are filtered, this specific part lacks proper validation.
- Use this tabulator-popup-container
- Create column names written with malicious scripts. like '
'
- Mouse over the column names, triggering the execution of the corresponding scripts.