AntSword Remote Code Execution Vulnerability via Incomplete Sanitization in jQuery Terminal

A remote code execution vulnerability has been identified in AntSword versions prior to 2.1.16. The issue arises from incomplete sanitization in the 'noxss()' function, which fails to properly filter out characters used in jQuery Terminal format codes. This oversight allows a malicious server to inject clickable links with 'javascript:' protocols into the terminal, which, when clicked, execute arbitrary code on the client side. The vulnerability exploits the 'nodeIntegration: true' setting in Electron, enabling execution of Node.js commands.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the client machine, triggered by clicking a crafted link in the AntSword terminal.

Reproduction

To reproduce this vulnerability, set up a malicious PHP server that injects jQuery Terminal format codes into the response. Connect to this server using AntSword, open the virtual terminal, and execute a command. The output will include a link that, when clicked, executes a specified program (like 'calc.exe') on the client.

Remediation

Users can update to AntSword version 2.1.16 or later, where this vulnerability has been fixed.