CVE-2019-18426

This exploit leverages a persistent XSS vulnerability in WhatsApp Desktop 0.3.9308 by injecting malicious JavaScript into a message. The payload executes arbitrary code, including reading local files (e.g., hosts file), when the victim clicks the crafted message.

This repository contains a detailed technical writeup of CVE-2019-18426, a vulnerability in WhatsApp that involves an open redirect, CSP bypass, persistent XSS, and file system read permissions. The author describes the step-by-step process of discovering and exploiting these flaws, including code snippets and explanations of the attack mechanics.

This repository contains a detailed technical writeup of CVE-2019-18426, which involves multiple vulnerabilities in WhatsApp, including open redirect, CSP bypass, persistent XSS, and file system read permissions. The author provides a step-by-step breakdown of the exploitation process, including code snippets and visual aids.