nuclei-templates/file/nodejs/tar-path-overwrite.yaml

21 lines
657 B
YAML
Raw Normal View History

2023-07-02 17:40:27 +00:00
id: tar-extraction
2022-12-22 10:57:38 +00:00
info:
2023-07-02 17:40:27 +00:00
name: Path Injection Vulnerability in TAR Extraction
2022-12-22 10:57:38 +00:00
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
tags: file,nodejs
file:
- extensions:
- all
2022-12-22 11:37:08 +00:00
matchers:
2022-12-22 10:57:38 +00:00
- type: regex
regex:
2023-06-28 05:14:19 +00:00
- "require\\('tar-stream'\\)"
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
2023-07-02 17:40:27 +00:00
condition: or