infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Beautify nodejs_js_yaml_load_code_exec metadata

bug/bundler_fix
jvazquez-r7 2013-09-25 12:44:34 -05:00
parent 848130c5a1
commit 5c88ad41a8
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb
View File

@ -14,17 +14,20 @@ class Metasploit3 < Msf::Exploit::Remote
def initialize(info = {})
super(update_info(info,
'Name' => 'Nodejs js-yaml load() Code Exec',
'Name' => 'Nodejs js-yaml load() Code Execution',
'Description' => %q{
For node.js applications that parse user-supplied YAML input using the
load() function from the 'js-yaml' package < 2.0.5, specifying a self-executing
function allows us to execute arbitrary javascript code.
This module can be used to abuse node.js applications that parse user-supplied YAML input
using the load() function from the 'js-yaml' package < 2.0.5, who doesn't handle properly
the unsafe !!js/function tag, allowing to specify a self-executing function which results
on execution of arbitrary javascript code.
},
'Author' => ['joev <jvennix[at]rapid7.com>'],
'License' => MSF_LICENSE,
'References' =>
[
['CVE', '2013-4660'],
['OSVDB', '94656'],
['BID', '60867'],
['URL', 'https://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/']
],
'Platform' => 'nodejs',