CVE-2017-5941

Generating a payload for reverse shell, have fun exploring nodejs deserialization in vulnerable applications.

nodeserial Explore Insecure Deserialization in nodejs Per CVE-2017-5941, the vulnerability occurs when untrusted data is passed to a serialize() function, resulting in remote code execution passing a JavaScript Object with an Immediately Invoked Function Expression (IIFE) Note that this affects the node-serialize 004 package for Nodejs This tool was made to automate this p

An app vulnerable to JSON deserialisation attack

vuln-app An app vulnerable to JSON deserialisation attack (CVE-2017-5941) This application serves as a PoC for the exploit and aims at teaching how deserialisation vulnerabilities work Presentation: Date: 14th June, 2021 Location: NetSPI Slideshow: The slideshow can be found here Setting up the virtual lab: Pre-requisite: Nodejs installed Python installed A vulnerabl

Exploit de reverseshell para desserialização em NodeJs (CVE-2017-5941)

NODEJSHELL - Exploit de reverse shell para desserialização em NodeJs (CVE-2017-5941) O exploit gera de forma automática o payload de reverse shell que é encodado em decimal e depois em base64 Depois disso esse payload é enviado através de uma requisição http POST que serializa o input do usuário e armazena em um co

Website Security Research Project

CS467: Website Security Research Project This project will explore the web vulnerabilities outlined in the article Top 10 Common Web Attacks: The First Steps to Protect Your Website These vulnerabilities are categorized as follows: Injection Broken Authentication Sensitive Data Exposure XML External Entities Broken Access Control Security Misconfiguration Cross-Site Scripting