gitea-mirror/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2026-01-15 14:23:01 -08:00
Code Issues Packages Projects Releases Wiki Activity

Normalize page header for GraphQL, Deserialization, SCM

Browse Source
This commit is contained in:
Swissky
2024-11-10 14:37:48 +01:00
parent 2deb20a6f1
commit 2304101657
21 changed files with 262 additions and 129 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
Insecure Deserialization/Node.md
View File

@@ -1,14 +1,17 @@
# Node Deserialization
> Node.js deserialization refers to the process of reconstructing JavaScript objects from a serialized format, such as JSON, BSON, or other formats that represent structured data. In Node.js applications, serialization and deserialization are commonly used for data storage, caching, and inter-process communication.
## Summary
* [Exploit](#exploit)
* [Methodology](#methodology)
* [node-serialize](#node-serialize)
* [funcster](#funcster)
* [References](#references)
## Exploit
## Methodology
* In Node source code, look for:
* `node-serialize`
@@ -47,6 +50,6 @@
## References
- [CVE-2017-5941 - NATIONAL VULNERABILITY DATABASE - February 9, 2017](https://nvd.nist.gov/vuln/detail/CVE-2017-5941)
- [CVE-2017-5941 - National Vulnerability Database - February 9, 2017](https://nvd.nist.gov/vuln/detail/CVE-2017-5941)
- [Exploiting Node.js deserialization bug for Remote Code Execution (CVE-2017-5941) - Ajin Abraham - October 31, 2018](https://www.exploit-db.com/docs/english/41289-exploiting-node.js-deserialization-bug-for-remote-code-execution.pdf)
- [NodeJS Deserialization - gonczor - January 8, 2020](https://blacksheephacks.pl/nodejs-deserialization/)