Exploiting Node.js deserialization bug for Remote Code Execution

preview_player
Показать описание
  1. Ajin Abraham
  2. node.js deserialization bug
  3. deserialization in node.js
  4. object injection in node.js
  5. unserialize bugs in node.js
  6. deserialisation bugs in node.js
Рекомендации по теме
Exploiting Node.js deserialization 0:04:11

Exploiting Node.js deserialization bug for Remote Code Execution

Exploiting Insecure Deserialization: 0:11:09

Exploiting Insecure Deserialization: Node-Serialize

serialize to js 0:00:14

serialize to js exploit demo

Insecure Deserialization Attack 0:08:52

Insecure Deserialization Attack Explained

Exploiting NodeJS Deserialization 0:04:01

Exploiting NodeJS Deserialization in Tryhackme

Node.Js Deserialization Attack 0:06:06

Node.Js Deserialization Attack

Tutorial Hacking Nodejs 0:14:22

Tutorial Hacking Nodejs Serialize Unserialize - RCE remote command execution

Node.Js RCE PoC 0:00:21

Node.Js RCE PoC

Unprotected API : 0:22:46

Unprotected API : Web to Root - Web application Hacking | Node.js Deserialisation - Praveen Singh

Hacking NodeJS Application 0:14:00

Hacking NodeJS Application with EVAL

Cyber Security | 0:22:00

Cyber Security | CTF | Vulnhub | Shuriken Node | Node.js Deserialization RCE | Manual PrivEsc

Exploiting Deserialization of 0:00:16

Exploiting Deserialization of Untrusted Objects in HPE IMC

Cyber Security | 0:07:27

Cyber Security | Penetration Test | CTF | Walkthrough | Temple of Doom 2 | Deserialization

Insecure Deserialization Exploit 0:03:13

Insecure Deserialization Exploit

PoC : remote 0:00:33

PoC : remote code execution on zip slip - zip slip rce | termux hacking | node.js express rce

Cyber Security | 0:30:54

Cyber Security | Ethical Hacking | Pentesting Lab | Hackthebox | NodeBlog | Very Detailed

Remote Code Execution 0:10:45

Remote Code Execution bug found in Popular Node.js changelog library (I go through the code)

CVE-2010-0094 : Java 0:01:51

CVE-2010-0094 : Java RMIConnectionImpl Deserialization Privilege Escalation Exploit

Hacking Websites: NodeJS 0:23:14

Hacking Websites: NodeJS Server-Side Template Injection

Cyber Security | 0:22:23

Cyber Security | Ethical Hacking | Pentesting Lab | Tryhackme | VulnNet Node

JBoss Insecure Deserialization 0:04:01

JBoss Insecure Deserialization Exploit

How do hackers 0:09:12

How do hackers hack using Code Execution?||OWASP||Insecure Deserialization||arbitrary code execution

How I Used 0:39:56

How I Used a JSON Deserialization 0day to Steal Your Money on the Blockchain

DEF CON 26 0:41:10

DEF CON 26 - Ian Haken - Automated Discovery of Deserialization Gadget Chains

Комментарии
Автор

so this trick only works for nodejs...
eval almost like evil

МихаилТолкачев-йм
Автор

SyntaxError: Unexpected token

at Object.parse (native)
at Object.exports.unserialize
at /home/sun/server.js:11:24
at Layer.handle [as handle_request]
at next
at Route.dispatch
at Layer.handle [as handle_request]
at
at Function.process_params
at next

wrnchx
Автор

I keep getting invalid username type as a response. Any suggestions?

anthonyalmaguer
welcome to shbcf.ru