4072 matches found
Code Injection in domharrington/node-gitlog
Description The gitlogplus module is vulnerable against an arbitrary command injection issue which is made possible since some user-inputs are executed inside a command which doesn't have validations of any kind. POC 1. Create the following PoC file: js // poc.js var git = require'gitlogplus';...
Command Injection in forsigner/node-pngdefry
Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks...
Command Injection in thebeet/idevicekit
Overview Affected versions execute arbitrary commands remotely inside the victim's PC. The issue occurs because user input is formatted inside a command that will be executed without any checks. There is a possible bypass of the checkSerial function leading to malicious serial variable content...
Code Injection in vishwanatharondekar/gitlab-cli
Description The git-lab-cli module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i git-lab-cli...
Command Injection in zaach/jison
Overview jison is a package that provides an API for creating parsers in JavaScript. Affected versions of this package are vulnerable to Command Injection. Arbitrary OS shell command execution is possible through a crafted command-line argument...
Code Injection in courajs/node-svn
Description The svn module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var SVN = require'svn'; var svn = new SVN'./workingcopy'; svn.info"test; touch...
Code Injection in easy-team/node-tool-utils
Description The node-tool-utils module is vulnerable against RCE since a command is crafted using user inputs not validated and then executedading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const tool = require'node-tool-utils'; tool.checkPortUsed"test; touc...
Code Injection in timstudd/node-wkhtmltoimage
Description The wkhtmltoimage module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wkhtmltoimage = require'wkhtmltoimage';...
Code Injection in sidorares/node-wrk
Description The wrk module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var wrk = require'wrk'; wrk threads: 1, connections: 's','aaa', duration:...
Code Injection in rapidfacture/pdf-toolz
Description The pdf-toolz module is vulnerable against arbitrary command injection due to the fact some inputs given by the user are unsafely processed and executed. POC 1. Create the following PoC file: js // poc.js var pdf = require'pdf-toolz/PDF2Image'; pdf.pdfToImage"a", "test; touch HACKED; ...
Code Injection in elwerene/libreoffice-convert
Description The libreoffice-convert module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js const libre = require'libreoffice-convert'; libre.convert'',...
Code Injection in heroku/heroku-exec-util
Description The heroku-exec-util module is vulnerable against RCE since a command is crafted using user inputs not validated and then executed, leading to arbitrary command injection POC 1. Create the following PoC file: js // poc.js var heu = require'heroku-exec-util'; heu.sshargs:,'test; touch...
Command Injection in ionicabizau/node-gry
Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js const Repo = require"gry"; var myRepo = new Repo"."; myRepo.pull"test; touch HACKED; ", function...
Command Injection in joeyism/node-git-lib
Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js var git = require"git-lib"; git .add"test;touch HACKED;" .thenfunction / successfully added /...
Cross-Site Request Forgery (CSRF) in tuhinshubhra/extanalysis
Overview The ExtAnalysis project is vulnerable against various CSRFs, that could lead to loss of functionalities and placement of malicious files in arbitrary directories without knowledge of the victim. Proof of Concept Credit: Mik317 1. Download the git project and run the server through the...
Code Injection in keymetrics/vizion
Overview The issue is an RCE triggerable via the module. This is possible because in the https://github.com/keymetrics/vizion/blob/master/lib/git/git.jsL228 line, the git reset --hard command is concatenated with a unsanitized input: js var command = cliCommandargs.folder, "git reset --hard " +...
Command Injection in node-virtualization/node-virtualbox
Overview The issue occurs because a user input is formatted inside a command that will be executed without any check...
Command Injection in zamotany/logkitty
Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. Proof of Concept Credit: Mik317 1. Check there aren't files called HACKED 2. Execute the following commands in another terminal: bash npm i logkitty Install affected module logkit...
Command Injection in quobject/aws-cli-js
Overview The issue occurs because a user input is formatted inside a command that will be executed without any check. The issue arises here. Proof of Concept Credit: Mik317 1. Create the following PoC file: js // poc.js var awsCli = require"aws-cli-js"; var Options = awsCli.Options; var Aws =...
Code Injection in commenthol/safer-eval
Overview safer-eval is a safer approach for eval in node and browser. Affected versions of this package are vulnerable to Arbitrary Code Execution via generating a RangeError: Maximum call stack size exceeded. Proof of Concept Credit: Jonathan Leitschuh js const theFunction = function const f =...
Code Injection in mateodelnorte/meta-git
Description The meta-git module is vulnerable against command injection since the user-supplied inputs are concatenated with a command which is executed without validation. POC 1. Create a new directory and insert some test files: bash mkdir tests cd tests touch test touch secret touch files 2...
Cross-site Scripting (XSS) - Generic in boxbilling/boxbilling
Overview Boxbilling is a free billing & client management software Affected versions of this software are vulnerable to Cross-site Scripting XSS. It is possible to inject JavaScript with object decoding such as alert1 resulting in XSS. Technical Description if we look in...