Javascript Vulnerabilities
Javascript Deserializaiton
Notice the assigned session cookie
Attempt to decode the cookie in the
decoder
tabAttempt to modify the cookie by either
When we cut the cookie in half we get a server error
We see that the web application is trying to unserialize the session cookie but it’s getting an error.
Node Js de-serialization vulnerability is the easiest to exploit since the payload doesn’t change that much
We will modify the following payload a bit to get it working
Encode the cookie and see if that payload works to get command injection
Create a reverse shell script and make sure to
chmod +x
the scriptFinal Payload
Start your listener
Encode the payload to
Base64
and thenURL Encode
Send the request, and get a rev shell!
Last updated