CVE-2017-5941

This PoC exploits CVE-2017-5941, a Node.js deserialization vulnerability, by crafting a reverse shell payload encoded in decimal and base64, then sending it via HTTP POST to set a cookie and triggering execution via HTTP GET.

This repository contains a functional exploit for CVE-2018-15133, a deserialization vulnerability in Laravel Framework. The exploit leverages a crafted X-XSRF-TOKEN header to achieve remote code execution (RCE) on vulnerable Laravel applications.

This PoC demonstrates a Node.js deserialization vulnerability (CVE-2017-5941) where a malicious cookie payload can execute arbitrary commands. The exploit leverages the `node-serialize` package to achieve RCE via a crafted serialized object.

This PoC exploits CVE-2017-5941, a Node.js RCE vulnerability, by injecting a malicious payload into a cookie. The payload executes a command to send a DNS query containing the output of `whoami` to a DNS log server for verification.

This repository contains a functional PoC for CVE-2017-5941, demonstrating untrusted deserialization in node-serialize ≤ 0.0.4. It includes a vulnerable Node.js app and a Python script to exploit it via POST requests or cookies, achieving RCE through crafted payloads.

This repository contains a PoC for CVE-2017-5941, a deserialization vulnerability in the `node-serialize` library. The exploit leverages a malicious payload embedded in a base64-encoded cookie to achieve remote code execution (RCE) via Node.js deserialization.

This exploit leverages unsafe deserialization in the 'node-serialize' library to execute arbitrary code. The payload injects a function that spawns a child process to execute the 'ls /' command, demonstrating remote code execution (RCE).

This exploit leverages a deserialization vulnerability in the 'node-serialize' package (version 0.0.4) to achieve remote code execution. It injects a malicious payload into a serialized object, which, when deserialized, executes arbitrary commands, including a reverse shell.

This exploit leverages unsafe deserialization in the 'node-serialize' library (version 0.0.4) to achieve remote code execution by embedding a malicious function in a serialized object. The payload spawns a web server on port 443 that executes system commands via HTTP queries.