Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

NodeJS remote file upload vulnerability

Tags:

security

node.js

websecurity

i'm trying to learn NodeJS pentesting process i have a found a remote file upload vulnerability in a Nodejs website ,can i upload a remote shell in NodeJS , like we do in PHP or ASPX and execute command ? can i upload a NodeJS shell.js and execute unix command in the server from this shell ?

like image 462
Mourad Avatar asked Jan 18 '26 09:01

Mourad

1 Answers

Not sure if this is what you're looking for, but if you have the ability to upload a NodeJS script to a server and execute it, then yes, you can run shell commands using child_process.exec (see here for a similar question/answer).

like image 96
Dykotomee Avatar answered Jan 20 '26 03:01

Dykotomee
Sign in to Comment

Related questions

Pre-built binaries not found for [email protected] and [email protected]
Move an array element from one array position to another (mongo)
Playwright how to wait for locator that matches multiple elements to not be visible
How to send image as response in node js
How to render HTML tags sent as Node JS variable in EJS?
WebSocket connection to 'wss://api.example.com/ws' failed: Error during WebSocket handshake: Unexpected response code: 404
Could not download Node.js from: https://nodejs.org/dist/v6.11.3/x64/node.exe: Got error code 404 from the server
How to make Node.js handle multiple requests efficiently?
mongoose remove an object from a nested array
Flash Messages in Jade
mongoose - how do I get the elements removed from $pull
Is NPM - node-soap support WsHttpBinding?
How to get high quality html snapshot image by PhantomJs?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!