Subscribe via feed.

Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution

Posted by deepcore on October 31, 2016 – 11:54 pm

This Metasploit module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a ‘x2f’ character so that we hit the match on the regex.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.


« »