Subscribe via feed.

NodeJS Debugger Command Injection

Posted by deepcore on September 26, 2017 – 10:59 am

This Metasploit module uses the “evaluate” request type of the NodeJS V8 debugger protocol (version 1) to evaluate arbitrary JS and call out to other system commands. The port (default 5858) is not exposed non-locally in default configurations, but may be exposed either intentionally or via misconfiguration.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.