About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

The Secret Parameter, LFR, and Potential RCE in NodeJS Apps - 373

CaptainFreakPosted 5 Years Ago
  • Handlebars is a server-side rendering tool for web services that is commonly used. NodeJS is a backend server that can be written in JavaScript.
  • The handlebar commonly accepts a load of JavaScript in order to remove the templating and add explicit values. However, one of these files allows for the controlling of an arbitrary file name, but not the extension. Using this, data could be exfiltrated from the system from handlebars.
  • Because of the template injection in handlebars, it would be possible to get the templating engine to execute arbitrary code. Using this, it is possible to get RCE with older versions of handlebars.
  • An additional threat to this attack is prototype pollution of the layout option itself. So, fixing this vulnerability requires help from the developers of handlebars and the developers of individual applications to cooperate too.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed