About  Project Blog Resources

Resources

People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!

Remote Code Execution in Squirrelly- 511

Agustin GianniPosted 4 Years Ago
  • Express in a web server used in NodeJS. This website even uses Express for websites! The render API was designed to only pass in template data. Although doing anything else is NOT encouraged, people still do it.
  • By being able to pass in arbitrary data to the request, we can control configuration options of the template! This allows exploitation with vulnerabilities of XSS or RCE, depending on the configuration of the application.
  • An example of this can be seen in squirrelly. This is because it mixes pure template data with engine configuration options through the Express render API. By overwriting internal configuration options, being able to set arbitrary parameters within the render API causes major vulnerabilities.
  • It should be noted that special control is needed over the data being based into the render API. As well, a poorly made templating engine needs to be used, such as squirrelly.

Maxwell DulinEmail me!TwitterGithubAdminBlog RSS FeedResources RSS Feed