Skip to content

Commit

Permalink
Update README.md
Browse files Browse the repository at this point in the history
  • Loading branch information
bmdyy committed Mar 21, 2021
1 parent dba6188 commit e6712ac
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions .exploit/README.md
Expand Up @@ -9,7 +9,7 @@ The `username` parameter in `POST /register` is subject to blind NoSQL injection
The passwords used in this app are weak on purpose, any the hashes can be looked up using a site such as https://crackstation.net/

## Deserialization (RCE)
The draft feature uses a vulnerable node package (`node-serialize`), which is vulnerable to deserialization which lets an attacker run arbitrary commands.
The draft feature uses a vulnerable node package (`node-serialize`), which is vulnerable to arbitrary code execution.

- PoC: `...`
- Usage: `...`
- Usage: `...`

0 comments on commit e6712ac

Please sign in to comment.