Several days ago I noticed a blog post on the opsecx blog talking about exploiting a RCE (Remote Code Execution) bug in a nodejs module called node-serialize. The blog post explains pretty clearly what’s wrong with the module in question but one thing that strikes me is how complex the exploitation process was with Burp. No offence to Burp – it is a great tool – but I think we can do better.

Source : Hacking Node Serialize

Publicités