Share
## https://sploitus.com/exploit?id=AF849EF6-212A-51D7-9F4B-396D7EC2CD6D
# Node.js Web Server Exploit PoC

Node.js μ›Ήμ„œλ²„μ—μ„œ λ°œμƒν•  수 μžˆλŠ” λ³΄μ•ˆ 취약점 PoC(Proof of Concept)

## Disclaimer

이 λ¦¬ν¬μ§€ν† λ¦¬μ˜ λͺ¨λ“  μ½”λ“œλŠ” ν•™μŠ΅ λͺ©μ μœΌλ‘œλ§Œ μ‚¬μš©λ˜μ–΄μ•Ό ν•˜λ©°, μ‹€μ œ 곡격에 μ‚¬μš©ν•΄μ„œλŠ” μ•ˆ λ©λ‹ˆλ‹€. 이 μ½”λ“œλ₯Ό μ‚¬μš©ν•˜μ—¬ λ°œμƒν•˜λŠ” λͺ¨λ“  법적 λ¬Έμ œμ— λŒ€ν•΄μ„œλŠ” μ±…μž„μ„ μ§€μ§€ μ•ŠμŠ΅λ‹ˆλ‹€.

## 곡격 μœ ν˜•

μ·¨μ†Œμ„ μ΄ κ·Έμ–΄μ ΈμžˆλŠ” 곡격 μœ ν˜•μ€ μΆ”ν›„ 좔가될 μ˜ˆμ •μž…λ‹ˆλ‹€.

- ~~**Directory Traversal**: μ„œλ²„μ˜ 파일 μ‹œμŠ€ν…œμ„ νƒμƒ‰ν•˜μ—¬ λ―Όκ°ν•œ νŒŒμΌμ— μ ‘κ·Όν•˜λŠ” 곡격~~
- **Prototype Pollution**: JavaScript 객체의 ν”„λ‘œν† νƒ€μž…μ„ μ‘°μž‘ν•˜μ—¬ μ• ν”Œλ¦¬μΌ€μ΄μ…˜μ˜ λ™μž‘μ„ λ³€κ²½ν•˜λŠ” 곡격
- ~~**Cross-Site Scripting (XSS)**: μ•…μ„± 슀크립트λ₯Ό μ‚½μž…ν•˜μ—¬ μ‚¬μš©μžμ˜ λΈŒλΌμš°μ €μ—μ„œ μ‹€ν–‰ν•˜λŠ” 곡격~~
- ~~**SQL Injection**: SQL 쿼리λ₯Ό μ‘°μž‘ν•˜μ—¬ λ°μ΄ν„°λ² μ΄μŠ€μ— μ ‘κ·Όν•˜κ±°λ‚˜ μ‘°μž‘ν•˜λŠ” 곡격~~
- ~~**Command Injection**: μ‹œμŠ€ν…œ λͺ…λ Ήμ–΄λ₯Ό μ‚½μž…ν•˜μ—¬ μ„œλ²„μ—μ„œ λͺ…령을 μ‹€ν–‰ν•˜λŠ” 곡격~~
- ~~**Denial of Service (DoS)**: μ„œλ²„λ₯Ό κ³ΌλΆ€ν•˜ μƒνƒœλ‘œ λ§Œλ“€μ–΄ 정상적인 μ„œλΉ„μŠ€ μ œκ³΅μ„ λ°©ν•΄ν•˜λŠ” 곡격~~
- ~~**Information Disclosure**: μ„œλ²„μ˜ λ―Όκ°ν•œ 정보λ₯Ό λ…ΈμΆœμ‹œν‚€λŠ” 곡격~~
- ~~**Cross-Site Request Forgery (CSRF)**: μ‚¬μš©μžμ˜ 인증 정보λ₯Ό μ΄μš©ν•˜μ—¬ μ•…μ˜μ μΈ μš”μ²­μ„ λ³΄λ‚΄λŠ” 곡격~~
- ~~**Server-Side Request Forgery (SSRF)**: μ„œλ²„κ°€ λ‹€λ₯Έ μ„œλ²„μ— μš”μ²­μ„ 보내도둝 μœ λ„ν•˜μ—¬ λ‚΄λΆ€ λ„€νŠΈμ›Œν¬ 정보λ₯Ό λ…ΈμΆœμ‹œν‚€λŠ” 곡격~~