Skip to content

slvignesh05/RCE-NPM

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
public/images
public/images
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
package.json
package.json
 
 
payload.js
payload.js
 
 

Repository files navigation

RCE-NPM

A touch of security

RCE? Postinstall?

Not your cup of tea?(mine too)

This Repo has Code to open Calculator Once when someone runs

npm install git+https://github.com/slvignesh05/RCE-NPM.git

Remote Code Execute Sire?

Yes.(RCE ya)

rce

Package.json

"name":vul_name
"version":0.2.2
"scripts":{
     "postinstall": "node payload.js"
}

Here the postinstall triggers the code on payload.js to run malicious code(in this example to open Calculator)

About

A touch of security

Resources

Readme

License

Apache-2.0 license
Activity

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages