Exploiting Node.js Deserialization Bug for Remote Code Execution

tl;dr Untrusted data passed into unserialize() function in node-serialize module can be exploited to achieve arbitrary code execution by passing a serialized JavaScript Object with an Immediately invoked function expression (IIFE). The Bug During a Node. Read more

Read full article

Similar

Graphical – Draw dynamic graphics straight to the browser from Node.js

graphical - Draw dynamic graphics straight to the browser from NodeJS. (more…)

Using Node.js Event Loop for Timing Attacks

A little over 3 years ago, a few friends and I started a group called pasten to participate in the Chaos Computer Club's Capture The Flag (CTF) competition. It is a jeopardy style CTF, where the participating teams need to solve security related challenge... (more…)

Plug-and-play module to start accepting Bitcoins (Node.js)

Allow your service to receive/accept bitcoin payments directly from the bitcoin P2P network. (more…)

Node.js REST API / Auth from Scratch

A boilerplate for Node.js apps / Rest API / Authentication from scratch - express, mongodb (mongoose). - watscho/express-mongodb-rest-api-boilerplate... (more…)

Web Bos’s Learn Node Course ReviewithExperience

One of the signature features of webpack is its use of the “dependency graph” to manage and bundle assets. However, each resource that is loaded into webpack must be treated as JavaScript. Until now. (more…)

Latest News

Swift Calling Conventions on ARM64: Float / Double

Solving a 1600-point codeforces: Good Subarrays with Python and JavaScript

Intel 14 Nm Node Compared to TSMC’s 7 Nm Node Using Scanning Electron Microscope