CVE-2022-32223 PoC — Node.js 代码问题漏洞

Source

https://github.com/ianyong/cve-2022-32223

Associated Vulnerability

Title:Node.js 代码问题漏洞 (CVE-2022-32223)
Description:Node.js是一个开源、跨平台的 JavaScript 运行时环境。 Node.js存在代码问题漏洞。攻击者利用该漏洞将恶意文件`providers.dll`放置在多个路径下。

Readme

# CVE-2022-32223

Source files for generating a demonstration exploit of [CVE-2022-32223](https://nvd.nist.gov/vuln/detail/CVE-2022-32223):

> Node.js is vulnerable to Hijack Execution Flow: DLL Hijacking under certain conditions on Windows platforms.
> This vulnerability can be exploited if the victim has the following dependencies on a Windows machine:
> * OpenSSL has been installed and “C:\Program Files\Common Files\SSL\openssl.cnf” exists.
>
> Whenever the above conditions are present, `node.exe` will search for `providers.dll` in the current user directory.
> After that, `node.exe` will try to search for `providers.dll` by the DLL Search Order in Windows.
> It is possible for an attacker to place the malicious file `providers.dll` under a variety of paths and exploit this vulnerability.

File Snapshot


 [4.0K]  /data/pocs/ad809ae18d102d8d6cbd358f58c1b980ef081bab
├── [4.0K]  npm-package
│   ├── [ 354]  package.json
│   └── [ 692]  README.md
├── [4.0K]  payload
│   ├── [ 433]  providers.cpp
│   └── [ 665]  README.md
└── [ 807]  README.md

2 directories, 5 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!