Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-29078 PoC — Github ejs 代码注入漏洞

Source
https://github.com/chuckdu21/CVE-2022-29078
Associated Vulnerability
Title:Github ejs 代码注入漏洞 (CVE-2022-29078)
Description:The ejs (aka Embedded JavaScript templates) package 3.1.6 for Node.js allows server-side template injection in settings[view options][outputFunctionName]. This is parsed as an internal option, and overwrites the outputFunctionName option with an arbitrary OS command (which is executed upon template compilation).
Description
PoC for CVE-2022-29078
Readme
# CVE-2022-29078
Simple PoC for CVE-2022-29078 (vuln ejs 3.1.6)

## Usage
```
git clone https://github.com/chuckdu21/CVE-2022-29078.git
cd CVE-2022-29078
python3 CVE-2022-29078.py <URL>
```
A prompt will appear to execute commands

```
$ id
uid=0(root) gid=0(root) groupes=0(root)
```
File Snapshot

 [4.0K]  /data/pocs/79b65a376403c7a61c655ea9878de0c4ec7981eb
├── [ 457]  CVE-2022-29078.py
└── [ 285]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →