admin/nuclei-templates
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei-templates.git synced 2026-02-01 00:03:39 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
a4e11c2f2fd7c9f4c357b525eeeb6ee00a8df3aa
nuclei-templates/file/nodejs/tar-path-overwrite.yaml
ghost 5f08fc26d3 chore: sign templates 🤖
2024-12-01 13:57:55 +00:00

20 lines
849 B
YAML
Raw Blame History

id: tar-extraction
info:
name: Path Injection Vulnerability in TAR Extraction
author: me_dheeraj (https://twitter.com/Dheerajmadhukar)
severity: info
description: Insecure TAR archive extraction can result in arbitrary path over write and can result in code injection.
tags: file,nodejs
file:
- extensions:
- all
matchers:
- type: regex
regex:
- "require\\('tar-stream'\\)"
- "[\\w\\W]+?\\.createWriteStream\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFile\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
- "[\\w\\W]+?\\.writeFileSync\\([\\w\\W]*?\\, [\\w\\W]*?\\)"
condition: or
# digest: 4a0a00473045022100f8dfeaaf606976931effe9fe032866cd4afcff3989fbc9caa38ad9fbbfa634da02201e46d8c4d5b9b19945f9376512be2ccbfcce5f35a22297845e97d8c1bfabd10b:922c64590222798bb761d5b6d8e72950
Reference in New Issue View Git Blame Copy Permalink