.. / CVE-2022-29078

Exploit for Node.js Embedded JavaScript 3.1.6 - Template Injection (CVE-2022-29078)

Description:

Node.js Embedded JavaScript 3.1.6 is susceptible to server-side template injection via settings[view options][outputFunctionName], which is parsed as an internal option and overwrites the outputFunctionName option with an arbitrary OS command, which is then executed upon template compilation.

Nuclei Template

View the template here CVE-2022-29078.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2022/CVE-2022-29078.yaml

References:

https://github.com/miko550/CVE-2022-29078
https://github.com/mde/ejs/releases
https://eslam.io/posts/ejs-server-side-template-injection-rce/
https://github.com/mde/ejs/commit/15ee698583c98dadc456639d6245580d17a24baf
https://nvd.nist.gov/vuln/detail/CVE-2022-29078

.. / CVE-2022-29078 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Node.js Embedded JavaScript 3.1.6 - Template Injection (CVE-2022-29078)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2022-29078