• Close
  • Displaying entries 1 - 10 of 81588 in total

    Bassmaster Batch Arbitrary JavaScript Injection Remote Code Execution Exploit

    Disclosed: November 01, 2016

    This module exploits an un-authenticated code injection vulnerability in the bassmaster nodejs plugin for hapi. The vulnerability is within the batch endpoint and allows an attacker to dynamically execute JavaScript code on the server side using an eval. Note that the code uses a '\x2f' character so that we hit the match...