Maybe not a lot of interest in this due to complexity of deploying/configuring ModSecurity, combined w/absence of nodebb stack specific rulesets. Security is difficult so not much can be done about the deploy/config aspects but ModSecurity devs are starting to focus some efforts on the latter.
For those interested, and willing to roll up their sleeves, development of node.js targeted attack ruleset is slated for next release of OWASP CRS, scheduled for Sept. 2019. More info here:
Libraries performing insecure unserialization: node-serialize: _$$ND_FUNC$$_ (CVE-2017-5941) funcster: __js_function See: https://opsecx.com/index.php/2017/02/08/exploiting-node-js-deserialization-bug-for-remote-code-execution/ https://www.acunetix.com/blog/web-security-zone/deserialization-vulnerabilities-attacking-deserialization-in-js/ Some generic snippets used: function() { new Function( eval( String.fromCharCode( Last two are used by nodejsshell.py, https://github.com/ajinabraham/Node.Js-Security-Course/blob/master/nodejsshell.py As base64 is sometimes (but not always) used to encode serialized values, use multiMatch and t:base64decode.
faviconGitHub (github.com)
P.S.; Obviously ModSecurity can be deployed on Apache setups as well but my sense is that Nginx is the overwhelming favorite w/the nodebb community and I didn't want to start a new thread.
