-
Notifications
You must be signed in to change notification settings - Fork 0
/
vulnerable.js
59 lines (52 loc) · 1.56 KB
/
vulnerable.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
const express = require('express');
const fs = require('fs');
const vm = require('vm');
const jwt = require('jsonwebtoken');
const app = express();
app.use(express.urlencoded({ extended: true }));
app.use(express.json());
// Insecure Deserialization
app.post('/deserialize', (req, res) => {
const serializedData = req.body.data;
try {
const deserializedData = JSON.parse(serializedData);
res.send(`Deserialized data: ${deserializedData}`);
} catch (e) {
res.status(400).send('Invalid data');
}
});
// Cross-Site Scripting (XSS)
app.get('/greet', (req, res) => {
const name = req.query.name;
res.send(`<h1>Hello, ${name}</h1>`);
});
// Insecure JWT Handling
app.post('/login', (req, res) => {
const user = { id: 1, username: req.body.username };
const token = jwt.sign(user, 'secretkey'); // Weak secret
res.json({ token });
});
// Unsafe File Operations
app.get('/read-file', (req, res) => {
const filename = req.query.filename;
fs.readFile(`/var/data/${filename}`, 'utf8', (err, data) => {
if (err) {
res.status(500).send('File read error');
return;
}
res.send(`File content: ${data}`);
});
});
// Server-Side JavaScript Injection
app.post('/execute', (req, res) => {
const code = req.body.code;
try {
const result = vm.runInNewContext(code, {});
res.send(`Execution result: ${result}`);
} catch (e) {
res.status(500).send('Execution error');
}
});
app.listen(3000, () => {
console.log('Server running on port 3000');
});