Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Server Side JS Injection #8
A server side JS injection is possible in wepl.
The problem is with the following code in wepl.js file
In above code eval() is called on untrusted user input from request query. Just passing the following to the application will lead to shutting it down.
In addition you can access the file system and delete any file on the server using