New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Server Side JS Injection #8

Open
codelion opened this Issue Jul 3, 2014 · 0 comments

Comments

Projects
None yet
1 participant
@codelion

codelion commented Jul 3, 2014

A server side JS injection is possible in wepl.

The problem is with the following code in wepl.js file

 with(global) {result = util.inspect(eval(req.query.methodBody), true, 3)};

In above code eval() is called on untrusted user input from request query. Just passing the following to the application will lead to shutting it down.

?methodBody=process.exit()

In addition you can access the file system and delete any file on the server using

res.end(require('fs').readFileSync(filename))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment