-
Notifications
You must be signed in to change notification settings - Fork 16
Expand file tree
/
Copy pathserver.js
More file actions
74 lines (70 loc) · 2.12 KB
/
server.js
File metadata and controls
74 lines (70 loc) · 2.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
var http = require('http');
const PORT = 8000;
const parseQueryString = str => str
.split('&')
.map(pair => {
const idx = pair.indexOf('=');
if (idx === -1) return null;
return [pair.substr(0, idx), pair.substr(idx+1)];
})
.reduce((acc, kvp) => {
if (kvp !== null) acc[unescape(kvp[0])] = unescape(kvp[1]);
return acc;
}, {});
console.log(`Serving on http://localhost:${PORT}, press ctrl+c to stop`);
http.createServer((req, res) => {
if (req.method === 'POST') {
const body = [];
req.on('data', chunk => {
body.push(chunk);
}).on('end', () => {
var data = parseQueryString(Buffer.concat(body).toString()).data;
data = new Buffer(data, 'base64').toString('ascii');
data = parseQueryString(data).input;
// add a fictitious input vulnerability
if (data !== undefined && data.indexOf('|') !== -1) {
res.writeHead(500, {'Content-Type': 'text/html'});
res.end("Error: Unexpected pipe");
} else {
res.writeHead(200, {'Content-Type': 'text/html'});
res.end(`Input received: ${data}`);
}
});
} else {
res.writeHead(200, {'Content-Type': 'text/html'});
res.end(`
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<head runat="server">
<title>Demo</title>
<script type="text/javascript">
function submitform()
{
var input = document.forms[0].input.value;
input = "input=" + input + "&time=" + new Date().getTime();
input = btoa(input);
document.forms[1].data.value = input;
}
</script>
</head>
<body>
<!--
Page generated by: WienerCMS
Location: //10.4.12.240/apps/public/
Author: DEV_ADMIN\gthompson
-->
<form>
Input: <input type="text" name="input" />
</form>
<br />
<form method="post" onsubmit="submitform()">
<input type="hidden" name="data" />
<input type="submit" value="Submit" />
</form>
<br />
<div id="output" runat="server"></div>
</body>
</html>
`);
}
}).listen(PORT, 'localhost');