Maybe you've heard of Shellshock? I didn't quite understand it, so I decided to model it using Node.js!
- server.js A little server that tries to write URL querystring key
somevaldirectly to an environment variable before using it in anechostatement to write a log. - attacker.js An attack script for exploiting this vulnerability.
- index.js A runner script to start the server listening and fire off the attack.
PORT=3001 node index.js
Try not to do anything evil with this knowledge. I know I will.