This project will demonstrate how an imported npm package (mocked within the exploit directory), acting as Express middleware, can spawn a child process and execute arbitrary commands sent from an attacker. The result of the executed command will be sent back to the client in the http response.
npm installin bothserverandexploit.npm startinserver- Construct a GET request with a header called
secretcontaining the valuetestP@ss123 - Send GET request to
http://localhost:3000/with your desired command set as a query string param (e.g.http://localhost:3000/?cmd=ls ~) - Inspect http response