This project will demonstrate how an imported npm package (mocked within the exploit
directory), acting as Express middleware, can spawn a child process and execute arbitrary commands sent from an attacker. The result of the executed command will be sent back to the client in the http response.
npm install
in bothserver
andexploit
.npm start
inserver
- Construct a GET request with a header called
secret
containing the valuetestP@ss123
- Send GET request to
http://localhost:3000/
with your desired command set as a query string param (e.g.http://localhost:3000/?cmd=ls ~
) - Inspect http response