-
-
Save ChALkeR/e0ecbd396e1c9c649a89 to your computer and use it in GitHub Desktop.
4.1.0 data leak, server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// First, create an empty file `emptyFile`. You could do that with `touch emptyFile`. | |
var http = require('http'); | |
var fs = require('fs'); | |
function doSomethingWithData(data, c) { | |
setTimeout(c, 100); | |
} | |
http.createServer(function(req, res) { | |
// This represents one endpoint | |
if (req.url === '/file1') { | |
// We must have an empty file on the server that is readed when doing something | |
fs.readFile('emptyFile', function(err, data) { | |
doSomethingWithData(data, function() { | |
res.write('done'); | |
res.end(); | |
}); | |
}); | |
return; | |
} | |
// This represents an endpoint that receives data | |
if (/^\/stuff\//.test(req.url)) { | |
req.on('data', function (chunk) {}); | |
req.on('end', function() { | |
res.end(); | |
}); | |
return; | |
} | |
// This represents another endpoint | |
if (/^\/token\//.test(req.url)) { | |
var x = new Uint8Array(1000); | |
if (req.url !== '/token/invalid') { | |
x.fill(42); // fill x with something for valid stuff | |
} // else do nothing for invalid stuff, but that's ok, correct? Nothing could go wrong. There are zeroes there! | |
res.write(x.toString()); | |
res.end(); | |
return; | |
} | |
res.end(); | |
}).listen(7777); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment