Created
February 14, 2019 23:47
-
-
Save grmartin/8142c816393480fa5eb237ff9fbb8b60 to your computer and use it in GitHub Desktop.
Evaling in Node... on a server...
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
const express = require('express'); | |
const bodyParser = require('body-parser'); | |
const vm = require('vm'); | |
const app = express(); | |
const port = 3000; | |
app.use(bodyParser.text({type: 'bloody-insane/javascript'})); | |
app.post('/unsafe', (req, res) => { | |
return new Promise((resolve, reject) => { | |
const sandbox = { req:req, res:res, resolve:resolve, reject:reject }; | |
vm.createContext(sandbox); | |
vm.runInContext(req.body+'; resolve();', sandbox); | |
}); | |
}); | |
app.listen(port, () => console.log(`Example app listening on port ${port}!`)); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
POST /unsafe HTTP/1.1 | |
Content-Type: bloody-insane/javascript | |
Host: 127.0.0.1:3000 | |
Connection: close | |
User-Agent: Paw/3.1.8 (Macintosh; OS X/10.13.6) GCDHTTPRequest | |
Content-Length: 25 | |
res.send("meow").end(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
HTTP/1.1 200 OK | |
X-Powered-By: Express | |
Content-Type: text/html; charset=utf-8 | |
Content-Length: 4 | |
ETag: W/"4-fVwqLWE2+/FmIR1Rg79mIUokfzE" | |
Date: Thu, 14 Feb 2019 23:44:34 GMT | |
Connection: close | |
meow |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment