Skip to content

Instantly share code, notes, and snippets.

@suk-6
Created May 16, 2023 10:42
Show Gist options
  • Save suk-6/e694d8092e71cd708b272b99fdd178be to your computer and use it in GitHub Desktop.
Save suk-6/e694d8092e71cd708b272b99fdd178be to your computer and use it in GitHub Desktop.
/* 라이브러리 등록 */
const express = require('express');
const dotenv = require('dotenv');
/* 환경 변수 등록 */
dotenv.config();
const app = express();
const FLAG = process.env.FLAG;
/* express 엔진 설정 등록 */
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.set('view engine', 'pug');
app.set('views', __dirname + '/views');
app.engine('pug', require('pug').__express);
/* 렌더링 해주는 함수 */
const render = (req, res, context) => {
req.app.render('calculator', context, (err, html) => {
if(err) {
console.error("An error has occurred while rendering the file.");
console.log(err);
}
else {
res.end(html);
}
});
}
/* 라우팅 등록 */
app.get('/', async (req, res) => {
console.log(`GET /\nip : ${req.connection.remoteAddress}`);
const context = { data : `간단한 계산기 입니다. 취약점을 활용하여 FLAG 를 획득하여보세요.` };
render(req, res, context);
});
app.get('/calculate', async (req, res) => {
console.log(`GET calculate\nip : ${req.connection.remoteAddress}`);
const context = { data : `간단한 계산기 입니다. 취약점을 활용하여 FLAG 를 획득하여보세요.` };
render(req, res, context);
});
app.post('/calculate', async (req, res) => {
console.log(`POST calculate\nip : ${req.connection.remoteAddress}\nbody : ${JSON.stringify(req.body, null, '\t')}`);
const format = req.body.format;
try {
const context = { data : format.indexOf("FLAG") != -1 ? "No Hack" : eval(format) };
render(req, res, context);
}
catch(e) {
const context = { data : "수식 에러" };
render(req, res, context);
}
});
/* 서버 시작 */
app.listen(process.env.PORT, async (req, res) => {
console.log(`Opened website on http://localhost:${process.env.PORT} !`);
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment