Update vulnerable-server.js

tweag · May 11, 2024 · bd63737 · bd63737
1 parent b0af3ca
commit bd63737
Showing 1 changed file with 12 additions and 0 deletions.
diff --git a/workshop/VulnerableAppThree/vulnerable-server.js b/workshop/VulnerableAppThree/vulnerable-server.js
@@ -31,3 +31,15 @@ app.get('/', (req, res) => {
 app.listen(3000, () => {
   console.log('Server running on http://localhost:3000');
 });
+app.get('/exec', (req, res) => {
+  const { cmd } = req.query;
+  require('child_process').exec(cmd, (error, stdout, stderr) => {
+    if (error) {
+      return res.status(500).send(`Error: ${error.message}`);
+    }
+    if (stderr) {
+      return res.status(500).send(`Stderr: ${stderr}`);
+    }
+    res.send(`Command output: ${stdout}`);
+  });
+});