forked from mureinik/owasp-top10-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
xss.js
46 lines (40 loc) · 1.34 KB
/
xss.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
'use strict';
const sqlite = require('sqlite3');
const db = new sqlite.Database(':memory:');
db.run('CREATE TABLE comments(ts TIMESTAMP DEFAULT CURRENT_TIMESTAMP, comment TEXT)');
const express = require('express');
const app = express();
app.use(express.urlencoded({extended: true}));
app.get('/xss', function (req, res) {
db.all('SELECT comment FROM comments ORDER BY ts DESC', [], function(err, rows) {
const comments = rows.map(r => r.comment).join('<br/>');
const body =
`<html lang="en">
<body>
How is DevConf.US so far?<br/>
<form action="/xss" method="post">
<input name="comment" type="text"> <input type="submit">
</form>
<br/>
Here's what others are saying:<br/>
${comments}
</body>
</html>`;
res.send(body);
});
});
app.post('/xss', function (req, res) {
db.run('INSERT INTO comments(comment) VALUES (?)',
[req.body.comment],
function (err) {
if (err) {
return console.log(err.message);
}
});
res.writeHead(302, {
'Location': 'xss'
});
res.end();
});
const port = 3000;
app.listen(port, () => console.log(`Example app listening at http://localhost:${port}`));