adding loop bound injection

Author: netcode

vulnerabilities/exec.js

@@ -36,4 +36,6 @@ function runMe(cmd,res){
     cmdRunning.on('close', (code) => {
         res.send(`child process exited with code ${code}`);
     });
-}
+}
+
+module.exports = router

vulnerabilities/lib/db.js

@@ -0,0 +1,19 @@
+const express = require('express');
+const router = express.Router()
+
+
+router.post("/list-users", (req, res) => { 
+    var obj = req.body.users;
+    var someArr = [];
+
+    // Potential DoS if obj.length is large.
+    for (var i = 0; i < obj.length; i++) { 
+        someArr.push(obj[i]);
+    } 
+
+    //doing something with the code
+    res.send(someArr.join(','));
+});
+
+
+module.exports = router