some fixes and add exec/rce vulnerability

Author: netcode

index.js

@@ -9,5 +9,9 @@ const port = 300
 app.get('/', (req, res) => res.send('Hello World!'))
 
 app.use('/xss', require('./vulnerabilities/xss'));
+app.use('/sqli', require('./vulnerabilities/sqli'));
+app.use('/nosqli', require('./vulnerabilities/nosqli'));
+app.use('/exec', require('./vulnerabilities/exec'));
+
 
 app.listen(port, () => console.log(`Example app listening at http://localhost:${port}`))

vulnerabilities/exec.js

@@ -0,0 +1,39 @@
+const express = require('express');
+const router = express.Router()
+
+const { exec, spawn }  = require('child_process');
+
+
+router.post('/ping', (req,res) => {
+    exec(`${req.body.url}`, (error, stdout, stderr) => {
+        if (error) {
+            return res.send('error');
+        }
+        res.send('pong')
+    })
+    
+})
+
+router.post('/gzip', (req,res) => {
+    exec(
+        'gzip ' + req.query.file_path,
+        function (err, data) {
+          console.log('err: ', err)
+          console.log('data: ', data);
+          res.send('done');
+    });
+})
+
+router.get('/run', (req,res) => {
+   let cmd = req.params.cmd;
+   runMe(cmd,res)
+});
+
+function runMe(cmd,res){
+//    return spawn(cmd);
+
+    const cmdRunning = spawn(cmd, []);
+    cmdRunning.on('close', (code) => {
+        res.send(`child process exited with code ${code}`);
+    });
+}

vulnerabilities/lib/db.js

@@ -1,15 +1,6 @@
-const config = require('../../config')
-var mysql      = require('mysql');
-var connection = mysql.createConnection({
-  host     : config.MYSQL_HOST,
-  port     : config.MYSQL_PORT,
-  user     : config.MYSQL_USER,
-  password : config.MYSQL_PASSWORD,
-  database : config.MYSQL_DB_NAME,
-});
- 
+
 
 module.exports.getConnection = function(){
-    connection.connect();
+    
     return connection;
 };

vulnerabilities/nosqli.js

@@ -37,7 +37,8 @@ router.post('/customers/find', async (req, res) => {
     const db = client.db(config.MONGODB_DB_NAME);
     const customers = db.collection("customers")
 
-    let myobj = { name: req.body.name };
+    let name = req.body.name
+    let myobj = { name: name };
     customers.findOne(myobj, function (err, result) {
         if (err) throw err;
         db.close();

vulnerabilities/sqli.js

@@ -1,10 +1,17 @@
 const express = require('express');
 const router = express.Router()
 
-const database = require('./db');
-const connection = database.getConnection();
-
-
+const config = require('../../config')
+const mysql      = require('mysql');
+const connection = mysql.createConnection({
+  host     : config.MYSQL_HOST,
+  port     : config.MYSQL_PORT,
+  user     : config.MYSQL_USER,
+  password : config.MYSQL_PASSWORD,
+  database : config.MYSQL_DB_NAME,
+});
+ 
+connection.connect();
 
 router.get('/example1/user/:id', (req,res) => {
     let userId = req.params.id;