Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Please review the code and return a brief report on all vulnerabilities discovered. There may be multiple vulnerabilities in each, so ensure your answers are thorough.
- CODE 1)
- var http = require('http');
- var url = require('url');
- var server = http.createServer(function (request, response) {
- var queryData = url.parse(request.url, true).query;
- response.writeHead(200, {"Content-Type": "text/html"});
- if (queryData.name) {
- response.end('<input type="button" value="'+queryData.name+'">\n');
- } else {
- response.end("Hello World\n");
- }
- });
- server.listen(8081);
- CODE 2)
- var http = require('http');
- var needle = require('needle');
- var express = require('express');
- var app = express();
- var commandLineArgs = require('command-line-args');
- var cli = [
- { name: 'port', alias: 'p', type: Number, defaultOption:80 }
- ]
- var options = commandLineArgs(cli)
- app.get('/', function(request, response){
- var params = request.params;
- var url = request.query['url'];
- if (request.query['mime'] == 'plain'){
- var mime = 'plain';
- } else {
- var mime = 'html';
- };
- console.log('New request: '+request.url);
- needle.get(url, { timeout: 3000 }, function(error, response1) {
- if (!error && response1.statusCode == 200) {
- response.writeHead(200, {'Content-Type': 'text/'+mime});
- response.write('<h1>Welcome</h1>\n\n');
- response.write('<h2>I am an application. I want to be useful, so I requested: <font color="red">'+url+'</font> for you\n</h2><br><br>\n\n\n');
- console.log(response1.body);
- response.write(response1.body);
- response.end();
- } else {
- response.writeHead(404, {'Content-Type': 'text/'+mime});
- response.write('<h1>Welcome</h1>\n\n');
- response.write('<h2>I wanted to be useful, but I could not find: <font color="red">'+url+'</font> for you\n</h2><br><br>\n\n\n');
- response.end();
- console.log('error')
- }
- });
- })
- if (options.port) {
- var port = options.port
- } else {
- var port = 80
- }
- app.listen(port);
- console.log('\n##################################################')
- console.log('#\n# Server listening for connections on port:'+port);
- console.log('#\n##################################################')
- CODE 3)
- private class MyWebViewClient extends WebViewClient {
- private String mLastRequestMethod = "GET";
- private String sInterceptHeader;
- public String getInterceptHeader() {
- if (sInterceptHeader == null) {
- InputStream inputStream = Application.self().getResources().openRawResource(R.raw.post_interceptor);
- sInterceptHeader = readTextFile(inputStream);
- sInterceptHeader = StringUtils.readInputStream(Resources.getSystem().openRawResource(R.raw.post_interceptor));
- }
- return sInterceptHeader;
- }
- private String readTextFile(InputStream inputStream) {
- ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- byte buf[] = new byte[1024];
- int len;
- try{
- while ((len = inputStream.read(buf)) != -1) {
- outputStream.write(buf, 0, len);
- }
- outputStream.close();
- inputStream.close();
- } catch (IOException e) {}
- return outputStream.toString();
- }
- @Override
- public void onReceivedSslError(WebView view, SslErrorHandler handler, SslError error) {
- handler.proceed();
- }
- @Override
- public WebResourceResponse shouldInterceptRequest(WebView view, WebResourceRequest request) {
- if (mLastRequestMethod.equals("POST")) {
- ...
- } else if (mLastRequestMethod.equals("GET")) {
- ...
- }
- return super.shouldInterceptRequest(view, request);
- }
- ...
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement