search

Jaagrav / CodeX-API

The new version of CodeX API with it's backend, a lot of you wanted me to make the backend opensource, now it's ready to receive contributions from you. Thanks for being patient, more languages coming soon, happy hacking!
https://codex.jaagrav.in/
MIT License
187 stars 64 forks source link

Remote code execution #42

Closed anweshandev closed 1 year ago

anweshandev commented 1 year ago

Hey I was actually analyzing the Codex API (which by the way is actually superb). While doing so one thing crossed my mind can I run this:

const testFolder = './';
const fs = require('fs');

fs.readdir(testFolder, (err, files) => {
  files.forEach(file => {
    console.log(file);
  });
});

I am not exactly about testFolder path, but I did put in something. When I executed the script it did give me the list of the contents (files & folders) in that directory. Now do the following:

// Instead of console.log(file); do
fs.unlinkSync(file)

I have a temporary solution for this too, using node >=20 with Experimental Permission Model. It also helps us decide where we can run exec. But this solution is not great, May be we have to first analyze the code making sure it is not accessing something it should not. Then go ahead and use some proper Linux resource permission etc.

It I get around will link a pull request.

Thanks Anweshan (hi@anweshan.dev) Office: me@anweshan.dev

anweshandev commented 1 year ago

By the way #37 is kind of awesome, but do try and also use Experimental Permission Model in addition.