Scanner-One - Results

Topics

17 - Interesting user controlled variable

41 - RCE Javascript shelljs

42 - Framework Javascript express

62 - Sink Javascript jsonwebtoken

63 - Sink Javascript Angular Strict Contextual Escaping

64 - Sink Javascript Axios

101 - Language Javascript Common DOM Sources

102 - Rule Html Scan Javascript

104 - VID_INTERESTING_LANGUAGE_PHP_SERIALIZATION_ON_USER_CONTROLLED_DATA

109 - VID_LANGUAGE_JAVA_JACKSON

116 - VID_OS_NETWORK_WEB_REQUEST_JAVA_FRAMEWORK_SPRING

117 - VID_DOCUMENTATION_TODO

125 - VID_LANGUAGE_JAVA_JNI

132 - VID_LANGUAGE_PYTHON_OS

135 - VID_RULE_COMPUTE_PLUS

139 - VID_LANGUAGE_PHP

141 - VID_LANGUAGE_PHP_FRAMEWORK_SMARTY

166 - VID_MALWARE_DECOMPRESS_STATIC_STRING

100008 - Rule statement compute assignment

100009 - Rule Compute Dot

400012 - VID_INTERESTING_LANGUAGE_CRYPTO_WEAK_ALGORITHM_SHA1

400016 - Language Sql SELECT and user controlled

64 - Sink Javascript Axios

Links

https://github.com/axios/axios

Description

The Axios module allows you to do ajax calls with more comfort than the built-in modules.

Calling the .get, .post or other functions with user controlled data leads to a 'Server Side Request Forgery' security vulnerability.

Right

The URL is built up with a standard URL object. More code, but this pattern gives more safety.

 const axios = require('axios');
const url = new URL("https://www.example.moc/");

url.searchParams.append("city"    , "Amsterdam");
url.searchParams.append("location", saster_user_contolled);

axios.get(url.href)
  .then(function (response) {
    console.log(response);
  });

const axios = require('axios');

Wrong

 const axios = require('axios');
axios.get(saster_user_contolled)
  .then(function (response) {
    console.log(response);
  });

const axios = require('axios');