-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.js
More file actions
34 lines (28 loc) · 1.15 KB
/
auth.js
File metadata and controls
34 lines (28 loc) · 1.15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
// auth.js - Authentication module with intentional vulnerabilities for testing
const mysql = require('mysql');
const crypto = require('crypto');
function authenticateUser(username, password) {
// SQL Injection vulnerability
const query = "SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'";
db.query(query, (err, results) => {
if (results.length > 0) {
// Weak crypto
const token = crypto.createHash('md5').update(username + Date.now()).digest('hex');
// XSS vulnerability
document.getElementById('welcome').innerHTML = 'Welcome ' + username;
return token;
}
});
}
// Command injection
const exec = require('child_process').exec;
function logUserActivity(userId, action) {
exec('echo "User ' + userId + ' performed ' + action + '" >> /var/log/app.log');
}
// Path traversal
const fs = require('fs');
function getUserProfile(filename) {
const profilePath = '/profiles/' + filename;
return fs.readFileSync(profilePath, 'utf8');
}
module.exports = { authenticateUser, logUserActivity, getUserProfile };