Merge pull request #496 from 418sec/4-npm-systeminformation

Security Fix for Server-site request forgery - huntr.dev
sebhildebrandt · Feb 20, 2021 · 881dde4 · 881dde4
2 parents e561cc0 + 0e03d7c
commit 881dde4
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 0 deletions.
diff --git a/lib/poc.js b/lib/poc.js
@@ -0,0 +1,22 @@
+let si = require('./internet');
+si.inetChecksite([]).then((a) => {
+  if (a.ok == false)
+    console.log("inetChecksite is fixed!")
+  else
+    console.log("inetChecksite is not fixed!")
+});
+
+
+si.inetLatency([]).then((a) => {
+  if (a == null)
+    console.log("inetLatency is fixed!")
+  else
+    console.log("inetLatency is not fixed!")
+});
+si = require('./processes');
+si.services([]).then((a) => {
+  if (typeof a == typeof [])
+    console.log("services is fixed!")
+  else
+    console.log("services is not fixed!")
+});
diff --git a/lib/util.js b/lib/util.js
@@ -529,6 +529,7 @@ function sanitizeShellString(str, strict = false) {
       s[i] === '\'' ||
       s[i] === '`' ||
       s[i] === '"' ||
+      strict && s[i] === '@' ||
       strict && s[i] === ' ' ||
       strict && s[i] == '{' ||
       strict && s[i] == ')')) {