├── .browserslistrc ├── .editorconfig ├── .gitignore ├── LICENSE ├── README.md ├── angular.json ├── docker-compose.yml ├── flag └── flag1.txt ├── image ├── database.png ├── lab1.png ├── lab2.png ├── lab3.png ├── lab4.png ├── lab5.png └── lab6.png ├── karma.conf.js ├── login └── passport.js ├── main.js ├── models ├── code.js └── user.js ├── package-lock.json ├── package.json ├── src ├── app │ ├── app-routing.module.ts │ ├── app.component.css │ ├── app.component.html │ ├── app.component.spec.ts │ ├── app.component.ts │ ├── app.module.ts │ ├── auth-guard.service.spec.ts │ ├── auth-guard.service.ts │ ├── auth.service.spec.ts │ ├── auth.service.ts │ ├── database.service.spec.ts │ ├── database.service.ts │ ├── initialization │ │ ├── initialization.component.css │ │ ├── initialization.component.html │ │ ├── initialization.component.spec.ts │ │ └── initialization.component.ts │ ├── lab1 │ │ ├── lab1.component.css │ │ ├── lab1.component.html │ │ ├── lab1.component.spec.ts │ │ └── lab1.component.ts │ ├── lab2 │ │ ├── lab2.component.css │ │ ├── lab2.component.html │ │ ├── lab2.component.spec.ts │ │ └── lab2.component.ts │ ├── lab3 │ │ ├── lab3.component.css │ │ ├── lab3.component.html │ │ ├── lab3.component.spec.ts │ │ └── lab3.component.ts │ ├── lab4 │ │ ├── lab4.component.css │ │ ├── lab4.component.html │ │ ├── lab4.component.spec.ts │ │ └── lab4.component.ts │ ├── lab5 │ │ ├── lab5.component.css │ │ ├── lab5.component.html │ │ ├── lab5.component.spec.ts │ │ └── lab5.component.ts │ ├── lab6 │ │ ├── lab6.component.css │ │ ├── lab6.component.html │ │ ├── lab6.component.spec.ts │ │ └── lab6.component.ts │ ├── login │ │ ├── login.component.css │ │ ├── login.component.html │ │ ├── login.component.spec.ts │ │ └── login.component.ts │ ├── overview │ │ ├── overview.component.css │ │ ├── overview.component.html │ │ ├── overview.component.spec.ts │ │ └── overview.component.ts │ └── register │ │ ├── register.component.css │ │ ├── register.component.html │ │ ├── register.component.spec.ts │ │ └── register.component.ts ├── assets │ ├── .gitkeep │ └── images │ │ ├── login.png │ │ └── profile.png ├── environments │ ├── environment.prod.ts │ └── environment.ts ├── favicon.ico ├── index.html ├── main.ts ├── polyfills.ts ├── styles.css └── test.ts ├── test.py ├── tsconfig.app.json ├── tsconfig.json └── tsconfig.spec.json /.browserslistrc: -------------------------------------------------------------------------------- 1 | # This file is used by the build system to adjust CSS and JS output to support the specified browsers below. 2 | # For additional information regarding the format and rule options, please see: 3 | # https://github.com/browserslist/browserslist#queries 4 | 5 | # For the full list of supported browsers by the Angular framework, please see: 6 | # https://angular.io/guide/browser-support 7 | 8 | # You can see what browsers were selected by your queries by running: 9 | # npx browserslist 10 | 11 | last 1 Chrome version 12 | last 1 Firefox version 13 | last 2 Edge major versions 14 | last 2 Safari major versions 15 | last 2 iOS major versions 16 | Firefox ESR 17 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # Editor configuration, see https://editorconfig.org 2 | root = true 3 | 4 | [*] 5 | charset = utf-8 6 | indent_style = space 7 | indent_size = 2 8 | insert_final_newline = true 9 | trim_trailing_whitespace = true 10 | 11 | [*.ts] 12 | quote_type = single 13 | 14 | [*.md] 15 | max_line_length = off 16 | trim_trailing_whitespace = false 17 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | <<<<<<< HEAD 2 | # See http://help.github.com/ignore-files/ for more about ignoring files. 3 | 4 | # compiled output 5 | /dist 6 | /tmp 7 | /out-tsc 8 | # Only exists if Bazel was run 9 | /bazel-out 10 | 11 | # dependencies 12 | /node_modules 13 | 14 | # profiling files 15 | chrome-profiler-events*.json 16 | 17 | # IDEs and editors 18 | /.idea 19 | .project 20 | .classpath 21 | .c9/ 22 | *.launch 23 | .settings/ 24 | *.sublime-workspace 25 | 26 | # IDE - VSCode 27 | .vscode/* 28 | !.vscode/settings.json 29 | !.vscode/tasks.json 30 | !.vscode/launch.json 31 | !.vscode/extensions.json 32 | .history/* 33 | 34 | # misc 35 | /.angular/cache 36 | /.sass-cache 37 | /connect.lock 38 | /coverage 39 | /libpeerconnection.log 40 | npm-debug.log 41 | yarn-error.log 42 | testem.log 43 | /typings 44 | 45 | # System Files 46 | .DS_Store 47 | Thumbs.db 48 | ======= 49 | # Logs 50 | logs 51 | *.log 52 | npm-debug.log* 53 | yarn-debug.log* 54 | yarn-error.log* 55 | lerna-debug.log* 56 | 57 | # Diagnostic reports (https://nodejs.org/api/report.html) 58 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 59 | 60 | # Runtime data 61 | pids 62 | *.pid 63 | *.seed 64 | *.pid.lock 65 | 66 | # Directory for instrumented libs generated by jscoverage/JSCover 67 | lib-cov 68 | 69 | # Coverage directory used by tools like istanbul 70 | coverage 71 | *.lcov 72 | 73 | # nyc test coverage 74 | .nyc_output 75 | 76 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 77 | .grunt 78 | 79 | # Bower dependency directory (https://bower.io/) 80 | bower_components 81 | 82 | # node-waf configuration 83 | .lock-wscript 84 | 85 | # Compiled binary addons (https://nodejs.org/api/addons.html) 86 | build/Release 87 | 88 | # Dependency directories 89 | node_modules/ 90 | jspm_packages/ 91 | 92 | # TypeScript v1 declaration files 93 | typings/ 94 | 95 | # TypeScript cache 96 | *.tsbuildinfo 97 | 98 | # Optional npm cache directory 99 | .npm 100 | 101 | # Optional eslint cache 102 | .eslintcache 103 | 104 | # Microbundle cache 105 | .rpt2_cache/ 106 | .rts2_cache_cjs/ 107 | .rts2_cache_es/ 108 | .rts2_cache_umd/ 109 | 110 | # Optional REPL history 111 | .node_repl_history 112 | 113 | # Output of 'npm pack' 114 | *.tgz 115 | 116 | # Yarn Integrity file 117 | .yarn-integrity 118 | 119 | # dotenv environment variables file 120 | .env 121 | .env.test 122 | 123 | # parcel-bundler cache (https://parceljs.org/) 124 | .cache 125 | 126 | # Next.js build output 127 | .next 128 | 129 | # Nuxt.js build / generate output 130 | .nuxt 131 | dist 132 | 133 | # Gatsby files 134 | .cache/ 135 | # Comment in the public line in if your project uses Gatsby and *not* Next.js 136 | # https://nextjs.org/blog/next-9-1#public-directory-support 137 | # public 138 | 139 | # vuepress build output 140 | .vuepress/dist 141 | 142 | # Serverless directories 143 | .serverless/ 144 | 145 | # FuseBox cache 146 | .fusebox/ 147 | 148 | # DynamoDB Local files 149 | .dynamodb/ 150 | 151 | # TernJS port file 152 | .tern-port 153 | >>>>>>> 3b3f20c22dbffa898c5e9411aa4dc2d3ec2c6276 154 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2021 Leihehe 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Node.js vulnerability labs 2 | 3 | **A vulnerable web application with defined vulnerabilities of Node.js.** 4 | 5 | **This application is implemented by Node.js+Angular+Mongoose(Mongodb)** 6 | 7 | ## Screenshots 8 | 9 | **There are currently 6 labs, previews are shown below** 10 | 11 | **Lab1** 12 | 13 | ![screenshot1](./image/lab1.png) 14 | 15 | **Lab2** 16 | 17 | ![screenshot2](./image/lab2.png) 18 | 19 | **Lab3** 20 | 21 | ![screenshot2](./image/lab3.png) 22 | 23 | **Lab4** 24 | 25 | ![screenshot2](./image/lab4.png) 26 | 27 | **Lab5** 28 | 29 | ![screenshot2](./image/lab5.png) 30 | 31 | **Lab6** 32 | 33 | ![screenshot2](./image/lab6.png) 34 | 35 | ## Install&Usage 36 | 37 | ### Method 1:Docker 38 | 39 | **Installation** 40 | 41 | `cd nodejs-vul-labs-main` 42 | 43 | `docker-compose up` 44 | 45 | **Run** 46 | 47 | Access the labs: http://localhost:8888 48 | 49 | ### Method 2:Local Installation 50 | 51 | **Required Environment** 52 | 53 | [Node.js](https://nodejs.org/en/download/) 54 | 55 | `npm install -g @angular/cli` 56 | 57 | [mongoDB](https://docs.mongodb.com/manual/administration/install-community/) 58 | 59 | **Installation** 60 | 61 | `cd nodejs-vul-labs-main` 62 | 63 | Download dependencies: `npm i` 64 | 65 | Generate UI:`ng build` 66 | 67 | **Usage:** 68 | 69 | First you need to launch mongoDB(`mongodb://localhost:27017`) 70 | 71 | `node main.js` 72 | 73 | Access the labs: http://localhost:8888 74 | 75 | ## Initialize the database 76 | 77 | If you are running this application for the first time, please first initialize the database. 78 | 79 | ![screenshot2](./image/database.png) 80 | 81 | ## Summary 82 | 83 | | Lab Name | Vulnerability | 84 | | --------------------------------------- | ---------------------------------------- | 85 | | Lab 1:Call Bomber | Command Injection | 86 | | Lab 2:Premium Content | NoSql injection | 87 | | Lab 3:The Website is Under Maintenance | JavaScript feature | 88 | | Lab 4:Voting System | JavaScript feature | 89 | | Lab 5:The Latest Premium Content | JavaScript prototype pollution | 90 | | Lab 6:Join Cybersecurity Team | HTTP parameter pollution+Node.js feature | 91 | -------------------------------------------------------------------------------- /angular.json: -------------------------------------------------------------------------------- 1 | { 2 | "$schema": "./node_modules/@angular/cli/lib/config/schema.json", 3 | "version": 1, 4 | "newProjectRoot": "projects", 5 | "projects": { 6 | "nodejsLabs": { 7 | "projectType": "application", 8 | "schematics": { 9 | "@schematics/angular:application": { 10 | "strict": true 11 | } 12 | }, 13 | "root": "", 14 | "sourceRoot": "src", 15 | "prefix": "app", 16 | "architect": { 17 | "build": { 18 | "builder": "@angular-devkit/build-angular:browser", 19 | "options": { 20 | "outputPath": "dist/nodejsLabs", 21 | "index": "src/index.html", 22 | "main": "src/main.ts", 23 | "polyfills": "src/polyfills.ts", 24 | "tsConfig": "tsconfig.app.json", 25 | "assets": [ 26 | "src/favicon.ico", 27 | "src/assets" 28 | ], 29 | "styles": [ 30 | "src/styles.css" 31 | ], 32 | "scripts": [] 33 | }, 34 | "configurations": { 35 | "production": { 36 | "budgets": [ 37 | { 38 | "type": "initial", 39 | "maximumWarning": "500kb", 40 | "maximumError": "1mb" 41 | }, 42 | { 43 | "type": "anyComponentStyle", 44 | "maximumWarning": "2kb", 45 | "maximumError": "4kb" 46 | } 47 | ], 48 | "fileReplacements": [ 49 | { 50 | "replace": "src/environments/environment.ts", 51 | "with": "src/environments/environment.prod.ts" 52 | } 53 | ], 54 | "outputHashing": "all" 55 | }, 56 | "development": { 57 | "buildOptimizer": false, 58 | "optimization": false, 59 | "vendorChunk": true, 60 | "extractLicenses": false, 61 | "sourceMap": true, 62 | "namedChunks": true 63 | } 64 | }, 65 | "defaultConfiguration": "production" 66 | }, 67 | "serve": { 68 | "builder": "@angular-devkit/build-angular:dev-server", 69 | "configurations": { 70 | "production": { 71 | "browserTarget": "nodejsLabs:build:production" 72 | }, 73 | "development": { 74 | "browserTarget": "nodejsLabs:build:development" 75 | } 76 | }, 77 | "defaultConfiguration": "development" 78 | }, 79 | "extract-i18n": { 80 | "builder": "@angular-devkit/build-angular:extract-i18n", 81 | "options": { 82 | "browserTarget": "nodejsLabs:build" 83 | } 84 | }, 85 | "test": { 86 | "builder": "@angular-devkit/build-angular:karma", 87 | "options": { 88 | "main": "src/test.ts", 89 | "polyfills": "src/polyfills.ts", 90 | "tsConfig": "tsconfig.spec.json", 91 | "karmaConfig": "karma.conf.js", 92 | "assets": [ 93 | "src/favicon.ico", 94 | "src/assets" 95 | ], 96 | "styles": [ 97 | "src/styles.css" 98 | ], 99 | "scripts": [] 100 | } 101 | } 102 | } 103 | } 104 | }, 105 | "defaultProject": "nodejsLabs" 106 | } 107 | -------------------------------------------------------------------------------- /docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3" 2 | services: 3 | nodejs-vul-labs: 4 | container_name: nodejs-vul-labs 5 | image: leihehe/nodejs-vul-labs:v2.0 6 | ports: 7 | - "8888:8888" 8 | mongo: 9 | container_name: mongolab 10 | image: mongo 11 | ports: 12 | - '27017:27017' -------------------------------------------------------------------------------- /flag/flag1.txt: -------------------------------------------------------------------------------- 1 | Congratulations,you got it. -------------------------------------------------------------------------------- /image/database.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/database.png -------------------------------------------------------------------------------- /image/lab1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/lab1.png -------------------------------------------------------------------------------- /image/lab2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/lab2.png -------------------------------------------------------------------------------- /image/lab3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/lab3.png -------------------------------------------------------------------------------- /image/lab4.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/lab4.png -------------------------------------------------------------------------------- /image/lab5.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/lab5.png -------------------------------------------------------------------------------- /image/lab6.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/image/lab6.png -------------------------------------------------------------------------------- /karma.conf.js: -------------------------------------------------------------------------------- 1 | // Karma configuration file, see link for more information 2 | // https://karma-runner.github.io/1.0/config/configuration-file.html 3 | 4 | module.exports = function (config) { 5 | config.set({ 6 | basePath: '', 7 | frameworks: ['jasmine', '@angular-devkit/build-angular'], 8 | plugins: [ 9 | require('karma-jasmine'), 10 | require('karma-chrome-launcher'), 11 | require('karma-jasmine-html-reporter'), 12 | require('karma-coverage'), 13 | require('@angular-devkit/build-angular/plugins/karma') 14 | ], 15 | client: { 16 | jasmine: { 17 | // you can add configuration options for Jasmine here 18 | // the possible options are listed at https://jasmine.github.io/api/edge/Configuration.html 19 | // for example, you can disable the random execution with `random: false` 20 | // or set a specific seed with `seed: 4321` 21 | }, 22 | clearContext: false // leave Jasmine Spec Runner output visible in browser 23 | }, 24 | jasmineHtmlReporter: { 25 | suppressAll: true // removes the duplicated traces 26 | }, 27 | coverageReporter: { 28 | dir: require('path').join(__dirname, './coverage/nodejsLabs'), 29 | subdir: '.', 30 | reporters: [ 31 | { type: 'html' }, 32 | { type: 'text-summary' } 33 | ] 34 | }, 35 | reporters: ['progress', 'kjhtml'], 36 | port: 9876, 37 | colors: true, 38 | logLevel: config.LOG_INFO, 39 | autoWatch: true, 40 | browsers: ['Chrome'], 41 | singleRun: false, 42 | restartOnFileChange: true 43 | }); 44 | }; 45 | -------------------------------------------------------------------------------- /login/passport.js: -------------------------------------------------------------------------------- 1 | let mongoose = require('mongoose'); 2 | let User = require('../models/user'); 3 | var passport = require('passport'), 4 | LocalStrategy = require('passport-local').Strategy; 5 | 6 | 7 | /* Login validation */ 8 | passport.use('local.login', new LocalStrategy( 9 | function (username, password, done) { 10 | User.findOne({ 11 | username: username 12 | }, function (err, user) { 13 | if (err) { 14 | console.log("error happened") 15 | return done(err); 16 | } 17 | if (!user) { 18 | console.log("no user") 19 | return done(null, false, { 20 | message: 'Incorrect username.' 21 | }); 22 | } 23 | if (user.password != password) { 24 | console.log("incorrect password") 25 | return done(null, false, { 26 | message: 'Incorrect password.' 27 | }); 28 | } 29 | return done(null, user); 30 | }); 31 | } 32 | )); 33 | 34 | /* Signup validation */ 35 | passport.use('local.signup', new LocalStrategy(function (username, password, done) { 36 | User.findOne({ 37 | username: username 38 | }, function (err, user) { 39 | if (user != null) { 40 | return done(null, false, { 41 | message: 'The username already exists' 42 | }); 43 | } else { 44 | let newUser = new User({ 45 | _id: new mongoose.Types.ObjectId(), 46 | username: username, 47 | password: password 48 | }); 49 | newUser.save({ 50 | username: username, 51 | password: password 52 | }, function (err, user) { 53 | if (err) { 54 | return done(err) 55 | } 56 | return done(null, user); 57 | }) 58 | } 59 | }) 60 | 61 | })) 62 | 63 | passport.serializeUser(function (user, done) { 64 | done(null, user.username); 65 | }); 66 | 67 | passport.deserializeUser(function (username, done) { 68 | User.findOne({ 69 | username: username 70 | }, function (err, user) { 71 | if (err) { 72 | return done(err); 73 | } 74 | done(null, user); 75 | }); 76 | }); 77 | 78 | passport.authenticateMiddleware = function authenticationMiddleware() { 79 | return function (req, res, next) { 80 | if (req.isAuthenticated()) { 81 | return next(); 82 | } 83 | res.status(401).json(); 84 | } 85 | }; 86 | 87 | module.exports = passport; 88 | -------------------------------------------------------------------------------- /main.js: -------------------------------------------------------------------------------- 1 | const { exec } = require('child_process'); 2 | const express = require('express'); 3 | fs = require('fs'); 4 | const app=express(); 5 | app.use(express.static('dist/nodejsLabs'));// 6 | app.use(express.urlencoded({extended:true})); 7 | app.use(express.json()); 8 | let server = require('http').Server(app);//Create an http server using express app 9 | 10 | let expressSession = require('express-session'); 11 | let passport = require('./login/passport'); 12 | app.use(expressSession({ 13 | secret: 'leihehe', 14 | resave: true, 15 | saveUninitialized: true 16 | })); 17 | // Initilize passport 18 | 19 | let names={"Richard":2995,"John":8011,"Bob":5,"Tim":5390}; 20 | 21 | app.use(passport.initialize()); 22 | app.use(passport.session()); 23 | let mongoose = require('mongoose'); 24 | const User=require('./models/user'); 25 | const Code=require('./models/code'); 26 | let url = "mongodb://localhost:27017/nodejsLabs"; 27 | mongoose.connect(url,function(err){ 28 | if(err){ 29 | console.log('Error in mongoose connection'); 30 | throw err; 31 | } 32 | console.log('Connection established'); 33 | }) 34 | 35 | /* LOGIN PART */ 36 | 37 | app.get('/authenticate',passport.authenticateMiddleware(), (req, res) => { 38 | res.status(200).json({"statusCode" : 200 ,"message" : "hello"}); 39 | }); 40 | 41 | app.post('/login', passport.authenticate('local.login'), function (req, res) { 42 | let returnData = { 43 | isSuccess: true, 44 | user: req.user 45 | }; 46 | 47 | res.send(JSON.stringify(returnData)); 48 | }); 49 | 50 | app.post('/signup',passport.authenticate('local.signup'),function(req, res) { 51 | res.status(200).json(); 52 | }) 53 | 54 | app.get('/logout', function(req, res){ 55 | req.logout(); 56 | res.json(); 57 | }); 58 | 59 | 60 | 61 | 62 | /* SOCKET PART */ 63 | let io = require("socket.io")(server); 64 | 65 | 66 | io.on('connection',function(socket){ 67 | 68 | /* Lab 1 */ 69 | 70 | socket.on('lab1', function(data){ 71 | 72 | let bomber=exec('python -u ./test.py -n '+data,function(err,data){ 73 | if(err) socket.emit('bombStatus',"Some error occurred."); 74 | }) 75 | bomber.stdout.on('data', function(data) { 76 | socket.emit('bombStatus',data) 77 | }); 78 | }) 79 | 80 | 81 | 82 | /* Lab 2 */ 83 | socket.on('unlock', function(data){ 84 | //Code collection consists of _id, username, code,which would be added by the administrator manually. 85 | if(Object.keys(data).length === 0){ 86 | socket.emit("vipContent","Invalid activation code"); 87 | }else{ 88 | Code.findOne(data,'vipCode',function (err,result){//In the Code collection, users can not be found unless the administrator manually added the username and vipCode. 89 | if(err) socket.emit('vipContent',"Some error occured"); 90 | else if(result!=null){ 91 | User.findOneAndUpdate({username:data.username},{vip:true},function (err,fUser){ 92 | if(err) socket.emit('vipContent',"Some error occured"); 93 | socket.emit('vipContent',"The flag is ufnskaknv123ff2. Congratulations!"); 94 | }) 95 | }else{ 96 | socket.emit('vipContent',"Invalid activation code,please contact the host to purchase the activation code"); 97 | } 98 | }) 99 | } 100 | 101 | }) 102 | 103 | 104 | 105 | /* Lab 3 */ 106 | 107 | socket.on('lab3', function(data){ 108 | let announcement= { 109 | "content":"The website is temporarily closed, more features are being developed", 110 | "backupSecret":"5oGt5Zac5L2g77yB5om+5Yiw5LqG56ys5LiJ5YWz55qEZmxhZzogcXdkZDEyZ2RoNTI2MzEyYTNzYw=="//For convinence, I encrypted the previous content. I will change it back after the maintainance. 111 | } 112 | let backlist=['backupSecret']; 113 | if(backlist.includes(data)){ 114 | socket.emit('announcement',"Illegal operation detected. Your IP has been logged");//check blacklist, scare them. 115 | }else if(announcement[data]!=null){ 116 | socket.emit('announcement',announcement[data]); 117 | }else{ 118 | socket.emit('announcement',"Some error occurred."); 119 | } 120 | 121 | }) 122 | 123 | /* Lab 4 */ 124 | socket.on('lab4',function(data){ 125 | //Send the number of tickets 126 | let target = data.username; 127 | let p=data.ticket; 128 | if(p<2&&p>0){ 129 | names[target]=names[target]+p; 130 | io.sockets.emit('results',names) 131 | }else{ 132 | //非法数据 133 | socket.emit('results',names) 134 | } 135 | }) 136 | io.sockets.emit('results',names); 137 | 138 | /* Lab 5 */ 139 | socket.on('unlockLab5', function(data){ 140 | //Code collection consists of _id, username, code,which would be added by the administrator manually. 141 | if(Object.keys(data).length === 0){ 142 | socket.emit("vipContent","Invalid activation code."); 143 | }else{ 144 | Code.findOne({username:String(data.username),vipCode:String(data.vipCode)},'vipCode',function (err,result){//In the Code collection, users can not be found unless the administrator manually added the username and vipCode. 145 | if(err) socket.emit('vipContent',"Some error occured."); 146 | else if(result!=null){ 147 | User.findOneAndUpdate({username:data.username},{vip:true},function (err,data){ 148 | if(err) socket.emit('vipContent',"Some error occured."); 149 | 150 | socket.emit('vipContent',"Success"); 151 | }) 152 | }else{ 153 | let Log={"Event":"You cannot access the premium content,please contact the host to purchase the activation code!","Time":Date.now()}; 154 | //You can add any attributes into the Log{} , and the front end will fetch and present it. 155 | merge(Log,data); 156 | socket.emit('vipContent',Log); 157 | } 158 | }) 159 | } 160 | 161 | }) 162 | socket.on('checkVIP', function(data){ 163 | 164 | User.findOne({username:JSON.parse(data).user.username, vip:true},function (err,result){ 165 | if(err){ 166 | socket.emit('vipContent',"Some error occurred."); 167 | result={}; 168 | } 169 | if(result!=null){ 170 | if(result.vip==true){ 171 | socket.emit('vipContent',"The flag is ufnskaknv123ff2. Congratulations!"); 172 | }else{ 173 | socket.emit('vipContent',"You are not allowed to access the content") 174 | } 175 | }else{ 176 | socket.emit('vipContent',"You are not allowed to access the content") 177 | } 178 | 179 | }) 180 | 181 | }) 182 | 183 | 184 | 185 | }) 186 | /* Lab 6 */ 187 | app.get('/lab6',function(req,res){ 188 | var flag = 'Congratulations, you are invted to join our Cybersecurity Team.'; 189 | if(req.url.match(/7B|7D|2C|\,/ig)){ 190 | res.send("Incorrect answer."); 191 | }else{ 192 | if(req.query.ck.name==='admin'&&req.query.ck.anwser==='niceGame'){ 193 | res.send(flag); 194 | }else{ 195 | res.send("Incorrect answer."); 196 | } 197 | } 198 | 199 | }) 200 | 201 | app.get("/initial",function(req,res){ 202 | User.deleteMany({},function(err){ 203 | if(err) res.json({"msg":"Database initialization failed. Please check whether the database is connected"}); 204 | Code.deleteMany({},function(err){ 205 | if(err) res.json({"msg":"Database initialization failed. Please check whether the database is connected"}); 206 | let newUser = new User({ 207 | _id: new mongoose.Types.ObjectId(), 208 | username: "admin", 209 | password: "admin123123" 210 | }); 211 | let newCodes=new Code({ 212 | _id: new mongoose.Types.ObjectId(), 213 | username:"admin", 214 | vipCode:"wqhduqwodnj13" 215 | }) 216 | newUser.save(function(err){ 217 | if(err) res.json({"msg":"Database initialization failed. Please check whether the database is connected"}); 218 | console.log('new user created'); 219 | newCodes.save(function(err){ 220 | if(err) res.json({"msg":"Database initialization failed. Please check whether the database is connected"}); 221 | console.log('VIP table created'); 222 | console.log('Database initialization completed'); 223 | res.json({"msg":"Database initialization completed!"}); 224 | }) 225 | }) 226 | }) 227 | }) 228 | 229 | }) 230 | 231 | function merge(target,source) { 232 | for (let key in source){ 233 | if (key in source && key in target){ 234 | merge(target[key],source[key]); 235 | }else { 236 | target[key]=source[key]; 237 | } 238 | }} 239 | 240 | 241 | 242 | 243 | 244 | 245 | server.listen(8888,function(){ 246 | console.log('listening on port 8888!') 247 | }) -------------------------------------------------------------------------------- /models/code.js: -------------------------------------------------------------------------------- 1 | const mongoose = require('mongoose'); 2 | 3 | let codeSchema=mongoose.Schema({ 4 | _id:mongoose.Schema.Types.ObjectId, 5 | username:String, 6 | vipCode:String 7 | 8 | }) 9 | module.exports =mongoose.model('Code',codeSchema); 10 | //in order to export a model, we need to invoke the model constructor and pass it a string represents the name of the collection and a reference to the schema. -------------------------------------------------------------------------------- /models/user.js: -------------------------------------------------------------------------------- 1 | const mongoose = require('mongoose'); 2 | 3 | let userSchema=mongoose.Schema({ 4 | _id:mongoose.Schema.Types.ObjectId, 5 | username:String, 6 | password:String, 7 | vip:Boolean 8 | 9 | }) 10 | module.exports =mongoose.model('User',userSchema); 11 | //in order to export a model, we need to invoke the model constructor and pass it a string represents the name of the collection and a reference to the schema. -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "nodejs-labs", 3 | "version": "0.0.0", 4 | "scripts": { 5 | "ng": "ng", 6 | "start": "ng serve", 7 | "build": "ng build", 8 | "watch": "ng build --watch --configuration development", 9 | "test": "ng test" 10 | }, 11 | "private": true, 12 | "dependencies": { 13 | "@angular/animations": "~13.0.0", 14 | "@angular/common": "~13.0.0", 15 | "@angular/compiler": "~13.0.0", 16 | "@angular/core": "~13.0.0", 17 | "@angular/forms": "~13.0.0", 18 | "@angular/platform-browser": "~13.0.0", 19 | "@angular/platform-browser-dynamic": "~13.0.0", 20 | "@angular/router": "~13.0.0", 21 | "@types/socket.io-client": "^3.0.0", 22 | "express-session": "^1.17.2", 23 | "jsencrypt": "^3.2.1", 24 | "mongoose": "^6.0.13", 25 | "passport": "^0.5.0", 26 | "passport-local": "^1.0.0", 27 | "rxjs": "~7.4.0", 28 | "socket.io": "^4.4.0", 29 | "socket.io-client": "^4.4.0", 30 | "tslib": "^2.3.0", 31 | "zone.js": "~0.11.4" 32 | }, 33 | "devDependencies": { 34 | "@angular-devkit/build-angular": "~13.0.2", 35 | "@angular/cli": "~13.0.2", 36 | "@angular/compiler-cli": "~13.0.0", 37 | "@types/jasmine": "~3.10.0", 38 | "@types/node": "^12.11.1", 39 | "jasmine-core": "~3.10.0", 40 | "karma": "~6.3.0", 41 | "karma-chrome-launcher": "~3.1.0", 42 | "karma-coverage": "~2.0.3", 43 | "karma-jasmine": "~4.0.0", 44 | "karma-jasmine-html-reporter": "~1.7.0", 45 | "typescript": "~4.4.3" 46 | } 47 | } 48 | -------------------------------------------------------------------------------- /src/app/app-routing.module.ts: -------------------------------------------------------------------------------- 1 | import { NgModule } from '@angular/core'; 2 | import { RouterModule, Routes } from '@angular/router'; 3 | 4 | const routes: Routes = []; 5 | 6 | @NgModule({ 7 | imports: [RouterModule.forRoot(routes)], 8 | exports: [RouterModule] 9 | }) 10 | export class AppRoutingModule { } 11 | -------------------------------------------------------------------------------- /src/app/app.component.css: -------------------------------------------------------------------------------- 1 | /*** 2 | User Profile Sidebar by @keenthemes 3 | A component of Metronic Theme - #1 Selling Bootstrap 3 Admin Theme in Themeforest: http://j.mp/metronictheme 4 | Licensed under MIT 5 | ***/ 6 | 7 | body { 8 | margin-top:50px; 9 | background: #F1F3FA; 10 | } 11 | 12 | /* Profile container */ 13 | .profile { 14 | margin: 20px 0; 15 | } 16 | 17 | /* Profile sidebar */ 18 | .profile-sidebar { 19 | padding: 20px 0 10px 0; 20 | background: #fff; 21 | } 22 | 23 | .profile-userpic img { 24 | float: none; 25 | margin: 0 auto; 26 | width: 50%; 27 | height: 50%; 28 | -webkit-border-radius: 50% !important; 29 | -moz-border-radius: 50% !important; 30 | border-radius: 50% !important; 31 | } 32 | 33 | .profile-usertitle { 34 | text-align: center; 35 | margin-top: 20px; 36 | } 37 | 38 | .profile-usertitle-name { 39 | color: #5a7391; 40 | font-size: 16px; 41 | font-weight: 600; 42 | margin-bottom: 7px; 43 | } 44 | 45 | .profile-usertitle-job { 46 | text-transform: uppercase; 47 | color: #5b9bd1; 48 | font-size: 12px; 49 | font-weight: 600; 50 | margin-bottom: 15px; 51 | } 52 | 53 | .profile-userbuttons { 54 | text-align: center; 55 | margin-top: 10px; 56 | } 57 | 58 | .profile-userbuttons .btn { 59 | text-transform: uppercase; 60 | font-size: 11px; 61 | font-weight: 600; 62 | padding: 6px 15px; 63 | margin-right: 5px; 64 | } 65 | 66 | .profile-userbuttons .btn:last-child { 67 | margin-right: 0px; 68 | } 69 | 70 | .profile-usermenu { 71 | margin-top: 30px; 72 | } 73 | 74 | .profile-usermenu ul li { 75 | border-bottom: 1px solid #f0f4f7; 76 | } 77 | 78 | .profile-usermenu ul li:last-child { 79 | border-bottom: none; 80 | } 81 | 82 | .profile-usermenu ul li a { 83 | color: #93a3b5; 84 | font-size: 14px; 85 | font-weight: 400; 86 | } 87 | 88 | .profile-usermenu ul li a i { 89 | margin-right: 8px; 90 | font-size: 14px; 91 | } 92 | 93 | .profile-usermenu ul li a:hover { 94 | background-color: #fafcfd; 95 | color: #5b9bd1; 96 | } 97 | 98 | .profile-usermenu ul li.active { 99 | border-bottom: none; 100 | } 101 | 102 | .profile-usermenu ul li.active a { 103 | color: #5b9bd1; 104 | background-color: #f6f9fb; 105 | border-left: 2px solid #5b9bd1; 106 | margin-left: -2px; 107 | } 108 | 109 | /* Profile Content */ 110 | .profile-content { 111 | padding: 20px; 112 | background: #fff; 113 | min-height: 460px; 114 | } 115 | -------------------------------------------------------------------------------- /src/app/app.component.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 |
9 |
10 |
11 | 12 |
13 | 14 |
15 | 16 | 17 |
18 |
19 | {{username}} 20 |
21 |
22 | Basic User 23 |
24 |
25 | 26 | 27 |
28 | 29 | 30 |
31 | 32 | 33 |
34 | 82 |
83 | 84 |
85 |
86 |
87 |
88 | 89 |
90 |
91 |
92 |
93 | 94 | 95 |

Powered by LeiH

96 | 97 |
98 |
-------------------------------------------------------------------------------- /src/app/app.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { TestBed } from '@angular/core/testing'; 2 | import { RouterTestingModule } from '@angular/router/testing'; 3 | import { AppComponent } from './app.component'; 4 | 5 | describe('AppComponent', () => { 6 | beforeEach(async () => { 7 | await TestBed.configureTestingModule({ 8 | imports: [ 9 | RouterTestingModule 10 | ], 11 | declarations: [ 12 | AppComponent 13 | ], 14 | }).compileComponents(); 15 | }); 16 | 17 | it('should create the app', () => { 18 | const fixture = TestBed.createComponent(AppComponent); 19 | const app = fixture.componentInstance; 20 | expect(app).toBeTruthy(); 21 | }); 22 | 23 | it(`should have as title 'nodejsLabs'`, () => { 24 | const fixture = TestBed.createComponent(AppComponent); 25 | const app = fixture.componentInstance; 26 | expect(app.title).toEqual('nodejsLabs'); 27 | }); 28 | 29 | it('should render title', () => { 30 | const fixture = TestBed.createComponent(AppComponent); 31 | fixture.detectChanges(); 32 | const compiled = fixture.nativeElement as HTMLElement; 33 | expect(compiled.querySelector('.content span')?.textContent).toContain('nodejsLabs app is running!'); 34 | }); 35 | }); 36 | -------------------------------------------------------------------------------- /src/app/app.component.ts: -------------------------------------------------------------------------------- 1 | import { Component } from '@angular/core'; 2 | import { Router } from '@angular/router'; 3 | import { AuthService } from './auth.service'; 4 | 5 | @Component({ 6 | selector: 'app-root', 7 | templateUrl: './app.component.html', 8 | styleUrls: ['./app.component.css'] 9 | }) 10 | export class AppComponent { 11 | title = 'nodejsLabs'; 12 | username=''; 13 | 14 | constructor(private authService:AuthService,private router:Router){} 15 | ngOnInit() { 16 | 17 | this.authService.currenUsername.subscribe(username =>this.username=username); 18 | } 19 | logout(){ 20 | this.authService.logout().subscribe((response:any) => { 21 | this.authService.removeUserInfo(); 22 | this.router.navigate(['login']) 23 | }) 24 | 25 | } 26 | } 27 | -------------------------------------------------------------------------------- /src/app/app.module.ts: -------------------------------------------------------------------------------- 1 | import { NgModule } from '@angular/core'; 2 | import { FormsModule } from '@angular/forms'; 3 | import { BrowserModule } from '@angular/platform-browser'; 4 | 5 | import { AppComponent } from './app.component'; 6 | import { Lab1Component } from './lab1/lab1.component'; 7 | import { HttpClientModule } from '@angular/common/http'; 8 | import { RouterModule, Routes } from '@angular/router'; 9 | import { OverviewComponent } from './overview/overview.component'; 10 | import { DatabaseService } from './database.service'; 11 | import { Lab2Component } from './lab2/lab2.component'; 12 | import { LoginComponent } from './login/login.component'; 13 | import { AuthGuardService } from './auth-guard.service'; 14 | import { Lab3Component } from './lab3/lab3.component'; 15 | import { Lab4Component } from './lab4/lab4.component'; 16 | import { RegisterComponent } from './register/register.component'; 17 | import { Lab5Component } from './lab5/lab5.component'; 18 | import { Lab6Component } from './lab6/lab6.component'; 19 | import { InitializationComponent } from './initialization/initialization.component'; 20 | const appRoutes:Routes=[ 21 | {path:'home',component:OverviewComponent,canActivate:[AuthGuardService]}, 22 | {path:'login',component:LoginComponent}, 23 | {path:'register',component:RegisterComponent}, 24 | {path:'lab1',component:Lab1Component,canActivate:[AuthGuardService]}, 25 | {path:'lab2',component:Lab2Component,canActivate:[AuthGuardService]}, 26 | {path:'lab3',component:Lab3Component,canActivate:[AuthGuardService]}, 27 | {path:'lab4',component:Lab4Component,canActivate:[AuthGuardService]}, 28 | {path:'lab5',component:Lab5Component,canActivate:[AuthGuardService]}, 29 | {path:'lab6',component:Lab6Component,canActivate:[AuthGuardService]}, 30 | {path:'initialization',component:InitializationComponent}, 31 | {path:'',redirectTo:"/home",pathMatch:"full"} 32 | ]; 33 | 34 | @NgModule({ 35 | declarations: [ 36 | AppComponent, 37 | Lab1Component, 38 | OverviewComponent, 39 | Lab2Component, 40 | LoginComponent, 41 | Lab3Component, 42 | Lab4Component, 43 | RegisterComponent, 44 | Lab5Component, 45 | Lab6Component, 46 | InitializationComponent 47 | ], 48 | imports: [ 49 | RouterModule.forRoot(appRoutes,{useHash:true}), 50 | BrowserModule, 51 | FormsModule, 52 | HttpClientModule 53 | ], 54 | providers: [DatabaseService], 55 | bootstrap: [AppComponent] 56 | }) 57 | export class AppModule { } 58 | -------------------------------------------------------------------------------- /src/app/auth-guard.service.spec.ts: -------------------------------------------------------------------------------- 1 | import { TestBed } from '@angular/core/testing'; 2 | 3 | import { AuthGuardService } from './auth-guard.service'; 4 | 5 | describe('AuthGuardService', () => { 6 | let service: AuthGuardService; 7 | 8 | beforeEach(() => { 9 | TestBed.configureTestingModule({}); 10 | service = TestBed.inject(AuthGuardService); 11 | }); 12 | 13 | it('should be created', () => { 14 | expect(service).toBeTruthy(); 15 | }); 16 | }); 17 | -------------------------------------------------------------------------------- /src/app/auth-guard.service.ts: -------------------------------------------------------------------------------- 1 | import { Injectable } from '@angular/core'; 2 | import { Router } from '@angular/router'; 3 | import { AuthService } from './auth.service'; 4 | 5 | @Injectable({ 6 | providedIn: 'root' 7 | }) 8 | export class AuthGuardService { 9 | 10 | constructor(private authService: AuthService,private route:Router) { } 11 | 12 | canActivate(){ 13 | if(this.authService.isAuthenticated()){ 14 | return true; 15 | } 16 | this.route.navigate(['/login']); 17 | return false; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /src/app/auth.service.spec.ts: -------------------------------------------------------------------------------- 1 | import { TestBed } from '@angular/core/testing'; 2 | 3 | import { AuthService } from './auth.service'; 4 | 5 | describe('AuthService', () => { 6 | let service: AuthService; 7 | 8 | beforeEach(() => { 9 | TestBed.configureTestingModule({}); 10 | service = TestBed.inject(AuthService); 11 | }); 12 | 13 | it('should be created', () => { 14 | expect(service).toBeTruthy(); 15 | }); 16 | }); 17 | -------------------------------------------------------------------------------- /src/app/auth.service.ts: -------------------------------------------------------------------------------- 1 | import { HttpClient, HttpHeaders } from '@angular/common/http'; 2 | import { Injectable } from '@angular/core'; 3 | import { BehaviorSubject, Observable, Subject } from 'rxjs'; 4 | 5 | const httpOptions = { 6 | headers: new HttpHeaders({ "Content-Type": "application/json" }), 7 | }; 8 | @Injectable({ 9 | providedIn: 'root' 10 | }) 11 | export class AuthService { 12 | public availableTickets={}; 13 | 14 | private username = new BehaviorSubject('You havn\'t logged in yet'); 15 | public currenUsername=this.username.asObservable(); 16 | constructor(private http:HttpClient) { 17 | } 18 | public validate(){ 19 | return this.http.get('/authenticate'); 20 | } 21 | public isAuthenticated(){ 22 | let userData = localStorage.getItem('userInfo'); 23 | if(userData &&JSON.parse(userData)){ 24 | return true; 25 | } 26 | return false; 27 | } 28 | 29 | 30 | public setUserInfo(user:any){ 31 | localStorage.setItem('userInfo', JSON.stringify(user)); 32 | this.setTicket("2"); 33 | } 34 | public removeUserInfo(){ 35 | localStorage.removeItem('userInfo'); 36 | } 37 | 38 | 39 | public login(username:String, password:String) { 40 | return this.http.post('/login', {'username' : username, 'password' : password},httpOptions) 41 | } 42 | 43 | public logout(){ 44 | return this.http.get('/logout'); 45 | } 46 | public register(username:String, password:String){ 47 | return this.http.post('/signup', {'username' : username, 'password' : password},httpOptions) 48 | } 49 | 50 | public getTicket(){ 51 | return localStorage.getItem('ticket'); 52 | } 53 | public setTicket(currentTick:string){ 54 | localStorage.setItem('ticket',currentTick); 55 | } 56 | 57 | getUserName(notLoggedIn="You haven\'t logged in yet"):String{ 58 | let us = localStorage.getItem('userInfo'); 59 | 60 | if(us!=null){ 61 | this.username.next(JSON.parse(us).user.username); 62 | return JSON.parse(us).user.username; 63 | }else{ 64 | this.username.next(notLoggedIn); 65 | return notLoggedIn; 66 | } 67 | } 68 | 69 | 70 | 71 | } 72 | -------------------------------------------------------------------------------- /src/app/database.service.spec.ts: -------------------------------------------------------------------------------- 1 | import { TestBed } from '@angular/core/testing'; 2 | 3 | import { DatabaseService } from './database.service'; 4 | 5 | describe('DatabaseService', () => { 6 | let service: DatabaseService; 7 | 8 | beforeEach(() => { 9 | TestBed.configureTestingModule({}); 10 | service = TestBed.inject(DatabaseService); 11 | }); 12 | 13 | it('should be created', () => { 14 | expect(service).toBeTruthy(); 15 | }); 16 | }); 17 | -------------------------------------------------------------------------------- /src/app/database.service.ts: -------------------------------------------------------------------------------- 1 | import { Injectable } from '@angular/core'; 2 | import { HttpClient, HttpHeaders } from "@angular/common/http"; 3 | const httpOptions = { 4 | headers: new HttpHeaders({ "Content-Type": "application/json" }), 5 | }; 6 | @Injectable({ 7 | providedIn: 'root' 8 | }) 9 | export class DatabaseService { 10 | constructor(private http: HttpClient) { } 11 | public initial(){//database 12 | return this.http.get('/initial'); 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /src/app/initialization/initialization.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/app/initialization/initialization.component.css -------------------------------------------------------------------------------- /src/app/initialization/initialization.component.html: -------------------------------------------------------------------------------- 1 |
2 |
3 |

4 |
5 |
6 | 7 |
8 | 9 |
10 |
11 |
12 |
Results
13 |
{{result}}
14 |
15 |
16 |
-------------------------------------------------------------------------------- /src/app/initialization/initialization.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { InitializationComponent } from './initialization.component'; 4 | 5 | describe('InitializationComponent', () => { 6 | let component: InitializationComponent; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ InitializationComponent ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(InitializationComponent); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/initialization/initialization.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { DatabaseService } from '../database.service'; 3 | 4 | @Component({ 5 | selector: 'app-initialization', 6 | templateUrl: './initialization.component.html', 7 | styleUrls: ['./initialization.component.css'] 8 | }) 9 | export class InitializationComponent implements OnInit { 10 | 11 | constructor(private database: DatabaseService) { } 12 | result=""; 13 | ngOnInit(): void { 14 | } 15 | initial(){ 16 | this.database.initial().subscribe((response:any)=>{ 17 | this.result=response.msg; 18 | }); 19 | } 20 | 21 | } 22 | -------------------------------------------------------------------------------- /src/app/lab1/lab1.component.css: -------------------------------------------------------------------------------- 1 | /*** 2 | User Profile Sidebar by @keenthemes 3 | A component of Metronic Theme - #1 Selling Bootstrap 3 Admin Theme in Themeforest: http://j.mp/metronictheme 4 | Licensed under MIT 5 | ***/ 6 | 7 | body { 8 | background: #F1F3FA; 9 | } 10 | 11 | /* Profile container */ 12 | .profile { 13 | margin: 20px 0; 14 | } 15 | 16 | /* Profile sidebar */ 17 | .profile-sidebar { 18 | padding: 20px 0 10px 0; 19 | background: #fff; 20 | } 21 | 22 | .profile-userpic img { 23 | float: none; 24 | margin: 0 auto; 25 | width: 50%; 26 | height: 50%; 27 | -webkit-border-radius: 50% !important; 28 | -moz-border-radius: 50% !important; 29 | border-radius: 50% !important; 30 | } 31 | 32 | .profile-usertitle { 33 | text-align: center; 34 | margin-top: 20px; 35 | } 36 | 37 | .profile-usertitle-name { 38 | color: #5a7391; 39 | font-size: 16px; 40 | font-weight: 600; 41 | margin-bottom: 7px; 42 | } 43 | 44 | .profile-usertitle-job { 45 | text-transform: uppercase; 46 | color: #5b9bd1; 47 | font-size: 12px; 48 | font-weight: 600; 49 | margin-bottom: 15px; 50 | } 51 | 52 | .profile-userbuttons { 53 | text-align: center; 54 | margin-top: 10px; 55 | } 56 | 57 | .profile-userbuttons .btn { 58 | text-transform: uppercase; 59 | font-size: 11px; 60 | font-weight: 600; 61 | padding: 6px 15px; 62 | margin-right: 5px; 63 | } 64 | 65 | .profile-userbuttons .btn:last-child { 66 | margin-right: 0px; 67 | } 68 | 69 | .profile-usermenu { 70 | margin-top: 30px; 71 | } 72 | 73 | .profile-usermenu ul li { 74 | border-bottom: 1px solid #f0f4f7; 75 | } 76 | 77 | .profile-usermenu ul li:last-child { 78 | border-bottom: none; 79 | } 80 | 81 | .profile-usermenu ul li a { 82 | color: #93a3b5; 83 | font-size: 14px; 84 | font-weight: 400; 85 | } 86 | 87 | .profile-usermenu ul li a i { 88 | margin-right: 8px; 89 | font-size: 14px; 90 | } 91 | 92 | .profile-usermenu ul li a:hover { 93 | background-color: #fafcfd; 94 | color: #5b9bd1; 95 | } 96 | 97 | .profile-usermenu ul li.active { 98 | border-bottom: none; 99 | } 100 | 101 | .profile-usermenu ul li.active a { 102 | color: #5b9bd1; 103 | background-color: #f6f9fb; 104 | border-left: 2px solid #5b9bd1; 105 | margin-left: -2px; 106 | } 107 | 108 | /* Profile Content */ 109 | .profile-content { 110 | padding: 20px; 111 | background: #fff; 112 | min-height: 460px; 113 | } -------------------------------------------------------------------------------- /src/app/lab1/lab1.component.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 |

5 |
6 |
7 | 8 |
9 | 10 | 11 |
12 | Hint: An extra process is running by a socket. 13 |
14 |
15 | 16 | 17 | 18 | This is the phone number you want to bomb. 19 |
20 |
21 | 22 |
23 |
24 |
25 |
Progress:
26 | 27 |
{{s}}
28 |
29 | 30 |
31 | 32 |
-------------------------------------------------------------------------------- /src/app/lab1/lab1.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { Lab1Component } from './lab1.component'; 4 | 5 | describe('Lab1Component', () => { 6 | let component: Lab1Component; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ Lab1Component ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(Lab1Component); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/lab1/lab1.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { io } from 'socket.io-client'; 3 | import { Router } from '@angular/router'; 4 | import { AuthService } from '../auth.service'; 5 | 6 | @Component({ 7 | selector: 'app-lab1', 8 | templateUrl: './lab1.component.html', 9 | styleUrls: ['./lab1.component.css'] 10 | }) 11 | 12 | export class Lab1Component implements OnInit { 13 | socket: any; 14 | message: String=""; 15 | username:String=""; 16 | constructor(private authService:AuthService, private router: Router) { 17 | //this.authService.getUserName(); 18 | } 19 | phoneNumber:String=""; 20 | status:any[]=[];//this is to show the status of the phone bomber 21 | tip=false; 22 | ngOnInit(): void { 23 | this.socket = io(); 24 | this.listenOnStatus() 25 | this.authService.getUserName(); 26 | } 27 | phoneBomb(){ 28 | if(this.phoneNumber==""){ 29 | this.status.push('Please input your target phone number') 30 | } 31 | else if(!isNaN(Number(this.phoneNumber))){ 32 | this.socket.emit('lab1',this.phoneNumber); 33 | }else{ 34 | this.status.push('Your target phone number is incorrect!') 35 | } 36 | } 37 | listenOnStatus(){ 38 | 39 | this.socket.on('bombStatus',(data:any) =>{ 40 | this.status.push(data); 41 | }); 42 | 43 | } 44 | showTip(){ 45 | if(this.tip) this.tip=false; 46 | else this.tip=true; 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /src/app/lab2/lab2.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/app/lab2/lab2.component.css -------------------------------------------------------------------------------- /src/app/lab2/lab2.component.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 |

5 |
6 |
7 | 8 |

The administrator will manually add the username and corresponding activation code in the database only after being paid. The users that do not purchase the Premium version will not be stored in the database with activation codes.

9 |
10 | 11 | 12 |
13 | Hint: How is the premium account activated? 14 |
15 |
16 | 17 | 18 | 19 |
20 | 21 |
22 |
23 |
24 |
PREMIUM CONTENT:(View after upgrading)
25 |
{{s}}
26 |
27 |
28 | 29 |
-------------------------------------------------------------------------------- /src/app/lab2/lab2.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { Lab2Component } from './lab2.component'; 4 | 5 | describe('Lab2Component', () => { 6 | let component: Lab2Component; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ Lab2Component ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(Lab2Component); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/lab2/lab2.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { AuthService } from '../auth.service'; 3 | import { io } from 'socket.io-client'; 4 | @Component({ 5 | selector: 'app-lab2', 6 | templateUrl: './lab2.component.html', 7 | styleUrls: ['./lab2.component.css'] 8 | }) 9 | export class Lab2Component implements OnInit { 10 | constructor(private authService:AuthService) { } 11 | vipCode:String="" 12 | status:any[]=[] 13 | username:String=""; 14 | socket:any; 15 | tip=false; 16 | ngOnInit(): void { 17 | this.username=this.authService.getUserName(); 18 | this.socket = io(); 19 | this.listenOnStatus() 20 | } 21 | unlock(){ 22 | this.socket.emit('unlock',{username:this.username,vipCode:this.vipCode}); 23 | }; 24 | viewSecret(){ 25 | 26 | this.socket.emit('checkVIP',localStorage.getItem('userInfo')); 27 | } 28 | showTip(){ 29 | if(this.tip) this.tip=false; 30 | else this.tip=true; 31 | } 32 | 33 | listenOnStatus(){ 34 | this.socket.on('vipContent',(data:any) =>{ 35 | this.status.push(data); 36 | }); 37 | } 38 | 39 | } -------------------------------------------------------------------------------- /src/app/lab3/lab3.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/app/lab3/lab3.component.css -------------------------------------------------------------------------------- /src/app/lab3/lab3.component.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 |

5 |
6 |
7 | 8 |
9 | 10 | 11 |
12 | Hint: Look into the code, how do you bypass the validation and get the content you want? Try to use a little feature of javascript. 13 |
14 |
15 |
16 |
Announcement:
17 |
{{content}}
18 |
19 |
20 | 21 |
-------------------------------------------------------------------------------- /src/app/lab3/lab3.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { Lab3Component } from './lab3.component'; 4 | 5 | describe('Lab3Component', () => { 6 | let component: Lab3Component; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ Lab3Component ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(Lab3Component); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/lab3/lab3.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | 3 | import { io } from 'socket.io-client'; 4 | import { AuthService } from '../auth.service'; 5 | @Component({ 6 | selector: 'app-lab3', 7 | templateUrl: './lab3.component.html', 8 | styleUrls: ['./lab3.component.css'] 9 | }) 10 | export class Lab3Component implements OnInit { 11 | socket: any; 12 | content:String=""; 13 | username:String=""; 14 | 15 | tip=false; 16 | constructor(private authService:AuthService) { } 17 | 18 | ngOnInit(): void { 19 | this.username=this.authService.getUserName(); 20 | this.socket = io(); 21 | this.listenOnStatus(); 22 | this.socket.emit("lab3","content"); 23 | } 24 | listenOnStatus(){ 25 | this.socket.on('announcement',(data:any) =>{ 26 | this.content=data; 27 | }); 28 | } 29 | showTip(){ 30 | if(this.tip) this.tip=false; 31 | else this.tip=true; 32 | } 33 | 34 | } 35 | -------------------------------------------------------------------------------- /src/app/lab4/lab4.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/app/lab4/lab4.component.css -------------------------------------------------------------------------------- /src/app/lab4/lab4.component.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 |

5 |
6 |
7 | 8 |

Your friend Bob is in last place, he wants to win a prize, can you help him?

9 |

Try to use a feature of Node.Js language to pass this level

10 |
11 | 12 | 13 |
14 | Hint: How are the votes counted? 15 |
16 |
17 |
18 |

Results:

19 |

Everyone can vote twice, after re-logging into the system, you can vote again.

20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 |
NameVotes
{{item.key}}{{item.value}}
36 |
37 |
38 | 39 |
-------------------------------------------------------------------------------- /src/app/lab4/lab4.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { Lab4Component } from './lab4.component'; 4 | 5 | describe('Lab4Component', () => { 6 | let component: Lab4Component; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ Lab4Component ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(Lab4Component); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/lab4/lab4.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { io } from 'socket.io-client'; 3 | import { AuthService } from '../auth.service'; 4 | @Component({ 5 | selector: 'app-lab4', 6 | templateUrl: './lab4.component.html', 7 | styleUrls: ['./lab4.component.css'] 8 | }) 9 | export class Lab4Component implements OnInit { 10 | socket: any; 11 | content:String=""; 12 | username:String=""; 13 | tip=false; 14 | ticket=0; 15 | constructor(private authService:AuthService) { } 16 | 17 | ngOnInit(): void { 18 | 19 | this.username=this.authService.getUserName(); 20 | this.socket = io(); 21 | this.listenOnStatus(); 22 | let tk=this.authService.getTicket() 23 | if(tk!=null){ 24 | this.ticket=Number(tk); 25 | } 26 | } 27 | listenOnStatus(){ 28 | this.socket.on('results',(data:any) =>{ 29 | this.content=data; 30 | }); 31 | } 32 | 33 | vote(target:String){ 34 | 35 | let tk=this.authService.getTicket() 36 | if(tk!=null){ 37 | this.ticket=Number(tk); 38 | } 39 | this.ticket--; 40 | this.authService.setTicket(this.ticket.toString()); 41 | this.socket.emit("lab4",{username:target,ticket:1}); 42 | 43 | } 44 | 45 | showTip(){ 46 | if(this.tip) this.tip=false; 47 | else this.tip=true; 48 | } 49 | 50 | 51 | } 52 | -------------------------------------------------------------------------------- /src/app/lab5/lab5.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/app/lab5/lab5.component.css -------------------------------------------------------------------------------- /src/app/lab5/lab5.component.html: -------------------------------------------------------------------------------- 1 | 2 |
3 |
4 |

5 |
6 |
7 | 8 |

Remind: Please restart the whole application after you finish this level, otherwise other labs will be affected.

9 |

The administrator will manually add the username and corresponding activation code in the database only after being paid. The users that do not purchase the Premium version will not be stored in the database with activation codes.

10 |
11 | 12 | 13 |
14 | Hint: Please look into where the activation code was checked! 15 |
16 |
17 | 18 | 19 | 20 |
21 | 22 | 23 |
24 |
25 |
26 |
VIP ACCESS CONTENT:(view it after unlock)
27 |
{{s}}
28 |
29 |
30 | 31 |
-------------------------------------------------------------------------------- /src/app/lab5/lab5.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { Lab5Component } from './lab5.component'; 4 | 5 | describe('Lab5Component', () => { 6 | let component: Lab5Component; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ Lab5Component ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(Lab5Component); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/lab5/lab5.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { io } from 'socket.io-client'; 3 | import { AuthService } from '../auth.service'; 4 | 5 | @Component({ 6 | selector: 'app-lab5', 7 | templateUrl: './lab5.component.html', 8 | styleUrls: ['./lab5.component.css'] 9 | }) 10 | export class Lab5Component implements OnInit { 11 | 12 | constructor(private authService:AuthService) { } 13 | 14 | vipCode:String="" 15 | status:any[]=[] 16 | username:String=""; 17 | socket:any; 18 | tip=false; 19 | ngOnInit(): void { 20 | this.username=this.authService.getUserName(); 21 | this.socket = io(); 22 | this.listenOnStatus() 23 | } 24 | unlock(){ 25 | this.socket.emit('unlockLab5',{username:this.username,vipCode:this.vipCode}); 26 | }; 27 | viewSecret(){ 28 | 29 | this.socket.emit('checkVIP',localStorage.getItem('userInfo')); 30 | } 31 | showTip(){ 32 | if(this.tip) this.tip=false; 33 | else this.tip=true; 34 | } 35 | 36 | listenOnStatus(){ 37 | this.socket.on('vipContent',(data:any) =>{ 38 | if(data.Event!=null) this.status.push(data.Event) 39 | else this.status.push(data); 40 | }); 41 | } 42 | 43 | } 44 | -------------------------------------------------------------------------------- /src/app/lab6/lab6.component.css: -------------------------------------------------------------------------------- 1 | code[class*="language-"], 2 | pre[class*="language-"] { 3 | color: #393A34; 4 | font-family: "Consolas", "Bitstream Vera Sans Mono", "Courier New", Courier, monospace; 5 | direction: ltr; 6 | text-align: left; 7 | white-space: pre; 8 | word-spacing: normal; 9 | word-break: normal; 10 | font-size: 0.95em; 11 | line-height: 1.2em; 12 | 13 | -moz-tab-size: 4; 14 | -o-tab-size: 4; 15 | tab-size: 4; 16 | 17 | -webkit-hyphens: none; 18 | -moz-hyphens: none; 19 | -ms-hyphens: none; 20 | hyphens: none; 21 | } 22 | 23 | pre[class*="language-"]::-moz-selection, pre[class*="language-"] ::-moz-selection, 24 | code[class*="language-"]::-moz-selection, code[class*="language-"] ::-moz-selection { 25 | background: #b3d4fc; 26 | } 27 | 28 | pre[class*="language-"]::selection, pre[class*="language-"] ::selection, 29 | code[class*="language-"]::selection, code[class*="language-"] ::selection { 30 | background: #b3d4fc; 31 | } 32 | 33 | /* Code blocks */ 34 | pre[class*="language-"] { 35 | padding: 1em; 36 | margin: .5em 0; 37 | overflow: auto; 38 | border: 1px solid #dddddd; 39 | background-color: white; 40 | } 41 | 42 | /* :not(pre) > code[class*="language-"], 43 | pre[class*="language-"] { 44 | } */ 45 | 46 | /* Inline code */ 47 | :not(pre) > code[class*="language-"] { 48 | padding: .2em; 49 | padding-top: 1px; padding-bottom: 1px; 50 | background: #f8f8f8; 51 | border: 1px solid #dddddd; 52 | } 53 | 54 | .token.comment, 55 | .token.prolog, 56 | .token.doctype, 57 | .token.cdata { 58 | color: #999988; font-style: italic; 59 | } 60 | 61 | .token.namespace { 62 | opacity: .7; 63 | } 64 | 65 | .token.string, 66 | .token.attr-value { 67 | color: #e3116c; 68 | } 69 | .token.punctuation, 70 | .token.operator { 71 | color: #393A34; /* no highlight */ 72 | } 73 | 74 | .token.entity, 75 | .token.url, 76 | .token.symbol, 77 | .token.number, 78 | .token.boolean, 79 | .token.variable, 80 | .token.constant, 81 | .token.property, 82 | .token.regex, 83 | .token.inserted { 84 | color: #36acaa; 85 | } 86 | 87 | .token.atrule, 88 | .token.keyword, 89 | .token.attr-name, 90 | .language-autohotkey .token.selector { 91 | color: #00a4db; 92 | } 93 | 94 | .token.function, 95 | .token.deleted, 96 | .language-autohotkey .token.tag { 97 | color: #9a050f; 98 | } 99 | 100 | .token.tag, 101 | .token.selector, 102 | .language-autohotkey .token.keyword { 103 | color: #00009f; 104 | } 105 | 106 | .token.important, 107 | .token.function, 108 | .token.bold { 109 | font-weight: bold; 110 | } 111 | 112 | .token.italic { 113 | font-style: italic; 114 | } -------------------------------------------------------------------------------- /src/app/lab6/lab6.component.html: -------------------------------------------------------------------------------- 1 |
2 |
3 |

4 |
5 |
6 | 7 |
8 | 9 | 10 |
11 | Hint: Use a special feature of Node.js 12 |
13 |
14 | 
15 |       
16 |       {{code}}
17 |       
18 |
19 |
20 |
21 | 22 |
-------------------------------------------------------------------------------- /src/app/lab6/lab6.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { Lab6Component } from './lab6.component'; 4 | 5 | describe('Lab6Component', () => { 6 | let component: Lab6Component; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ Lab6Component ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(Lab6Component); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/lab6/lab6.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { AuthService } from '../auth.service'; 3 | 4 | @Component({ 5 | selector: 'app-lab6', 6 | templateUrl: './lab6.component.html', 7 | styleUrls: ['./lab6.component.css'] 8 | }) 9 | export class Lab6Component implements OnInit { 10 | 11 | constructor(private authService:AuthService) { } 12 | 13 | username:String=""; 14 | code:String=` 15 | app.get('/lab6',function(req,res){ 16 | if(req.url.match(/7B|7D|2C|\,/ig)){ 17 | res.send("Incorrect answer."); 18 | }else{ 19 | if(req.query.ck.name==='admin'&&req.query.ck.anwser==='niceGame'){ 20 | res.send(flag); 21 | }else{ 22 | res.send("Incorrect answer."); 23 | } 24 | } 25 | })`; 26 | tip=false; 27 | ngOnInit(): void { 28 | this.username=this.authService.getUserName(); 29 | } 30 | 31 | 32 | showTip(){ 33 | if(this.tip) this.tip=false; 34 | else this.tip=true; 35 | } 36 | 37 | 38 | } 39 | -------------------------------------------------------------------------------- /src/app/login/login.component.css: -------------------------------------------------------------------------------- 1 | 2 | /* BASIC */ 3 | 4 | html { 5 | background-color: #56baed; 6 | } 7 | 8 | body { 9 | font-family: "Poppins", sans-serif; 10 | height: 100vh; 11 | } 12 | 13 | a { 14 | color: #92badd; 15 | display:inline-block; 16 | text-decoration: none; 17 | font-weight: 400; 18 | } 19 | 20 | h2 { 21 | text-align: center; 22 | font-size: 16px; 23 | font-weight: 600; 24 | text-transform: uppercase; 25 | display:inline-block; 26 | margin: 40px 8px 10px 8px; 27 | color: #cccccc; 28 | } 29 | 30 | 31 | 32 | /* STRUCTURE */ 33 | 34 | .wrapper { 35 | display: flex; 36 | align-items: center; 37 | flex-direction: column; 38 | justify-content: center; 39 | width: 100%; 40 | min-height: 100%; 41 | padding: 20px; 42 | } 43 | 44 | #formContent { 45 | -webkit-border-radius: 10px 10px 10px 10px; 46 | border-radius: 10px 10px 10px 10px; 47 | background: #fff; 48 | padding: 30px; 49 | width: 90%; 50 | max-width: 450px; 51 | position: relative; 52 | padding: 0px; 53 | -webkit-box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3); 54 | box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3); 55 | text-align: center; 56 | } 57 | 58 | #formFooter { 59 | background-color: #f6f6f6; 60 | border-top: 1px solid #dce8f1; 61 | padding: 25px; 62 | text-align: center; 63 | -webkit-border-radius: 0 0 10px 10px; 64 | border-radius: 0 0 10px 10px; 65 | } 66 | 67 | 68 | 69 | /* TABS */ 70 | 71 | h2.inactive { 72 | color: #cccccc; 73 | } 74 | 75 | h2.active { 76 | color: #0d0d0d; 77 | border-bottom: 2px solid #5fbae9; 78 | } 79 | 80 | 81 | 82 | /* FORM TYPOGRAPHY*/ 83 | 84 | input[type=button], input[type=submit], input[type=reset] { 85 | background-color: #56baed; 86 | border: none; 87 | color: white; 88 | padding: 15px 80px; 89 | text-align: center; 90 | text-decoration: none; 91 | display: inline-block; 92 | text-transform: uppercase; 93 | font-size: 13px; 94 | -webkit-box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4); 95 | box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4); 96 | -webkit-border-radius: 5px 5px 5px 5px; 97 | border-radius: 5px 5px 5px 5px; 98 | margin: 5px 20px 40px 20px; 99 | -webkit-transition: all 0.3s ease-in-out; 100 | -moz-transition: all 0.3s ease-in-out; 101 | -ms-transition: all 0.3s ease-in-out; 102 | -o-transition: all 0.3s ease-in-out; 103 | transition: all 0.3s ease-in-out; 104 | } 105 | 106 | input[type=button]:hover, input[type=submit]:hover, input[type=reset]:hover { 107 | background-color: #39ace7; 108 | } 109 | 110 | input[type=button]:active, input[type=submit]:active, input[type=reset]:active { 111 | -moz-transform: scale(0.95); 112 | -webkit-transform: scale(0.95); 113 | -o-transform: scale(0.95); 114 | -ms-transform: scale(0.95); 115 | transform: scale(0.95); 116 | } 117 | 118 | input[type=text] { 119 | background-color: #f6f6f6; 120 | border: none; 121 | color: #0d0d0d; 122 | padding: 15px 32px; 123 | text-align: center; 124 | text-decoration: none; 125 | display: inline-block; 126 | font-size: 16px; 127 | margin: 5px; 128 | width: 85%; 129 | border: 2px solid #f6f6f6; 130 | -webkit-transition: all 0.5s ease-in-out; 131 | -moz-transition: all 0.5s ease-in-out; 132 | -ms-transition: all 0.5s ease-in-out; 133 | -o-transition: all 0.5s ease-in-out; 134 | transition: all 0.5s ease-in-out; 135 | -webkit-border-radius: 5px 5px 5px 5px; 136 | border-radius: 5px 5px 5px 5px; 137 | } 138 | 139 | input[type=text]:focus { 140 | background-color: #fff; 141 | border-bottom: 2px solid #5fbae9; 142 | } 143 | 144 | input[type=text]:placeholder { 145 | color: #cccccc; 146 | } 147 | 148 | 149 | 150 | /* ANIMATIONS */ 151 | 152 | /* Simple CSS3 Fade-in-down Animation */ 153 | .fadeInDown { 154 | -webkit-animation-name: fadeInDown; 155 | animation-name: fadeInDown; 156 | -webkit-animation-duration: 1s; 157 | animation-duration: 1s; 158 | -webkit-animation-fill-mode: both; 159 | animation-fill-mode: both; 160 | } 161 | 162 | @-webkit-keyframes fadeInDown { 163 | 0% { 164 | opacity: 0; 165 | -webkit-transform: translate3d(0, -100%, 0); 166 | transform: translate3d(0, -100%, 0); 167 | } 168 | 100% { 169 | opacity: 1; 170 | -webkit-transform: none; 171 | transform: none; 172 | } 173 | } 174 | 175 | @keyframes fadeInDown { 176 | 0% { 177 | opacity: 0; 178 | -webkit-transform: translate3d(0, -100%, 0); 179 | transform: translate3d(0, -100%, 0); 180 | } 181 | 100% { 182 | opacity: 1; 183 | -webkit-transform: none; 184 | transform: none; 185 | } 186 | } 187 | 188 | /* Simple CSS3 Fade-in Animation */ 189 | @-webkit-keyframes fadeIn { from { opacity:0; } to { opacity:1; } } 190 | @-moz-keyframes fadeIn { from { opacity:0; } to { opacity:1; } } 191 | @keyframes fadeIn { from { opacity:0; } to { opacity:1; } } 192 | 193 | .fadeIn { 194 | opacity:0; 195 | -webkit-animation:fadeIn ease-in 1; 196 | -moz-animation:fadeIn ease-in 1; 197 | animation:fadeIn ease-in 1; 198 | 199 | -webkit-animation-fill-mode:forwards; 200 | -moz-animation-fill-mode:forwards; 201 | animation-fill-mode:forwards; 202 | 203 | -webkit-animation-duration:1s; 204 | -moz-animation-duration:1s; 205 | animation-duration:1s; 206 | } 207 | 208 | .fadeIn.first { 209 | -webkit-animation-delay: 0.4s; 210 | -moz-animation-delay: 0.4s; 211 | animation-delay: 0.4s; 212 | } 213 | 214 | .fadeIn.second { 215 | -webkit-animation-delay: 0.6s; 216 | -moz-animation-delay: 0.6s; 217 | animation-delay: 0.6s; 218 | } 219 | 220 | .fadeIn.third { 221 | -webkit-animation-delay: 0.8s; 222 | -moz-animation-delay: 0.8s; 223 | animation-delay: 0.8s; 224 | } 225 | 226 | .fadeIn.fourth { 227 | -webkit-animation-delay: 1s; 228 | -moz-animation-delay: 1s; 229 | animation-delay: 1s; 230 | } 231 | 232 | /* Simple CSS3 Fade-in Animation */ 233 | .underlineHover:after { 234 | display: block; 235 | left: 0; 236 | bottom: -10px; 237 | width: 0; 238 | height: 2px; 239 | background-color: #56baed; 240 | content: ""; 241 | transition: width 0.2s; 242 | } 243 | 244 | .underlineHover:hover { 245 | color: #0d0d0d; 246 | } 247 | 248 | .underlineHover:hover:after{ 249 | width: 100%; 250 | } 251 | 252 | 253 | 254 | /* OTHERS */ 255 | 256 | *:focus { 257 | outline: none; 258 | } 259 | 260 | #icon { 261 | width:60%; 262 | } 263 | -------------------------------------------------------------------------------- /src/app/login/login.component.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |
7 |
8 | 9 | 10 | 11 |
12 | User Icon 13 |
14 | 15 | 16 |
17 | 18 | 19 | 20 |
21 | 22 | 23 | 26 | 27 |
28 |
-------------------------------------------------------------------------------- /src/app/login/login.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { LoginComponent } from './login.component'; 4 | 5 | describe('LoginComponent', () => { 6 | let component: LoginComponent; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ LoginComponent ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(LoginComponent); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/login/login.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { Router } from '@angular/router'; 3 | import { AuthService } from '../auth.service'; 4 | 5 | @Component({ 6 | selector: 'app-login', 7 | templateUrl: './login.component.html', 8 | styleUrls: ['./login.component.css'] 9 | }) 10 | export class LoginComponent implements OnInit { 11 | 12 | username:String =""; 13 | password:String =""; 14 | constructor(private authService:AuthService,private router:Router) { } 15 | 16 | ngOnInit(): void { 17 | this.authService.getUserName(); 18 | 19 | } 20 | 21 | login(){ 22 | this.authService.login(this.username,this.password).subscribe((response:any) => { 23 | this.authService.setUserInfo({'user':response.user}) 24 | this.authService.getUserName(); 25 | this.router.navigate(['home']) 26 | }) 27 | } 28 | 29 | } 30 | -------------------------------------------------------------------------------- /src/app/overview/overview.component.css: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/app/overview/overview.component.css -------------------------------------------------------------------------------- /src/app/overview/overview.component.html: -------------------------------------------------------------------------------- 1 |

Try to hack it

2 |
3 | -------------------------------------------------------------------------------- /src/app/overview/overview.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { OverviewComponent } from './overview.component'; 4 | 5 | describe('OverviewComponent', () => { 6 | let component: OverviewComponent; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ OverviewComponent ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(OverviewComponent); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/overview/overview.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | 3 | @Component({ 4 | selector: 'app-overview', 5 | templateUrl: './overview.component.html', 6 | styleUrls: ['./overview.component.css'] 7 | }) 8 | export class OverviewComponent implements OnInit { 9 | 10 | constructor() { } 11 | 12 | ngOnInit(): void { 13 | } 14 | 15 | } 16 | -------------------------------------------------------------------------------- /src/app/register/register.component.css: -------------------------------------------------------------------------------- 1 | 2 | /* BASIC */ 3 | 4 | html { 5 | background-color: #56baed; 6 | } 7 | 8 | body { 9 | font-family: "Poppins", sans-serif; 10 | height: 100vh; 11 | } 12 | 13 | a { 14 | color: #92badd; 15 | display:inline-block; 16 | text-decoration: none; 17 | font-weight: 400; 18 | } 19 | 20 | h2 { 21 | text-align: center; 22 | font-size: 16px; 23 | font-weight: 600; 24 | text-transform: uppercase; 25 | display:inline-block; 26 | margin: 40px 8px 10px 8px; 27 | color: #cccccc; 28 | } 29 | 30 | 31 | 32 | /* STRUCTURE */ 33 | 34 | .wrapper { 35 | display: flex; 36 | align-items: center; 37 | flex-direction: column; 38 | justify-content: center; 39 | width: 100%; 40 | min-height: 100%; 41 | padding: 20px; 42 | } 43 | 44 | #formContent { 45 | -webkit-border-radius: 10px 10px 10px 10px; 46 | border-radius: 10px 10px 10px 10px; 47 | background: #fff; 48 | padding: 30px; 49 | width: 90%; 50 | max-width: 450px; 51 | position: relative; 52 | padding: 0px; 53 | -webkit-box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3); 54 | box-shadow: 0 30px 60px 0 rgba(0,0,0,0.3); 55 | text-align: center; 56 | } 57 | 58 | #formFooter { 59 | background-color: #f6f6f6; 60 | border-top: 1px solid #dce8f1; 61 | padding: 25px; 62 | text-align: center; 63 | -webkit-border-radius: 0 0 10px 10px; 64 | border-radius: 0 0 10px 10px; 65 | } 66 | 67 | 68 | 69 | /* TABS */ 70 | 71 | h2.inactive { 72 | color: #cccccc; 73 | } 74 | 75 | h2.active { 76 | color: #0d0d0d; 77 | border-bottom: 2px solid #5fbae9; 78 | } 79 | 80 | 81 | 82 | /* FORM TYPOGRAPHY*/ 83 | 84 | input[type=button], input[type=submit], input[type=reset] { 85 | background-color: #56baed; 86 | border: none; 87 | color: white; 88 | padding: 15px 80px; 89 | text-align: center; 90 | text-decoration: none; 91 | display: inline-block; 92 | text-transform: uppercase; 93 | font-size: 13px; 94 | -webkit-box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4); 95 | box-shadow: 0 10px 30px 0 rgba(95,186,233,0.4); 96 | -webkit-border-radius: 5px 5px 5px 5px; 97 | border-radius: 5px 5px 5px 5px; 98 | margin: 5px 20px 40px 20px; 99 | -webkit-transition: all 0.3s ease-in-out; 100 | -moz-transition: all 0.3s ease-in-out; 101 | -ms-transition: all 0.3s ease-in-out; 102 | -o-transition: all 0.3s ease-in-out; 103 | transition: all 0.3s ease-in-out; 104 | } 105 | 106 | input[type=button]:hover, input[type=submit]:hover, input[type=reset]:hover { 107 | background-color: #39ace7; 108 | } 109 | 110 | input[type=button]:active, input[type=submit]:active, input[type=reset]:active { 111 | -moz-transform: scale(0.95); 112 | -webkit-transform: scale(0.95); 113 | -o-transform: scale(0.95); 114 | -ms-transform: scale(0.95); 115 | transform: scale(0.95); 116 | } 117 | 118 | input[type=text] { 119 | background-color: #f6f6f6; 120 | border: none; 121 | color: #0d0d0d; 122 | padding: 15px 32px; 123 | text-align: center; 124 | text-decoration: none; 125 | display: inline-block; 126 | font-size: 16px; 127 | margin: 5px; 128 | width: 85%; 129 | border: 2px solid #f6f6f6; 130 | -webkit-transition: all 0.5s ease-in-out; 131 | -moz-transition: all 0.5s ease-in-out; 132 | -ms-transition: all 0.5s ease-in-out; 133 | -o-transition: all 0.5s ease-in-out; 134 | transition: all 0.5s ease-in-out; 135 | -webkit-border-radius: 5px 5px 5px 5px; 136 | border-radius: 5px 5px 5px 5px; 137 | } 138 | 139 | input[type=text]:focus { 140 | background-color: #fff; 141 | border-bottom: 2px solid #5fbae9; 142 | } 143 | 144 | input[type=text]:placeholder { 145 | color: #cccccc; 146 | } 147 | 148 | 149 | 150 | /* ANIMATIONS */ 151 | 152 | /* Simple CSS3 Fade-in-down Animation */ 153 | .fadeInDown { 154 | -webkit-animation-name: fadeInDown; 155 | animation-name: fadeInDown; 156 | -webkit-animation-duration: 1s; 157 | animation-duration: 1s; 158 | -webkit-animation-fill-mode: both; 159 | animation-fill-mode: both; 160 | } 161 | 162 | @-webkit-keyframes fadeInDown { 163 | 0% { 164 | opacity: 0; 165 | -webkit-transform: translate3d(0, -100%, 0); 166 | transform: translate3d(0, -100%, 0); 167 | } 168 | 100% { 169 | opacity: 1; 170 | -webkit-transform: none; 171 | transform: none; 172 | } 173 | } 174 | 175 | @keyframes fadeInDown { 176 | 0% { 177 | opacity: 0; 178 | -webkit-transform: translate3d(0, -100%, 0); 179 | transform: translate3d(0, -100%, 0); 180 | } 181 | 100% { 182 | opacity: 1; 183 | -webkit-transform: none; 184 | transform: none; 185 | } 186 | } 187 | 188 | /* Simple CSS3 Fade-in Animation */ 189 | @-webkit-keyframes fadeIn { from { opacity:0; } to { opacity:1; } } 190 | @-moz-keyframes fadeIn { from { opacity:0; } to { opacity:1; } } 191 | @keyframes fadeIn { from { opacity:0; } to { opacity:1; } } 192 | 193 | .fadeIn { 194 | opacity:0; 195 | -webkit-animation:fadeIn ease-in 1; 196 | -moz-animation:fadeIn ease-in 1; 197 | animation:fadeIn ease-in 1; 198 | 199 | -webkit-animation-fill-mode:forwards; 200 | -moz-animation-fill-mode:forwards; 201 | animation-fill-mode:forwards; 202 | 203 | -webkit-animation-duration:1s; 204 | -moz-animation-duration:1s; 205 | animation-duration:1s; 206 | } 207 | 208 | .fadeIn.first { 209 | -webkit-animation-delay: 0.4s; 210 | -moz-animation-delay: 0.4s; 211 | animation-delay: 0.4s; 212 | } 213 | 214 | .fadeIn.second { 215 | -webkit-animation-delay: 0.6s; 216 | -moz-animation-delay: 0.6s; 217 | animation-delay: 0.6s; 218 | } 219 | 220 | .fadeIn.third { 221 | -webkit-animation-delay: 0.8s; 222 | -moz-animation-delay: 0.8s; 223 | animation-delay: 0.8s; 224 | } 225 | 226 | .fadeIn.fourth { 227 | -webkit-animation-delay: 1s; 228 | -moz-animation-delay: 1s; 229 | animation-delay: 1s; 230 | } 231 | 232 | /* Simple CSS3 Fade-in Animation */ 233 | .underlineHover:after { 234 | display: block; 235 | left: 0; 236 | bottom: -10px; 237 | width: 0; 238 | height: 2px; 239 | background-color: #e7ceec; 240 | content: ""; 241 | transition: width 0.2s; 242 | } 243 | 244 | .underlineHover:hover { 245 | color: #0d0d0d; 246 | } 247 | 248 | .underlineHover:hover:after{ 249 | width: 100%; 250 | } 251 | 252 | 253 | 254 | /* OTHERS */ 255 | 256 | *:focus { 257 | outline: none; 258 | } 259 | 260 | #icon { 261 | width:60%; 262 | } 263 | -------------------------------------------------------------------------------- /src/app/register/register.component.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 |
7 |
8 | 9 | 10 | 11 |
12 | User Icon 13 |
14 | 15 | 16 |
17 | 18 | 19 | 20 |
21 | 22 | 23 | 26 | 27 |
28 |
-------------------------------------------------------------------------------- /src/app/register/register.component.spec.ts: -------------------------------------------------------------------------------- 1 | import { ComponentFixture, TestBed } from '@angular/core/testing'; 2 | 3 | import { RegisterComponent } from './register.component'; 4 | 5 | describe('RegisterComponent', () => { 6 | let component: RegisterComponent; 7 | let fixture: ComponentFixture; 8 | 9 | beforeEach(async () => { 10 | await TestBed.configureTestingModule({ 11 | declarations: [ RegisterComponent ] 12 | }) 13 | .compileComponents(); 14 | }); 15 | 16 | beforeEach(() => { 17 | fixture = TestBed.createComponent(RegisterComponent); 18 | component = fixture.componentInstance; 19 | fixture.detectChanges(); 20 | }); 21 | 22 | it('should create', () => { 23 | expect(component).toBeTruthy(); 24 | }); 25 | }); 26 | -------------------------------------------------------------------------------- /src/app/register/register.component.ts: -------------------------------------------------------------------------------- 1 | import { Component, OnInit } from '@angular/core'; 2 | import { Router } from '@angular/router'; 3 | import { AuthService } from '../auth.service'; 4 | 5 | @Component({ 6 | selector: 'app-register', 7 | templateUrl: './register.component.html', 8 | styleUrls: ['./register.component.css'] 9 | }) 10 | export class RegisterComponent implements OnInit { 11 | username:String =""; 12 | password:String =""; 13 | constructor(private authService:AuthService,private router:Router) { } 14 | 15 | ngOnInit(): void { 16 | this.authService.getUserName(); 17 | } 18 | register(){ 19 | this.authService.register(this.username,this.password).subscribe((response:any) => { 20 | this.router.navigate(['login']) 21 | }) 22 | } 23 | } 24 | -------------------------------------------------------------------------------- /src/assets/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/assets/.gitkeep -------------------------------------------------------------------------------- /src/assets/images/login.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/assets/images/login.png -------------------------------------------------------------------------------- /src/assets/images/profile.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/assets/images/profile.png -------------------------------------------------------------------------------- /src/environments/environment.prod.ts: -------------------------------------------------------------------------------- 1 | export const environment = { 2 | production: true 3 | }; 4 | -------------------------------------------------------------------------------- /src/environments/environment.ts: -------------------------------------------------------------------------------- 1 | // This file can be replaced during build by using the `fileReplacements` array. 2 | // `ng build` replaces `environment.ts` with `environment.prod.ts`. 3 | // The list of file replacements can be found in `angular.json`. 4 | 5 | export const environment = { 6 | production: false 7 | }; 8 | 9 | /* 10 | * For easier debugging in development mode, you can import the following file 11 | * to ignore zone related error stack frames such as `zone.run`, `zoneDelegate.invokeTask`. 12 | * 13 | * This import should be commented out in production mode because it will have a negative impact 14 | * on performance if an error is thrown. 15 | */ 16 | // import 'zone.js/plugins/zone-error'; // Included with Angular CLI. 17 | -------------------------------------------------------------------------------- /src/favicon.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/leihehehe/nodejs-vul-labs/ab74618d9d41f5c4fda87fd993d794883791b746/src/favicon.ico -------------------------------------------------------------------------------- /src/index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | NodejsLabs 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | -------------------------------------------------------------------------------- /src/main.ts: -------------------------------------------------------------------------------- 1 | import { enableProdMode } from '@angular/core'; 2 | import { platformBrowserDynamic } from '@angular/platform-browser-dynamic'; 3 | 4 | import { AppModule } from './app/app.module'; 5 | import { environment } from './environments/environment'; 6 | 7 | if (environment.production) { 8 | enableProdMode(); 9 | } 10 | 11 | platformBrowserDynamic().bootstrapModule(AppModule) 12 | .catch(err => console.error(err)); 13 | -------------------------------------------------------------------------------- /src/polyfills.ts: -------------------------------------------------------------------------------- 1 | /** 2 | * This file includes polyfills needed by Angular and is loaded before the app. 3 | * You can add your own extra polyfills to this file. 4 | * 5 | * This file is divided into 2 sections: 6 | * 1. Browser polyfills. These are applied before loading ZoneJS and are sorted by browsers. 7 | * 2. Application imports. Files imported after ZoneJS that should be loaded before your main 8 | * file. 9 | * 10 | * The current setup is for so-called "evergreen" browsers; the last versions of browsers that 11 | * automatically update themselves. This includes recent versions of Safari, Chrome (including 12 | * Opera), Edge on the desktop, and iOS and Chrome on mobile. 13 | * 14 | * Learn more in https://angular.io/guide/browser-support 15 | */ 16 | 17 | /*************************************************************************************************** 18 | * BROWSER POLYFILLS 19 | */ 20 | 21 | /** 22 | * By default, zone.js will patch all possible macroTask and DomEvents 23 | * user can disable parts of macroTask/DomEvents patch by setting following flags 24 | * because those flags need to be set before `zone.js` being loaded, and webpack 25 | * will put import in the top of bundle, so user need to create a separate file 26 | * in this directory (for example: zone-flags.ts), and put the following flags 27 | * into that file, and then add the following code before importing zone.js. 28 | * import './zone-flags'; 29 | * 30 | * The flags allowed in zone-flags.ts are listed here. 31 | * 32 | * The following flags will work for all browsers. 33 | * 34 | * (window as any).__Zone_disable_requestAnimationFrame = true; // disable patch requestAnimationFrame 35 | * (window as any).__Zone_disable_on_property = true; // disable patch onProperty such as onclick 36 | * (window as any).__zone_symbol__UNPATCHED_EVENTS = ['scroll', 'mousemove']; // disable patch specified eventNames 37 | * 38 | * in IE/Edge developer tools, the addEventListener will also be wrapped by zone.js 39 | * with the following flag, it will bypass `zone.js` patch for IE/Edge 40 | * 41 | * (window as any).__Zone_enable_cross_context_check = true; 42 | * 43 | */ 44 | 45 | /*************************************************************************************************** 46 | * Zone JS is required by default for Angular itself. 47 | */ 48 | import 'zone.js'; // Included with Angular CLI. 49 | 50 | 51 | /*************************************************************************************************** 52 | * APPLICATION IMPORTS 53 | */ 54 | -------------------------------------------------------------------------------- /src/styles.css: -------------------------------------------------------------------------------- 1 | /* You can add global styles to this file, and also import other style files */ 2 | -------------------------------------------------------------------------------- /src/test.ts: -------------------------------------------------------------------------------- 1 | // This file is required by karma.conf.js and loads recursively all the .spec and framework files 2 | 3 | import 'zone.js/testing'; 4 | import { getTestBed } from '@angular/core/testing'; 5 | import { 6 | BrowserDynamicTestingModule, 7 | platformBrowserDynamicTesting 8 | } from '@angular/platform-browser-dynamic/testing'; 9 | 10 | declare const require: { 11 | context(path: string, deep?: boolean, filter?: RegExp): { 12 | keys(): string[]; 13 | (id: string): T; 14 | }; 15 | }; 16 | 17 | // First, initialize the Angular testing environment. 18 | getTestBed().initTestEnvironment( 19 | BrowserDynamicTestingModule, 20 | platformBrowserDynamicTesting(), 21 | ); 22 | 23 | // Then we find all the tests. 24 | const context = require.context('./', true, /\.spec\.ts$/); 25 | // And load the modules. 26 | context.keys().map(context); 27 | -------------------------------------------------------------------------------- /test.py: -------------------------------------------------------------------------------- 1 | 2 | import getopt 3 | import sys 4 | import time 5 | global phoneNumber 6 | try: 7 | opts,args = getopt.getopt(sys.argv[1:],"n:",["phoneNumber"]) 8 | except getopt.GetoptError as err: 9 | print(str(err)) 10 | 11 | for o,a in opts: 12 | if o in ('-n'): 13 | phoneNumber =a 14 | 15 | i=0 16 | 17 | print("Start to attacking...\n") 18 | 19 | time.sleep( 10 ) 20 | 21 | print("Finished!\n") 22 | -------------------------------------------------------------------------------- /tsconfig.app.json: -------------------------------------------------------------------------------- 1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */ 2 | { 3 | "extends": "./tsconfig.json", 4 | "compilerOptions": { 5 | "outDir": "./out-tsc/app", 6 | "types": [] 7 | }, 8 | "files": [ 9 | "src/main.ts", 10 | "src/polyfills.ts" 11 | ], 12 | "include": [ 13 | "src/**/*.d.ts" 14 | ] 15 | } 16 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */ 2 | { 3 | "compileOnSave": false, 4 | "compilerOptions": { 5 | "baseUrl": "./", 6 | "outDir": "./dist/out-tsc", 7 | "forceConsistentCasingInFileNames": true, 8 | "strict": true, 9 | "noImplicitOverride": true, 10 | "noPropertyAccessFromIndexSignature": true, 11 | "noImplicitReturns": true, 12 | "noFallthroughCasesInSwitch": true, 13 | "sourceMap": true, 14 | "declaration": false, 15 | "downlevelIteration": true, 16 | "experimentalDecorators": true, 17 | "moduleResolution": "node", 18 | "importHelpers": true, 19 | "target": "es2017", 20 | "module": "es2020", 21 | "lib": [ 22 | "es2020", 23 | "dom" 24 | ] 25 | }, 26 | "angularCompilerOptions": { 27 | "enableI18nLegacyMessageIdFormat": false, 28 | "strictInjectionParameters": true, 29 | "strictInputAccessModifiers": true, 30 | "strictTemplates": true 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /tsconfig.spec.json: -------------------------------------------------------------------------------- 1 | /* To learn more about this file see: https://angular.io/config/tsconfig. */ 2 | { 3 | "extends": "./tsconfig.json", 4 | "compilerOptions": { 5 | "outDir": "./out-tsc/spec", 6 | "types": [ 7 | "jasmine" 8 | ] 9 | }, 10 | "files": [ 11 | "src/test.ts", 12 | "src/polyfills.ts" 13 | ], 14 | "include": [ 15 | "src/**/*.spec.ts", 16 | "src/**/*.d.ts" 17 | ] 18 | } 19 | --------------------------------------------------------------------------------