mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-21 20:18:06 +02:00
17 lines
497 B
JavaScript
17 lines
497 B
JavaScript
// Phase 04 (Track J.2) — JavaScript Handlebars SSTI vuln fixture.
|
|
//
|
|
// The body is handed straight to Handlebars.compile so an attacker
|
|
// who controls the body reaches the template compiler and can render
|
|
// arbitrary helper calls.
|
|
const Handlebars = require('handlebars');
|
|
|
|
Handlebars.registerHelper('multiply', function (a, b) {
|
|
return Number(a) * Number(b);
|
|
});
|
|
|
|
function run(body) {
|
|
const template = Handlebars.compile(body);
|
|
return template({});
|
|
}
|
|
|
|
module.exports = { run };
|