Javascript Snippet #05

This challenge covers the review of a snippet of code written in JavaScript

< 1 Hr.


The Code Review Snippet challenges provide a small snippet of vulnerable code for you to analyze. Initially, you should attempt to identify the issue on your own. If you struggle to find the problem, need confirmation, or wish to learn more, the video offers a detailed explanation.

In this specific challenge, we review a JavaScript snippet using the Express framework. The vulnerability lies in logging user input without proper encoding, leading to potential log injection attacks. This happens when an attacker manipulates the `req.query.path` parameter to inject new lines into the log, thereby altering the log file contents.

Want to learn more? Get started with PentesterLab Pro! GO PRO