From 380cb206fb8485a109657681ce2a90b800f4e57c Mon Sep 17 00:00:00 2001
From: Jeff Andersen <77063352+jeffsnyk@users.noreply.github.com>
Date: Tue, 12 Dec 2023 16:09:56 -0400
Subject: [PATCH] Create vulnerable.js

---
 vulnerable.js | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100644 vulnerable.js

diff --git a/vulnerable.js b/vulnerable.js
new file mode 100644
index 0000000..aff275e
--- /dev/null
+++ b/vulnerable.js
@@ -0,0 +1,32 @@
+const express = require('express');
+const router = express.Router()
+
+const lodash = require('lodash');
+ 
+//if req.body.config == '{"constructor": {"prototype": {"isAdmin": true}}}' it will bypass the authentication
+function check(req, res) {
+
+    let config = {};
+    lodash.defaultsDeep(config, JSON.parse(req.body.config));
+    
+    let user = getCurrentUser();
+    if(!user){
+      user = {};
+    }
+    
+    if (user.isAdmin && user.isAdmin === true) {
+        res.send('Welcome Admin')
+    }else{
+        res.send('Welcome User')
+    }
+}
+
+//fake function that get current user from session or db
+function getCurrentUser(){
+  return false;
+}
+
+
+router.post('/check-user',check)
+
+module.exports = router