sample to exploit deserialization bug

Author: ajinabraham

Diff for: deserialization.js

@@ -0,0 +1,23 @@
+var express = require('express');
+var cookieParser = require('cookie-parser');
+var escape = require('escape-html');
+var serialize = require('node-serialize');
+var app = express();
+app.use(cookieParser())
+ 
+app.get('/', function(req, res) {
+ if (req.cookies.profile) {
+   var str = new Buffer(req.cookies.profile, 'base64').toString();
+   var obj = serialize.unserialize(str);
+   if (obj.username) {
+     res.send("Hello " + escape(obj.username));
+   }
+ } else {
+     res.cookie('profile', "eyJ1c2VybmFtZSI6ImFqaW4iLCJjb3VudHJ5IjoiaW5kaWEiLCJjaXR5IjoiYmFuZ2Fsb3JlIn0=", {
+       maxAge: 900000,
+       httpOnly: true
+     });
+ }
+ res.send("Hello World");
+});
+app.listen(3000);