Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Getting suspicious error on Nodejs web app

I am getting the following error in my Nodejs running app:

URIError: Failed to decode param '/cgi-bin/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/.%%%%32%%65/bin/sh'

What could be the cause and how to solve it ?

I searched for this error on web but did not found any results on how to solve the problem

like image 316
Keloo Kel Avatar asked Sep 01 '25 10:09

Keloo Kel


2 Answers

Thank you @devpolo , using the following lines of code, solved my problem:

app.use(function(req, res, next) {
var err = null;
try {
    decodeURIComponent(req.path)
}
catch(e) {
    err = e;
}
if (err){
    console.log(err, req.url);
    return res.redirect('/404');    
}
next(); });
like image 77
Keloo Kel Avatar answered Sep 04 '25 01:09

Keloo Kel


More about this vulnerability exploration: https://nvd.nist.gov/vuln/detail/CVE-2021-42013

simplifying:

app.use(function(req, res, next) {

try {
    decodeURIComponent(req.path)
}
catch(e) {
    console.log(new Date().toLocaleString(), req.url, e);
    return res.redirect('/404'); 
}
next(); });
like image 23
Renan Moreira Avatar answered Sep 04 '25 03:09

Renan Moreira