打开代码附件,映入眼帘的就是标记好的backdoor
// backdoor
app.post("/UserList", (req, res) => {
user = req.body;
const blacklist = ["\\u", "outputFunctionName", "localsName", "escape"];
const hacker = JSON.stringify(user);
for (const pattern of blacklist) {
if (hacker.includes(pattern)) {
res.status(200).json({ message: "hacker!" });
return;
}
}
copy(users, user);
res.status(200).json(user);
});
2024/12/10大约 2 分钟
