json store

problem

solution

we are presented with this web app

const express = require("express");
const path = require("path");
const TAFFY = require("taffydb").taffy;

... etc

so this uses taffy in js.

package.json below

{
  "name": "kv-store",
  "version": "1.0.0",
  "main": "index.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1"
  },
  "author": "",
  "license": "AGPL-3.0",
  "description": "",
  "dependencies": {
    "body-parser": "^1.20.2",
    "express": "^4.19.2",
    "taffydb": "^2.7.3"
  }
}

notably, we can see from the package.json that this is a taffy version that has vulnerabilities. see here

we can literally just put in the proof of concept, change the name to admin, and win