From d8acaef0a6573be6efa5fffe8f6feac422e03491 Mon Sep 17 00:00:00 2001
From: cwong-scw <53287328+cwong-scw@users.noreply.github.com>
Date: Tue, 5 Jan 2021 12:38:06 +1100
Subject: [PATCH] Update app.js

---
 app.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app.js b/app.js
index 222f9a9..cba73fb 100644
--- a/app.js
+++ b/app.js
@@ -4,7 +4,8 @@ const port = 3000
 
 app.get('/', (req, res) => res.send('Hello World!'))
 app.get('/foo/:id', (req, res) => {
-    res.send('Hello world!')
+    eval(`console.log("Code injection vulnerability here: ${req.params.id}")`);
+    res.send(`Hello XSS: ${req.params.id}`)
 })
 
 app.listen(port, () => console.log(`Example app listening on port ${port}!`))