diff --git a/vulnerable_examples/package.json b/vulnerable_examples/package.json
index 8e20159..f4486dd 100644
--- a/vulnerable_examples/package.json
+++ b/vulnerable_examples/package.json
@@ -12,6 +12,9 @@
   "devDependencies": {
     "xmldom": "0.4.0"
   },
+  "scripts": {
+    "greet": "echo 'Hello world'"
+  },
   "license": "MIT",
   "main": "index.js",
   "name": "test",
diff --git a/vulnerable_examples/route.js b/vulnerable_examples/route.js
new file mode 100644
index 0000000..9c39dac
--- /dev/null
+++ b/vulnerable_examples/route.js
@@ -0,0 +1,22 @@
+import { Router } from "express";
+var xpath = require("xpath");
+let fs = require("fs");
+var router = Router();
+
+router.get("/test142/", function (req, res) {
+
+    let userData = req.body;
+    let userName = userData.username;
+    let password = userData.password;
+
+    fs.readFinding("test", (error, data) => {
+
+        var findUserXPath = `//Employee[UserName/text()='${userName}' and Password/text()='${password}']`;
+        let result = xpath.select(findUserXPath, doc);
+        return result;
+
+    });
+
+});
+
+export default router;