Ninjasworkout - Vulnerable NodeJS Web Application
Damn Vulnerable NodeJS Application
Quick Start
Download the Repo => run npm i
Afer Installing all dependency just run the application
node app.js or nodemon app.js
ADDED BUGS
- Prototype Pollution
- No SQL Injection
- Cross site Scripting
- Broken Access Control
- Broken Session Management
- Weak Regex Implementation
- Race Condition
- CSRF -Cross Site Request Forgery
- Weak Bruteforce Protection
- User Enumeration
- Reset Password token leaking in Referrer
- Reset Password bugs
- Sensitive Data Exposure
- Unicode Case Mapping Collision
- File Upload
- SSRF
- XXE
- Open Redirection
- Directory Traversal
- Insecure Deserilization => Remote Code Execution
- Server Side Template Injection
- Timing Attack
TODO
- Improvement in User Interface
- Add New Vulnerabilities on weekly basis
- Add Documentation of all the Vulnerabilites
Issues
- In case of bugs in the application, feel free to create an issues on github.
Contribution
- Feel free to create a pull request for any contribution.
Source: www.kitploit.com
Ninjasworkout - Vulnerable NodeJS Web Application
Reviewed by Anonymous
on
12:40 PM
Rating: