Ninjasworkout - Vulnerable NodeJS Web Application
Damn Vulnerable NodeJS Application
Quick Start
Download the Repo =>
run npm i
Afer Installing all dependency just run the application
node app.js or nodemon app.js
ADDED BUGS
- Prototype Pollution
- No SQL Injection
- Cross site Scripting
- Broken Access Control
- Broken Session Management
- Weak Regex Implementation
- Race Condition
- CSRF -Cross Site Request Forgery
- Weak Bruteforce Protection
- User Enumeration
- Reset Password token leaking in Referrer
- Reset Password bugs
- Sensitive Data Exposure
- Unicode Case Mapping Collision
- File Upload
- SSRF
- XXE
- Open Redirection
- Directory Traversal
- Insecure Deserilization => Remote Code Execution
- Server Side Template Injection
- Timing Attack
TODO
- Improvement in User Interface
- Add New Vulnerabilities on weekly basis
- Add Documentation of all the Vulnerabilites
Issues
- In case of bugs in the application, feel free to create an issues on github.
Contribution
- Feel free to create a pull request for any contribution.
Ninjasworkout - Vulnerable NodeJS Web Application
Reviewed by Zion3R
on
5:30 PM
Rating:
![Ninjasworkout - Vulnerable NodeJS Web Application](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi7N3sl4no6TrYqlkVFXDK2ZFLIQIdBN4G_3X8gMlYNtcW0b-7Fm5zQ7dmkA1LStR_X9R8jbTzO7pIu_frQvLnmCK6wqrVnd0Gg9i-3SyIPK1crqZWZOS9MLLRjqBVilMHp1sV6CvWnN2o/s72-w640-c-h304/ninjasworkout_1-732158.png)