Ninjasworkout - Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo => run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex Implementation Race Condition CSRF -Cross Site Request Forgery Weak Bruteforce Protection User Enumeration Reset Password token leaking in Referrer Reset Password bugs Sensitive Data Exposure Unicode Case Mapping Collision File Upload SSRF XXE Open Redirection Directory Traversal Insecure Deserilization => Remote Code Execution Server Side Template Injection Timing Attack Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js TODO Improvement in User Interface Add New Vulnerabilities on weekly basis Add Documentation of all the Vulnerabilites Issues In case of bugs in the application, feel free to create an issues on github. Contribution Feel free to create a pull request for any contribution. Download Ninjasworkout

Editor_In_Chief Editor_In_Chief
Jan 27, 2022 - 08:25
0 15
Ninjasworkout - Vulnerable NodeJS Web Application


Damn Vulnerable NodeJS Application


Quick Start

Download the Repo => 

run npm i

Afer Installing all dependency just run the application

node app.js or nodemon app.js


ADDED BUGS

  • Prototype Pollution
  • No SQL Injection
  • Cross site Scripting
  • Broken Access Control
  • Broken Session Management
  • Weak Regex Implementation
  • Race Condition
  • CSRF -Cross Site Request Forgery
  • Weak Bruteforce Protection
  • User Enumeration
  • Reset Password token leaking in Referrer
  • Reset Password bugs
  • Sensitive Data Exposure
  • Unicode Case Mapping Collision
  • File Upload
  • SSRF
  • XXE
  • Open Redirection
  • Directory Traversal
  • Insecure Deserilization => Remote Code Execution
  • Server Side Template Injection
  • Timing Attack

Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js

TODO

  • Improvement in User Interface
  • Add New Vulnerabilities on weekly basis
  • Add Documentation of all the Vulnerabilites

Issues

  • In case of bugs in the application, feel free to create an issues on github.

Contribution

  • Feel free to create a pull request for any contribution.