/ninjasworkout

Vulnerable NodeJS Web Application

Primary LanguagePug

Damn Vulnerable NodeJS Application

Quick Start

Download the Repo => 

run npm i

Afer Installing all dependency just run the application

node app.js or nodemon app.js

image

ADDED BUGS

  • Prototype Pollution ✅1
  • No SQL Injection ✅2
  • Cross site Scripting ✅3
  • Broken Access Control ✅4
  • Broken Session Management ✅5
  • Weak Regex Implementation ✅ 6
  • Race Condition ✅7
  • CSRF -Cross Site Request Forgery ✅8
  • Weak Bruteforce Protection ✅9
  • User Enumeration ✅10
  • Reset Password token leaking in Referrer ✅11
  • Reset Password bugs ✅12
  • Sensitive Data Exposure ✅13
  • Unicode Case Mapping Collision ✅14
  • File Upload ✅ 15
  • SSRF ✅ 16
  • XXE
  • Open Redirection ✅ 17
  • Directory Traversal ✅ 18
  • Insecure Deserilization => Remote Code Execution ✅ 19
  • Server Side Template Injection 🚶‍♂️🚶‍♂️🚶‍
  • Timing Attack 🚶‍♂️🚶‍♂️🚶‍

⚠️⚠️ Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js⚠️⚠️

TODO

  • Improvement in User Interface
  • Add New Vulnerabilities on weekly basis
  • Add Documentation of all the Vulnerabilites

Issues

  • In case of bugs in the application, feel free to create an issues on github.

Contribution

  • Feel free to create a pull request for any contribution.