A susceptible software made utilizing node.js, specific server and ejs template engine. This software is supposed for instructional functions solely.
Clone this repository
git clone https://github.com/4auvar/VulnNodeApp.git
Utility setup:
- Set up the newest node.js model with npm.
- Open terminal/command immediate and navigate to the placement of downloaded/cloned repository.
- Run command:
npm set up
DB setup
- Set up and configure newest mysql model and begin the mysql service/deamon
- Login with root person in mysql and run beneath sql script:
CREATE USER 'vulnnodeapp'@'localhost' IDENTIFIED BY 'password';
create database vuln_node_app_db;
GRANT ALL PRIVILEGES ON vuln_node_app_db.* TO 'vulnnodeapp'@'localhost';
USE vuln_node_app_db;
create desk customers (id int AUTO_INCREMENT PRIMARY KEY, fullname varchar(255), username varchar(255),password varchar(255), e mail varchar(255), telephone varchar(255), profilepic varchar(255));
insert into customers(fullname,username,password,e mail,telephone) values("test1","test1","test1","[email protected]","976543210");
insert into customers(fullname,username,password,e mail,telephone) values("test2","test2","test2","[email protected]","9887987541");
insert into customers(fullname,username,password,e mail,telephone) values("test3","test3","test3","[email protected]","9876987611");
insert into customers(fullname,username,password,e mail,telephone) values("test4","test4","test4","[email protected]","9123459876");
insert into customers(fullname,username,password,e mail,telephone) values("test5","test5","take a look at 5","[email protected]","7893451230");
Set primary setting variable
- Person must set the beneath setting variable.
- DATABASE_HOST (E.g: localhost, 127.0.0.1, and so on…)
- DATABASE_NAME (E.g: vuln_node_app_db or DB title you alter in above DB script)
- DATABASE_USER (E.g: vulnnodeapp or person title you alter in above DB script)
- DATABASE_PASS (E.g: password or password you alter in above DB script)
- Open the command immediate/terminal and navigate to the placement of your repository
- Run command:
npm begin
- Entry the applying at http://localhost:3000
- SQL Injection
- Cross Web site Scripting (XSS)
- Insecure Direct Object Reference (IDOR)
- Command Injection
- Arbitrary File Retrieval
- Common Expression Injection
- Exterior XML Entity Injection (XXE)
- Node js Deserialization
- Safety Misconfiguration
- Insecure Session Administration
- Will add new vulnerabilities akin to CORS, Template Injection, and so on…
- Enhance software documentation
- In case of bugs within the software, be happy to create an points on github.
- Be happy to create a pull request for any contribution.
You may attain me out at @4auvar