Ninjasworkout – Vulnerable NodeJS Web Application
Damn Vulnerable NodeJS Application
Quick Start
Download the Repo =>
run npm i
Afer Installing all dependency just run the application
node app.js or nodemon app.js
ADDED BUGS
- Prototype Pollution
- No SQL Injection
- Cross site Scripting
- Broken Access Control
- Broken Session Management
- Weak Regex Implementation
- Race Condition
- CSRF -Cross Site Request Forgery
- Weak Bruteforce Protection
- User Enumeration
- Reset Password token leaking in Referrer
- Reset Password bugs
- Sensitive Data Exposure
- Unicode Case Mapping Collision
- File Upload
- SSRF
- XXE
- Open Redirection
- Directory Traversal
- Insecure Deserilization => Remote Code Execution
- Server Side Template Injection
- Timing Attack
Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js
TODO
- Improvement in User Interface
- Add New Vulnerabilities on weekly basis
- Add Documentation of all the Vulnerabilites
Issues
- In case of bugs in the application, feel free to create an issues on github.
Contribution
- Feel free to create a pull request for any contribution.
Download Ninjasworkout
If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.