Damn Vulnerable NodeJS Application

Quick Start

Download the Repo => 

run npm i

Afer Installing all dependency just run the application

node app.js or nodemon app.js

ADDED BUGS

• Prototype Pollution
• No SQL Injection
• Cross site Scripting
• Broken Access Control
• Broken Session Management
• Weak Regex Implementation
• Race Condition
• CSRF -Cross Site Request Forgery
• Weak Bruteforce Protection
• User Enumeration
• Reset Password token leaking in Referrer
• Reset Password bugs
• Sensitive Data Exposure
• Unicode Case Mapping Collision
• File Upload
• SSRF
• XXE
• Open Redirection
• Directory Traversal
• Insecure Deserilization => Remote Code Execution
• Server Side Template Injection
• Timing Attack

Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js

TODO

• Improvement in User Interface
• Add New Vulnerabilities on weekly basis
• Add Documentation of all the Vulnerabilites

Issues

• In case of bugs in the application, feel free to create an issues on github.

Contribution

• Feel free to create a pull request for any contribution.