Vulnerable Node Express
This is a vulnerable Node Express service meant to be used as a target for security testing tools.
Build and Run
Install NPM Dependencies
npm install
Initialize SQLite DB
node bootstrapdb.js
Run
DEBUG=myapp:* npm start
Build and Run with Docker
Build Docker Image
docker build --tag stackhawk/nodeexpressvulny .
Run Docker Container
docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny
Build and Run in Docker Compose
docker-compose up --build --detach
Known Vulnerabilities
- SQL Injection via search box. -
item%' union all select * from user; --
- Cross Site Scripting via search box. -
<script>alert("hey guy");</script>