Damn Vulnerable NodeJS Application

Quick Start

Download the Repo => 

run npm i

Afer Installing all dependency just run the application

node app.js or nodemon app.js

ADDED BUGS

• Prototype Pollution ✅1
• No SQL Injection ✅2
• Cross site Scripting ✅3
• Broken Access Control ✅4
• Broken Session Management ✅5
• Weak Regex Implementation ✅ 6
• Race Condition ✅7
• CSRF -Cross Site Request Forgery ✅8
• Weak Bruteforce Protection ✅9
• User Enumeration ✅10
• Reset Password token leaking in Referrer ✅11
• Reset Password bugs ✅12
• Sensitive Data Exposure ✅13
• Unicode Case Mapping Collision ✅14
• File Upload ✅ 15
• SSRF ✅ 16
• XXE
• Open Redirection ✅ 17
• Directory Traversal ✅ 18
• Insecure Deserilization => Remote Code Execution ✅ 19
• Server Side Template Injection 🚶‍♂️🚶‍♂️🚶‍
• Timing Attack 🚶‍♂️🚶‍♂️🚶‍

⚠️⚠️ Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js⚠️⚠️

TODO

• Improvement in User Interface
• Add New Vulnerabilities on weekly basis
• Add Documentation of all the Vulnerabilites

Issues

• In case of bugs in the application, feel free to create an issues on github.

Contribution

• Feel free to create a pull request for any contribution.