Damn Vulnerable NodeJS Application
Quick Start
Download the Repo =>
run npm i
Afer Installing all dependency just run the application
node app.js or nodemon app.js
ADDED BUGS
- Prototype Pollution
✅ 1 - No SQL Injection
✅ 2 - Cross site Scripting
✅ 3 - Broken Access Control
✅ 4 - Broken Session Management
✅ 5 - Weak Regex Implementation
✅ 6 - Race Condition
✅ 7 - CSRF -Cross Site Request Forgery
✅ 8 - Weak Bruteforce Protection
✅ 9 - User Enumeration
✅ 10 - Reset Password token leaking in Referrer
✅ 11 - Reset Password bugs
✅ 12 - Sensitive Data Exposure
✅ 13 - Unicode Case Mapping Collision
✅ 14 - File Upload
✅ 15 - SSRF
✅ 16 - XXE
- Open Redirection
✅ 17 - Directory Traversal
✅ 18 - Insecure Deserilization => Remote Code Execution
✅ 19 - Server Side Template Injection
🚶♂️ 🚶♂️ 🚶 - Timing Attack
🚶♂️ 🚶♂️ 🚶
TODO
- Improvement in User Interface
- Add New Vulnerabilities on weekly basis
- Add Documentation of all the Vulnerabilites
Issues
- In case of bugs in the application, feel free to create an issues on github.
Contribution
- Feel free to create a pull request for any contribution.