Vulnerable NodeJS Application

Vulnerable NodeJS Application

Vulnerable NodeJS application is developed for web application penetration testers, developers, and secure code review. It can be easily deployed using docker or by manual install complete steps are provided below. this application will help you in learning how to find vulnerabilities in web applications using the black box, and white box approach and in learning how to fix them.

How to use it?

  • Black box testing: Deploy the application using docker and start solving the exercises.
  • Secure code review: Manually install the application this will allow you to use a debugger while solving the exercises and will help you in finding vulnerabilities in application code.
  • Developers: Identify vulnerabilities in application code & try to fix them.

Tech Stack

  • NodeJS
  • Application design pattern: MVC
  • Web framework: Express
  • Template Engine: EJS
  • SQL Database: MySQL
  • NoSQL Database: MongoDB
  • React to cover the ReactJS exercise
  • JWT for authentication
  • GraphQL
  • Socket.IO
  • Docker

Complete the list of exercises

  1. Command Injection
  2. Insecure Deserialization
  3. SQL Injection
  4. XML external entity injection
  5. XSS
  6. Server Side Template Injection
  7. JWT weak secret
  8. Insecure direct object references
  9. SSRF via PDF generator
  10. postMessage XSS
  11. postMessage CSRF
  12. Information Disclosure using addEventListener
  13. CORS Information Disclosure
  15. 2FA Insecure Implementation
  16. Cross-Site WebSocket Hijacking
  17. WebSocket XSS
  18. ReactJS href XSS
  19. React ref-innerHTML XSS
  20. NoSQL Injection
  21. GraphQL Information Disclosure
  22. GraphQL SQL Injection
  23. GraphQL CSRF
  24. GraphQL IDOR
  25. XSS using an SVG file upload
  26. JSONP Injection
  27. NoSQL Javascript Injection