Reddit Clone is designed as a CTF challenge to help developers practice identifying, exploiting and mitigate common vulnerabilities in modern web applications. I intentionally included vulnerabilities such as XSS's, SSRF, SQL injection ,multiple IDORs, and file upload vulnerabilities. The goal is to offer a safe and controlled environment where security enthusiasts can hone their skills in a fun and challenging way. Despite these vulnerabilities, I utilize secure technologies such as Google Cloud, Next.js, Chakra UI, TypeScript, and Recoil. The platform allows users to create and join communities, upvote and downvote posts, and engage in real-time community chat and Dark Mode & Light Mode.
- Create Community, Join Community, Leave Community, Upvote and Downvote Posts(you can only post in a community)
- User Profile Section
- Conversation Section (Reddit Clone Live Chat)
|
|
|
|
|
|
To run this project, you will need to add the following environment variables to your .env file
NEXT_PUBLIC_FIREBASE_API_KEY
NEXT_PUBLIC_FIREBASE_AUTH_DOMAIN
NEXT_PUBLIC_FIREBASE_PROJECT_ID
NEXT_PUBLIC_FIREBASE_STORAGE_BUCKET
NEXT_PUBLIC_FIREBASE_MESSAGING_SET
NEXT_PUBLIC_FIREBASE_APP_ID
NEXT_PUBLIC_BASE_URL
Clone the project
git clone https://github.com/Am0stafa/Reddit-Clone.gitchange directory
cd Reddit-CloneInstall dependencies
npm installStart the server
npm run devVisit the app
http://localhost:3000
The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.
Check out our Next.js deployment documentation for more details.
Reflected XSS
-
Solution
- there goes the solution
-
Hint
- there goes the hit
Stored XSS
-
Solution
- there goes the solution
-
Hint
- there goes the hit