Skip to content

bwvolleyball-org/vuln_node_express

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

39 Commits
.github/workflows
.github/workflows
 
 
bin
bin
 
 
db
db
 
 
public/stylesheets
public/stylesheets
 
 
routes
routes
 
 
service
service
 
 
views
views
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
.nvmrc
.nvmrc
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
app.js
app.js
 
 
bootstrapdb.js
bootstrapdb.js
 
 
docker-compose.yml
docker-compose.yml
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 
stackhawk.yml
stackhawk.yml
 
 

Repository files navigation

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools.

GitHub branch checks state

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

  • SQL Injection via search box. - item%' union all select * from user; --
  • Cross Site Scripting via search box. - <script>alert("hey guy");</script>

Come learn how to security.

Max Kaakaww!

About

No description or website provided.

Topics

nodejs example moar-flags stackhawk

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 85.5%
  • Pug 11.2%
  • Dockerfile 1.7%
  • CSS 1.6%