Skip to content

idkwim/acme-no-login-ng

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

index.jade

index.jade

 
 

index.js

index.js

 
 

package.json

package.json

 
 

Repository files navigation

 _______                                     
(_______)                                    
 _______  ____ ____  _____                   
|  ___  |/ ___)    \| ___ |                  
| |   | ( (___| | | | ____|                  
|_|   |_|\____)_|_|_|_____)                  
                                         
 _______          _                  _       
(_______)        (_)                (_)      
 _     _  ___     _       ___   ____ _ ____  
| |   | |/ _ \   | |     / _ \ / _  | |  _ \ 
| |   | | |_| |  | |____| |_| ( (_| | | | | |
|_|   |_|\___/   |_______)___/ \___ |_|_| |_|
                              (_____|        

by Websecurify (pdp)

The following application, written on top of MongoDB, NodeJS and AngularJS, demonstrates a simple but not too obvious vulnerability in the this particular technology stack that can be used to successfully bypass the login prompt.

System Requirements

You will need docker installed and fully functional.

How To Build

Run the following command:

make docker-build

How To Use

Run the following command:

make docker-run

The application will be available on localhost:49090.

About

Demonstrates a login bypass attack against a sample MongoDB/NodeJS/AngularJS application

blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html

Resources

Readme
Activity

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 71.4%
  • Makefile 28.6%