This is a project to reproduce following web application vulnerabilities.
- CSRF (Cross-Site Request Forgery)
- Clickjacking
- Stored XSS (Cross-Site Scripting)
- SSRF (Server-Side Request Forgery)*
*SSRF works only on localhost
https://vulnerable-web-site.vercel.app/
Name | Description | Default |
---|---|---|
ENABLE_SSRF | Enable SSRF (Server-Side Request Forgery) vulnerability. | false |
ENABLE_CSP | Enable CSP (Content-Security-Policy) to prevent XSS. | false |
First, install Node.js v20.10.0
, or volta.
node -v
# v20.10.0
Install Node.js modules.
npm install
This project uses Vercel KV. Please follow the following instructions.
Run the development server:
npm run dev
Open http://localhost:3000 with your browser to see the result.
Build and start the server.
npm run build
npm run start
Open http://{server-ip-address}:3000 with your browser to see the result.
The easiest way to deploy your Next.js app is to use the Vercel Platform from the creators of Next.js.
Check out our Next.js deployment documentation for more details.
How to deploy Next.js with AWS Amplify.