Name		Name	Last commit message	Last commit date
Latest commit History 29 Commits
.github/workflows		.github/workflows
config		config
database		database
images		images
models		models
public		public
routers		routers
utils		utils
views		views
README.md		README.md
app.js		app.js
home.html		home.html
package-lock.json		package-lock.json
package.json		package.json
proto.html		proto.html

Repository files navigation

Damn Vulnerable NodeJS Application

Quick Start

Download the Repo => 

run npm i

Afer Installing all dependency just run the application

node app.js or nodemon app.js

ADDED BUGS

Prototype Pollution ✅1
No SQL Injection ✅2
Cross site Scripting ✅3
Broken Access Control ✅4
Broken Session Management ✅5
Weak Regex Implementation ✅ 6
Race Condition ✅7
CSRF -Cross Site Request Forgery ✅8
Weak Bruteforce Protection ✅9
User Enumeration ✅10
Reset Password token leaking in Referrer ✅11
Reset Password bugs ✅12
Sensitive Data Exposure ✅13
Unicode Case Mapping Collision ✅14
File Upload ✅ 15
SSRF ✅ 16
XXE
Open Redirection ✅ 17
Directory Traversal ✅ 18
Insecure Deserilization => Remote Code Execution ✅ 19
Server Side Template Injection 🚶‍♂️🚶‍♂️🚶‍
Timing Attack 🚶‍♂️🚶‍♂️🚶‍

⚠️⚠️ Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js⚠️⚠️

TODO

Improvement in User Interface
Add New Vulnerabilities on weekly basis
Add Documentation of all the Vulnerabilites

Issues

In case of bugs in the application, feel free to create an issues on github.

Contribution

Feel free to create a pull request for any contribution.

About

Synopsys GitHub Action Fix PR Demo

Custom properties

Report repository

Releases

No releases published

Packages

No packages published

Languages