To run the application you will need to install node
and npm
. You can check your versions in the following way:
node -v # Mine is v12.14.0
npm -v # Mine is 6.13.4
You can install node and npm with curl on Ubuntu in the following way:
sudo apt install curl
curl -sL https://deb.nodesource.com/setup_12.x | sudo -E bash -
With Homebrew:
brew install node
With bash:
curl "https://nodejs.org/dist/latest/node-${VERSION:-$(wget -qO- https://nodejs.org/dist/latest/ | sed -nE 's|._>node-(._)\.pkg</a>.\*|\1|p')}.pkg" > "$HOME/Downloads/node-latest.pkg" && sudo installer -store -pkg "$HOME/Downloads/node-latest.pkg" -target "/"
Download the Windows Installer from the nodejs.org web site
For others https://nodejs.org/en/download/package-manager
Clone the project and navigate to the project. You will need to install dependencies before you can run the app.
git clone https://github.com/valtterikodisto/vulnerable-bank
cd vulnerable-bank
npm install # Install the dependencies
To run the application, run the following in the project root:
npm start
- Easy to brute force login credentials via
/login
- Uses HTTP only so username and password can be easily captured (e.g
wireshark
) - Passwords are stored in plain text
- Easy to access another user's account with the user id
- Easy to XSS with username
- No logging for transactions which makes it easy to steal assets