Ninjasworkout – Vulnerable NodeJS Web Application

January 26, 2022

ninjasworkout 1 732158

Damn Vulnerable NodeJS Application

Quick Start

Download the Repo => 

run npm i

Afer Installing all dependency just run the application

node app.js or nodemon app.js

ninjasworkout 1 732158

ADDED BUGS

  • Prototype Pollution
  • No SQL Injection
  • Cross site Scripting
  • Broken Access Control
  • Broken Session Management
  • Weak Regex Implementation
  • Race Condition
  • CSRF -Cross Site Request Forgery
  • Weak Bruteforce Protection
  • User Enumeration
  • Reset Password token leaking in Referrer
  • Reset Password bugs
  • Sensitive Data Exposure
  • Unicode Case Mapping Collision
  • File Upload
  • SSRF
  • XXE
  • Open Redirection
  • Directory Traversal
  • Insecure Deserilization => Remote Code Execution
  • Server Side Template Injection
  • Timing Attack

Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js

TODO

  • Improvement in User Interface
  • Add New Vulnerabilities on weekly basis
  • Add Documentation of all the Vulnerabilites

Issues

  • In case of bugs in the application, feel free to create an issues on github.

Contribution

  • Feel free to create a pull request for any contribution.
Download Ninjasworkout

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Discord

Original Source
Tags: , , , ,

You may have missed

CISA Logo

CISA: CISA Releases Three Industrial Control Systems Advisories

April 27, 2024
CISA Logo

CISA: CISA and Partners Release Advisory on Akira Ransomware

April 27, 2024
CISA Logo

CISA: CISA Releases Four Industrial Control Systems Advisories

April 27, 2024
CISA Logo

CISA: Cisco Releases Security Advisories for Cisco Integrated Management Controller

April 27, 2024
CISA Logo

CISA: Oracle Releases Critical Patch Update Advisory for April 2024

April 27, 2024