Skip to content

azconger/vuln_node_express

 
 

Repository files navigation

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

.

Known Vulnerabilities

  • SQL Injection via search box. - item%' union all select * from user; --
  • Cross Site Scripting via search box. - <script>alert("hey guy");</script>

Blank comment

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 85.4%
  • Pug 11.2%
  • Dockerfile 1.8%
  • CSS 1.6%