Home

Welcome to dvws-node Solutions wiki!

Damn Vulnerable Web Service is a vulnerable web service/API built with an application that can be used to learn about web services and API related vulnerabilities.

This wiki contains solutions to dvws-node.

Note: This guide is currently work in progress.

Solutions

• XML External Entity Injection
• Server Side Request Forgery (SSRF)
• Username Enumeration
• NoSQL Injection
• Insecure Direct Object Reference
• Mass Assignment
• Cross Site Scripting (XSS)
• Hidden API Functionality Exposure
• SQL Injection
• Information Disclosure
• Insecure PostMessage Configuration
• Command Injection
• Prototype Pollution
• JSON Hijacking
• XPath Injection
• Cross Origin Resource-Sharing Misonfiguration
• JWT Secret Key Brute Force

ToDo

• JSON Web Token (JWT) Secret Key Brute Force
• Cross-Site Request Forgery (CSRF)
• Horizontal Access Control Issues
• Vertical Access Control Issues