Skip to content

udos/vuln_node_express

5 Branches0 Tags
This branch is 6 commits ahead of, 28 commits behind kaakaww/vuln_node_express:main.

Folders and files

NameName
Last commit message
Last commit date

Latest commit

udosudos
Update build-and-test.yml
Nov 16, 2021
77c879f · Nov 16, 2021

History

18 Commits
.github/workflows
.github/workflows
Nov 16, 2021
bin
bin
Aug 21, 2019
db
db
Mar 31, 2021
public/stylesheets
public/stylesheets
Aug 19, 2019
routes
routes
Aug 21, 2019
service
service
Aug 21, 2019
views
views
Aug 19, 2019
.dockerignore
.dockerignore
Aug 21, 2019
.gitignore
.gitignore
Aug 19, 2019
Dockerfile
Dockerfile
Apr 20, 2021
README.md
README.md
Mar 30, 2021
app.js
app.js
Aug 21, 2019
bootstrapdb.js
bootstrapdb.js
Mar 30, 2021
docker-compose.yml
docker-compose.yml
Mar 29, 2021
package-lock.json
package-lock.json
Nov 16, 2021
package.json
package.json
Nov 16, 2021
stackhawk.yml
stackhawk.yml
Nov 16, 2021

Repository files navigation

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

  • SQL Injection via search box. - item%' union all select * from user; --
  • Cross Site Scripting via search box. - <script>alert("hey guy");</script>

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • JavaScript 85.1%
  • Pug 11.4%
  • Dockerfile 1.8%
  • CSS 1.7%