Skip to content

kaakaww/vuln_node_express

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits

.circleci

.circleci

 
 

bin

bin

 
 

db

db

 
 

public/stylesheets

public/stylesheets

 
 

routes

routes

 
 

service

service

 
 

views

views

 
 

.dockerignore

.dockerignore

 
 

.gitignore

.gitignore

 
 

Dockerfile

Dockerfile

 
 

README.md

README.md

 
 

app.js

app.js

 
 

azure-pipelines.yml

azure-pipelines.yml

 
 

bootstrapdb.js

bootstrapdb.js

 
 

docker-compose.yml

docker-compose.yml

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

stackhawk.yml

stackhawk.yml

 
 

Repository files navigation

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools. All code in this repository is for testing purposes only.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

  • SQL Injection via search box. - item%' union all select * from user; --
  • Cross Site Scripting via search box. - <script>alert("hey guy");</script>

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

21 stars

Watchers

8 watching

Forks

338 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 7

Languages