Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/effortlessdevsec/ninjasworkout

Vulnerable NodeJS Web Application
https://github.com/effortlessdevsec/ninjasworkout

bugbounty nodejs penetration-testing vulnerability-assessment

Last synced: 2 days ago
JSON representation

Vulnerable NodeJS Web Application

Awesome Lists containing this project

README 

          
#  Damn Vulnerable NodeJS Application



## Quick Start



```

Download the Repo => 



run npm i



```



Afer Installing all dependency just run the application



```

node app.js or nodemon app.js



```

![image](https://user-images.githubusercontent.com/30777722/138400223-7fbb4ef0-9143-40ca-adb8-37a986346910.png)



## ADDED BUGS



 - Prototype Pollution ✅1

 - No SQL Injection ✅2

 - Cross site Scripting ✅3

 - Broken Access Control ✅4

-  Broken Session Management ✅5

 - Weak Regex Implementation ✅ 6

 - Race Condition ✅7

 - CSRF -Cross Site Request Forgery ✅8

 - Weak   Bruteforce Protection  ✅9

 - User Enumeration ✅10

 - Reset Password token leaking in Referrer ✅11

 - Reset Password bugs ✅12

-  Sensitive Data Exposure ✅13

 - Unicode Case Mapping Collision ✅14

 - File Upload ✅ 15

-  SSRF ✅ 16

-   XXE

-   Open Redirection ✅ 17

-   Directory Traversal ✅ 18

-   Insecure Deserilization => Remote Code Execution ✅ 19

-   Server Side Template Injection   🚶‍♂️🚶‍♂️🚶‍

-  Timing Attack 🚶‍♂️🚶‍♂️🚶‍



⚠️⚠️ Reset Password Module will not work !! You have to configure SMTP !! in utils=>sendmail.js⚠️⚠️



# TODO



- Improvement in User Interface

- Add New Vulnerabilities on weekly basis

- Add Documentation of all the Vulnerabilites



# Issues

- In case of bugs in the application, feel free to create an [issues](https://github.com/effortlessdevsec/ninjasworkout/issues) on github.



# Contribution

- Feel free to create a pull request for any contribution.