https://github.com/vegabird/xvna

Extreme Vulnerable Node Application
https://github.com/vegabird/xvna

Last synced: about 1 month ago
JSON representation

Extreme Vulnerable Node Application

• Host: GitHub
• URL: https://github.com/vegabird/xvna
• Owner: vegabird
• Created: 2017-12-14T04:45:55.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2018-11-12T23:33:17.000Z (about 6 years ago)
• Last Synced: 2024-02-12T08:35:48.041Z (10 months ago)
• Homepage: https://www.vegabird.com/xvna-setup/
• Size: 41.8 MB
• Stars: 95
• Watchers: 5
• Forks: 37
• Open Issues: 4
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

• awesome-vulnerable-apps - Extreme Vulnerable Node Application - Extreme Vulnerable Node Application (Technologies / Node.js)
• awesome-hacking-lists - vegabird/xvna - Extreme Vulnerable Node Application (Others)

README

        
# XVNA

Extreme Vulnerable Node Application

XVNA is an extreme vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it's not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and sharpening your application security skills with any tools of your own selection. It’s all legal to interrupt or hack into this. the concept is to evangelize application security to the community in probably the best and elementary method. Learn and acquire these skills permanently purpose. however you utilize these skills and content isn't our responsibility.

Warning

Extreme Vulnerable Node Application (XVNA) is most vulnerable, don't transfer it to your hosting provider's public folder or any net facing servers, as they'll be compromised. It is recommended to use localhost.


Disclaimer

We are not resposible for any loss after using this XVNA (Extreme Vulnerable Node Application). We are clearing that this is malicious application , we are not responsible for any loss of yours. Installing it in web server may compromise your security and data.


Setup

Start mongoDB

Create DB xvna in mongoDB

Import the Collection to mongoDB given from folder collection

Start the xvna from root folder using command: node index.js

We are good to go , hit localhost:3000/app

Login Credential: email-> [email protected] password -> password


List of Vulnerability



  
A1:2017-Injection

  


    
OS Injection

    
NOSql Injection

    
Server side Js Injection

 





  
A2:2017-Broken Authentication

  
A3:2017-Sensitive Data Exposure

  


    
Sensitive Data

    
Headers
    

 

 

 


  
A6:2017-Security Misconfiguration

  
A7:2017-Cross Site Scripting

  
A8:2017-Insecure Deserialization



Visit our blog for more https://www.vegabird.com/category/extreme-vulnerable-node-application/ 


Created by Vegabird Team