Skip to content

kaakaww/vuln_node_express

Repository files navigation

Vulnerable Node Express

This is a vulnerable Node Express service meant to be used as a target for security testing tools. All code in this repository is for testing purposes only.

Build and Run

Install NPM Dependencies

npm install

Initialize SQLite DB

node bootstrapdb.js

Run

DEBUG=myapp:* npm start

Build and Run with Docker

Build Docker Image

docker build --tag stackhawk/nodeexpressvulny .

Run Docker Container

docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny

Build and Run in Docker Compose

docker-compose up --build --detach

Known Vulnerabilities

  • SQL Injection via search box. - item%' union all select * from user; --
  • Cross Site Scripting via search box. - <script>alert("hey guy");</script>

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published