This is a vulnerable Node Express service meant to be used as a target for security testing tools. All code in this repository is for testing purposes only.
npm install
node bootstrapdb.js
DEBUG=myapp:* npm start
docker build --tag stackhawk/nodeexpressvulny .
docker run --rm --publish 3000:3000 --name nodeexpressvulny stackhawk/nodeexpressvulny
docker-compose up --build --detach
- SQL Injection via search box. -
item%' union all select * from user; --
- Cross Site Scripting via search box. -
<script>alert("hey guy");</script>