Skip to content

Commit

Permalink
Added Reactjs and mongoDB exercise
Browse files Browse the repository at this point in the history
  • Loading branch information
@tauh33dkhan
tauh33dkhan committed Feb 11, 2022
1 parent 46e7eee commit 3208719
Show file tree
Hide file tree
Showing 22 changed files with 707 additions and 103 deletions.
1 change: 1 addition & 0 deletions .dockerignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
.eslintrc.js
node_modules/
vuln_react_app/build/
solutions/
3 changes: 3 additions & 0 deletions .env
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,6 @@ DB_USER=vuln_nodejs_user
DB_PASS=passw0rd
HOST_PORT=9000
JWT_SECRET=secret
MONGODB_SERVER=localhost
MONGODB_ADMINUSERNAME=
MONGODB_ADMINPASSWORD=
1 change: 1 addition & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,3 +3,4 @@
.eslintrc.js
node_modules/
vuln_react_app/build/
solutions/
54 changes: 30 additions & 24 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,29 @@
<br>
</a>

## Exercises

1. Command Injection
2. Insecure Deserialization
3. SQL Injection
4. XML external entity injection
5. XSS
6. Server Side Template Injection
7. JWT weak secret
8. Insecure direct object references
9. SSRF via PDF generator
10. Web message XSS
11. Web message CSRF
12. Web message Information Disclosure
13. CORS information Disclosure
14. CORS CSRF
15. 2FA Insecure Implementation
16. Cross-Site WebSocket Hijacking
17. WebSocket XSS
18. ReactJS href XSS
19. React ref-innerHTML XSS
20. NoSQL Injection

## Installation

### Using docker-compose
Expand Down Expand Up @@ -44,17 +67,21 @@ mysql> create database vuln_nodejs_app;

```

3. Update your mysql username and password inside **.env** file.
3. Update your mysql and mongodb database username and password inside **.env** file.

```html
DB_PORT=3306
DB_NAME=vuln_nodejs_app
DB_USER=vuln_nodejs_user
DB_PASS=passw0rd
HOST_PORT=9000

JWT_SECRET=secret
MONGODB_SERVER=localhost
MONGODB_ADMINUSERNAME=
MONGODB_ADMINPASSWORD=
```


4. Install the dependencies.

```bash
Expand All @@ -72,28 +99,7 @@ npm run build
```bash
node server.js
```
access the application http://localhost:9000

## Exercises

* Command Injection
* Insecure Deserialization
* SQL Injection
* XML external entity injection
* XSS
* Server Side Template Injection
* JWT weak secret
* Insecure direct object references
* SSRF via PDF generator
* Web message XSS
* Web message CSRF
* Web message Information Disclosure
* CORS information Disclosure
* CORS CSRF
* 2FA Insecure Implementation
* Cross-Site WebSocket Hijacking
* WebSocket XSS
* ReactJS XSS
You can now access the application at http://localhost:9000

## TODO:

Expand Down
7 changes: 7 additions & 0 deletions assets/css/bootstrap-datepicker.min.css
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 8 additions & 0 deletions assets/js/bootstrap-datepicker.min.js
View file

Large diffs are not rendered by default.

Loading

0 comments on commit 3208719

Please sign in to comment.