Ninjas workout is a Vulnerable NodeJS Web Application.

Quick Start

Download the Repo =>
run npm i

After Installing all dependency just run the application

node app.js or nodemon app.js


  • Prototype Pollution 
  • No SQL Injection 
  • Cross site Scripting 
  • Broken Access Control 
  • Broken Session Management 
  • Weak Regex Implementation 
  • Race Condition 
  • CSRF -Cross Site Request Forgery 
  • Weak Bruteforce Protection 
  • User Enumeration 
  • Reset Password token leaking in Referrer 
  • Reset Password bugs 
  • Sensitive Data Exposure 
  • Unicode Case Mapping Collision 
  • File Upload 
  • SSRF 
  • XXE
  • Open Redirection 
  • Directory Traversal 
  • Insecure Deserilization => Remote Code Execution 
  • Server Side Template Injection 
  • Timing Attack 

Leave a comment

Your email address will not be published. Required fields are marked *