Ninjas workout is a Vulnerable NodeJS Web Application.
Quick Start
Download the Repo =>
run npm i
After Installing all dependency just run the application
node app.js or nodemon app.js
ADDED BUGS
- Prototype Pollution
- No SQL Injection
- Cross site Scripting
- Broken Access Control
- Broken Session Management
- Weak Regex Implementation
- Race Condition
- CSRF -Cross Site Request Forgery
- Weak Bruteforce Protection
- User Enumeration
- Reset Password token leaking in Referrer
- Reset Password bugs
- Sensitive Data Exposure
- Unicode Case Mapping Collision
- File Upload
- SSRF
- XXE
- Open Redirection
- Directory Traversal
- Insecure Deserilization => Remote Code Execution
- Server Side Template Injection
- Timing Attack
