XVNA – Extreme Vulnerable Node Application

XVNA is an extraordinary vulnerable node application coded in Nodejs(Expressjs)/MongoDB that causes security aficionados to learn application security. It’s not advised to have this application online as it is proposed to be Vulnerable. We have a tendency to propose facilitating this application in local setting and honing your application security skills with any tools of your own choice. It’s all legitimate to hinder or hack into this. The idea is to evangelize application security to the group in most likely the best and elementary method. Learn and get these aptitudes for all time reason. be that as it may you use these abilities and substance isn’t our duty.


Extreme Vulnerable Node Application (XVNA) is most vulnerable, don’t transfer it to your hosting provider’s public folder or any net facing servers, as they’ll be compromised. It is recommended to use localhost.

Also Read Evasi0n Jailbreaking Tools For Apple iOS 7.x & 6.x Users

Setup XVNA

  • Start mongoDB
  • Create DB xvna in mongoDB
  • Import the Collection to mongoDB given from folder collection
  • Start the xvna from root folder using command: node index.js
  • We are good to go , hit localhost:3000/app
  • Login Credential: email-> admin@xvna.com password -> password

List of Vulnerability

  • A1:2017-Injection
    1. OS Injection
    2. NOSql Injection
    3. Server side Js Injection
  • A2:2017-Broken Authentication
  • A3:2017-Sensitive Data Exposure
    1. Sensitive Data
    2. Headers
  • A6:2017-Security Misconfiguration
  • A7:2017-Cross Site Scripting
  • A8:2017-Insecure Deserialization

Visit our blog for more https://www.vegabird.com/category/extreme-vulnerable-node-application/

Created by Vegabird Team