GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Charlie-belmer → vulnerable-node-app

Charlie-belmer / vulnerable-node-app

Licence: other
A NoSQL Injectable Node App

Programming Languages

javascript
184084 projects - #8 most used programming language
Pug
443 projects
Dockerfile
14818 projects

vulnerable-nodejs-app

A purposely vulnerable NodeJS and MongoDB application

Multiple ways to do NoSQL Injection on Mongo. More to be added.

Starting the app

Using Docker

Docker is the simplest way to get the app running. Just run the following

docker-compose build
docker-compose up

navigate to http://localhost:4000

Running manually

You'll need to install and run a local Mongo instance. On Ubuntu, it's as simple as apt install mongodb. Once running, you may have to specify the db path, or update the config.

$ sudo mongod --dbpath /var/lib/mongodb

Add environment variables MONGO_PORT and MONGO_HOST if not running on localhost and default port. Once mongo is running successfully, start nodemon

cd app; nodemon server

Navigate to http://localhost:4000

Load data

Click on the populate / reset data link on the homepage to load in some users.

Good learning links

https://blog.websecurify.com/2014/08/hacking-nodejs-and-mongodb.html https://scotch.io/@401/mongodb-injection-in-nodejs https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].