This is a vulnerable NodeJS and React application that is meant to be used for educational purposes. The application is a simple e-commerce application that has a number of vulnerabilities that can be exploited. The vulnerabilities are meant to be used to teach developers how to write secure code and how to exploit vulnerabilities in code. Do not run in production.
- Docker
- Copy and rename the
.env.examplefile to.envin both folders (client and server) - Run
docker-compose up --build
- SQL Injection
- Cross Site Scripting (XSS)
- Server Site Request Forgery (SSRF)
- JWT Token Vulnerability
- Path Traversal
- Command Injection
- XXE Injection
- Insecure Direct Object Reference (IDOR)