vulnerable-nodejs-express-mysql icon indicating copy to clipboard operation
vulnerable-nodejs-express-mysql copied to clipboard

Published 20 hours ago verified publisher icon stypr

Metadata

Example of a vulnerable NodeJS+Express+MySQL service

Node.js Express + MySQL vulnerable boilerplate project

demo_image

[DEMO]

The sourcecode is referenced from https://codeshack.io/basic-login-system-nodejs-express-mysql/

Setup

All you need to do is to run docker-compose and check your http://localhost:3000/

Tested on Ubuntu Focal / Bionic.

$ docker-compose up --build -d

Explanation / Demonstration Methods

  • https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4 (English)
  • https://blog.flatt.tech/entry/node_mysql_sqlinjection (日本語)
  • https://harold.kim/blog/2022/02/nodejs-mysql-vulnerability/ (한국어)

Metadata

18
Stars
11
Forks
Watchers

Owner

verified publisher icon stypr

Metadata

Example of a vulnerable NodeJS+Express+MySQL service

Back