vulnerable-nodejs-express-mysql
vulnerable-nodejs-express-mysql copied to clipboard
Example of a vulnerable NodeJS+Express+MySQL service
Node.js Express + MySQL vulnerable boilerplate project
[DEMO]
The sourcecode is referenced from https://codeshack.io/basic-login-system-nodejs-express-mysql/
Setup
All you need to do is to run docker-compose and check your http://localhost:3000/
Tested on Ubuntu Focal / Bionic.
$ docker-compose up --build -d
Explanation / Demonstration Methods
- https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4 (English)
- https://blog.flatt.tech/entry/node_mysql_sqlinjection (日本語)
- https://harold.kim/blog/2022/02/nodejs-mysql-vulnerability/ (한국어)