Initial Commit

Author: stypr

.gitignore

@@ -0,0 +1,131 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+lerna-debug.log*
+.pnpm-debug.log*
+
+# Diagnostic reports (https://nodejs.org/api/report.html)
+report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+*.lcov
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# Snowpack dependency directory (https://snowpack.dev/)
+web_modules/
+
+# TypeScript cache
+*.tsbuildinfo
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional stylelint cache
+.stylelintcache
+
+# Microbundle cache
+.rpt2_cache/
+.rts2_cache_cjs/
+.rts2_cache_es/
+.rts2_cache_umd/
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variable files
+.env
+.env.development.local
+.env.test.local
+.env.production.local
+.env.local
+
+# parcel-bundler cache (https://parceljs.org/)
+.cache
+.parcel-cache
+
+# Next.js build output
+.next
+out
+
+# Nuxt.js build / generate output
+.nuxt
+dist
+
+# Gatsby files
+.cache/
+# Comment in the public line in if your project uses Gatsby and not Next.js
+# https://nextjs.org/blog/next-9-1#public-directory-support
+# public
+
+# vuepress build output
+.vuepress/dist
+
+# vuepress v2.x temp and cache directory
+.temp
+.cache
+
+# Docusaurus cache and generated files
+.docusaurus
+
+# Serverless directories
+.serverless/
+
+# FuseBox cache
+.fusebox/
+
+# DynamoDB Local files
+.dynamodb/
+
+# TernJS port file
+.tern-port
+
+# Stores VSCode versions used for testing VSCode extensions
+.vscode-test
+
+# yarn v2
+.yarn/cache
+.yarn/unplugged
+.yarn/build-state.yml
+.yarn/install-state.gz
+.pnp.*
+

README.md

@@ -0,0 +1,3 @@
+## node.js + MySQL vulnerable boilerplate code PoC
+
+Initially referenced from https://codeshack.io/basic-login-system-nodejs-express-mysql/

docker-compose.yml

@@ -0,0 +1,19 @@
+version: '3.3'
+
+services:
+    service:
+        build: ./service
+        restart: always
+        ports:
+            - "3000:3000"
+        links:
+            - db        
+
+    db:
+        build: ./mysql
+        restart: always
+        environment:
+            MYSQL_DATABASE: login
+            MYSQL_USER: login
+            MYSQL_PASSWORD: login
+            MYSQL_ROOT_PASSWORD: root_password

mysql/Dockerfile

@@ -0,0 +1,3 @@
+FROM mysql:5.7
+
+ADD login.sql /docker-entrypoint-initdb.d

mysql/login.sql

@@ -0,0 +1,37 @@
+CREATE DATABASE IF NOT EXISTS `login` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+USE `login`;
+
+# CREATE USER 'login'@'%' IDENTIFIED BY 'login';
+# GRANT ALL PRIVILEGES ON login.* TO 'login'@'%';
+# FLUSH PRIVILEGES;
+
+CREATE TABLE IF NOT EXISTS `accounts` (
+  `id` int(11) NOT NULL, 
+  `username` varchar(50) NOT NULL, 
+  `password` varchar(255) NOT NULL, 
+  `email` varchar(100) NOT NULL
+) ENGINE = InnoDB AUTO_INCREMENT = 2 DEFAULT CHARSET = utf8;
+INSERT INTO `accounts` (
+  `id`, `username`, `password`, `email`
+) 
+VALUES 
+  (
+    1, 
+    'admin', 
+    SHA2(
+      CONCAT(
+        RAND(), 
+        UUID(), 
+        RAND()
+      ), 
+      512
+    ), 
+    '[email protected]'
+  );
+ALTER TABLE 
+  `accounts` 
+ADD 
+  PRIMARY KEY (`id`);
+ALTER TABLE 
+  `accounts` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, 
+  AUTO_INCREMENT = 2;

service/Dockerfile

@@ -0,0 +1,18 @@
+# syntax=docker/dockerfile:1
+FROM node:lts-buster
+WORKDIR /srv/
+RUN apt-get update && apt-get -y install ssh
+
+# Add user..
+RUN useradd -d /home/stypr -s /bin/false stypr && \
+    mkdir -p /home/stypr && \
+    touch /home/stypr/.hushlogin
+RUN chmod 1733 /tmp /var/tmp /dev/shm /proc
+
+# Install service
+COPY . /srv/
+RUN npm install && chmod 555 /srv/ && chown -R stypr:root /srv/
+
+USER stypr
+EXPOSE 3000
+CMD ["node", "login.js"]

service/login.html

@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8">
+		<title>Login Form Tutorial</title>
+		<style>
+		.login-form {
+			width: 300px;
+			margin: 0 auto;
+			font-family: Tahoma, Geneva, sans-serif;
+		}
+		.login-form h1 {
+			text-align: center;
+			color: #4d4d4d;
+			font-size: 24px;
+			padding: 20px 0 20px 0;
+		}
+		.login-form input[type="password"],
+		.login-form input[type="text"] {
+			width: 100%;
+			padding: 15px;
+			border: 1px solid #dddddd;
+			margin-bottom: 15px;
+			box-sizing:border-box;
+		}
+		.login-form input[type="submit"] {
+			width: 100%;
+			padding: 15px;
+			background-color: #535b63;
+			border: 0;
+			box-sizing: border-box;
+			cursor: pointer;
+			font-weight: bold;
+			color: #ffffff;
+		}
+		</style>
+	</head>
+	<body>
+		<div class="login-form">
+			<h1>Login Form</h1>
+			<form action="auth" method="POST">
+				<input type="text" name="username" placeholder="Username" required>
+				<input type="password" name="password" placeholder="Password" required>
+				<input type="submit">
+			</form>
+		</div>
+	</body>
+</html>

service/login.js

@@ -0,0 +1,68 @@
+/*
+
+    Reference: https://codeshack.io/basic-login-system-nodejs-express-mysql/
+
+*/
+
+var mysql = require("mysql");
+var express = require("express");
+var session = require("express-session");
+var bodyParser = require("body-parser");
+var path = require("path");
+
+var connection = mysql.createConnection({
+  host: "db",
+  user: "login",
+  password: "login",
+  database: "login",
+});
+
+var app = express();
+app.use(
+  session({
+    secret: require("crypto").randomBytes(64).toString("hex"),
+    resave: true,
+    saveUninitialized: true,
+  })
+);
+app.use(bodyParser.urlencoded({ extended: true }));
+app.use(bodyParser.json());
+
+app.get("/", function (request, response) {
+  response.sendFile(path.join(__dirname + "/login.html"));
+});
+
+app.post("/auth", function (request, response) {
+  var username = request.body.username;
+  var password = request.body.password;
+  if (username && password) {
+    connection.query(
+      "SELECT * FROM accounts WHERE username = ? AND password = ?",
+      [username, password],
+      function (error, results, fields) {
+        if (results.length > 0) {
+          request.session.loggedin = true;
+          request.session.username = username;
+          response.redirect("/home");
+        } else {
+          response.send("Incorrect Username and/or Password!");
+        }
+        response.end();
+      }
+    );
+  } else {
+    response.send("Please enter Username and Password!");
+    response.end();
+  }
+});
+
+app.get("/home", function (request, response) {
+  if (request.session.loggedin) {
+    response.send("Welcome back, " + request.session.username + "!");
+  } else {
+    response.send("Please login to view this page!");
+  }
+  response.end();
+});
+
+app.listen(3000);