Vulnerable Employee Portal

Summary

An intentionally vulnerable employee portal site, written in Node.js with Express and Handlebars.

This is the frontend for the Vulnerable REST API.

Motivation

This is part of a series of hand-built practice grounds for pentesting exercises.

Having (somewhat-)realistic websites to attack is an essential part of developing web application penetration testing skills for ethical hackers.

This particular site presents a variety of vulnerabilities including template injection, a vulnerable API backend, SQL injection, IDORs, and more.

Installation

Clone the repository
Install: npm install
Clone and install the related API backend: (https://github.com/fieldse/vulnerable-rest-api)

Usage

Install and start the backend API server (see https://github.com/fieldse/vulnerable-rest-api))
(Optional) If desired, seed the API database with your own seed users.
Start the Express frontend server: npm start

The site will be running on localhost:8000

Maintainer

Matt Fields

Github: https://github.com/fieldse
email: hello@mattfields.dev

Name		Name	Last commit message	Last commit date
Latest commit History 12 Commits
public/css		public/css
src		src
.gitignore		.gitignore
index.js		index.js
nodemon.json		nodemon.json
package-lock.json		package-lock.json
package.json		package.json
readme.md		readme.md
tailwind.config.js		tailwind.config.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Vulnerable Employee Portal

Summary

Motivation

Installation

Usage

Maintainer

About

Releases

Packages

Languages

fieldse/vulnerable-express-site

Folders and files

Latest commit

History

Repository files navigation

Vulnerable Employee Portal

Summary

Motivation

Installation

Usage

Maintainer

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages