Frameworks Vulnerability scanner

XVNA: Extremely Vulnerable Node Application

Written by Mubassir patel

XVNA is an extremely vulnerable node application coded in Nodejs(Expressjs)/MongoDB that helps security enthusiasts to learn application security. it’s not counseled to host this application online as it is intended to be Vulnerable. We tend to suggest hosting this application in native setting and sharpening your application security skills with any tools of your own selection. It’s all legal to interrupt or hack into this. the concept is to evangelize application security to the community is probably the best and elementary method. Learn and acquire these skills permanently purpose. however, you utilize these skills and content isn’t our responsibility.

Read This: How to Protect website From SQL Injection Attack


Setup of XVNA

  • Start MongoDB
  • Create DB XVNA in MongoDB
  • Import the Collection to MongoDB given from folder collection
  • Start the xvna from root folder using the command: node index.js
  • We are good to go, hit localhost:3000/app
  • Login Credential: email-> password -> password

Read This: DVIA: Damn Vulnerable IOS Application


List of Vulnerability

  • A1:2017-Injection
    1. OS Injection
    2. NoSQL Injection
    3. Server-side Js Injection
  • A2:2017-Broken Authentication
  • A3:2017-Sensitive Data Exposure
    1. Sensitive Data
    2. Headers
  • A6:2017-Security Misconfiguration
  • A7:2017-Cross-Site Scripting
  • A8:2017-Insecure Deserialization

more inf0:

Read This: Spiderfoot: OSINT And Security Tool

[amazon_link asins=’B077L7SNG8,B074VFZ2GW,B077C37Y1N,B074P26NVR,B079D6KHMC’ template=’ProductCarousel’ store=’mubassir-20′ marketplace=’US’ link_id=’a0a1e044-2853-11e8-bc07-5f8473045dc4′]


About the author

Mubassir patel

Mubassir is a founder and developer of this site. He is a computer science engineer. He has a very deep interest in ethical hacking, penetration testing, website development and including all technology topic.