Skip to content

shieldfy-vulnerability-hub/nosqli-example

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
models
models
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
index.safe.js
index.safe.js
 
 
index.vuln.js
index.vuln.js
 
 
package-lock.json
package-lock.json
 
 
package.json
package.json
 
 

Repository files navigation

nosqli-example

there is 2 vulnerabilities

  1. nosqli in index.vuln.js line 24
const Vulnerability1 = (req, res) => {
    let query = { 
        username: req.body.username,
        password: req.body.password 
    }

    User.find(query, function (err, user) {
        if (err) {
            // handle error
        } else {
            if (user.length >= 1) {
                res.json({role: user[0].role, username: user[0].username, msg: "Correct!" });
            }
        }
    });
}
  1. nosqli in index.vuln.js line 37
const Vulnerability2 = (req, res) => {

    User.find({ 
        username: req.body.username,
        password: req.body.password 
    }, function (err, user) {
        if (err) {
            // handle error
        } else {
            if (user.length >= 1) {
                res.json({role: user[0].role, username: user[0].username, msg: "Correct!" });
            }
        }
    });
}

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages