[go: nahoru, domu]
Skip to content
This repository has been archived by the owner on Oct 29, 2018. It is now read-only.

websecurify/acme-lock-me-out

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
index.jade
index.jade
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

Follow on Twitter

 _        ______   ______  _    __              
| |      / |  | \ | |     | |  / /              
| |   _  | |  | | | |     | |-< <               
|_|__|_| \_|__|_/ |_|____ |_|  \_\              
                                            
 _________   ______    ______   _    _  _______ 
| | | | | \ | |       / |  | \ | |  | |   | |   
| | | | | | | |----   | |  | | | |  | |   | |   
|_| |_| |_| |_|____   \_|__|_/ \_|__|_|   |_|   

by Websecurify (pdp)

The following application, written on top of MongoDB and NodeJS, demonstrates a simple but not too obvious vulnerability in the this particular technology stack that can be used to successfully bypass the login prompt.

System Requirements

You will need docker installed and fully functional.

How To Build

Run the following command:

make docker-build

How To Use

Run the following command:

make docker-run

The application will be available on localhost:49090.

About

NodeJS and MongoDB Login Bruteforce Demo Project

blog.websecurify.com/2014/08/attacks-nodejs-and-mongodb-part-to.html

Resources

Readme
Activity
Custom properties

Stars

4 stars

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages