vuln-showcase

Project for showcasing common vulnerabilities on the web and written with fresh in deno.

Clone

Clone the project onto your PC with:

git clone --recursive https://github.com/codefionn/vuln-showcase

Start the project:

docker compose up

This will watch the project directory and restart as necessary.

The main webserver is started on localhost:8000, the mail server interface on localhost:1080.

This also starts up the testing suite.

Posts:
- Posts are rendered as HTML => XSS injection possible
Search:
- Search for private posts: private') OR 1=1 OR ('' = '
- Read every post, when increasing/decreasing the number in the URL
User:
- Edit all posts, not just your own (increasing/decreasing number in the URL)
Possibility to guess passwords via hash or JWT signature (though this is kinda hard)
Guess if a login (E-Mail) exists (time-based attack)

Name		Name	Last commit message	Last commit date
Latest commit History 19 Commits
.vscode		.vscode
components		components
entity		entity
init-sql		init-sql
islands		islands
repository		repository
routes		routes
scripts		scripts
selftest		selftest
static		static
utils		utils
.gitmodules		.gitmodules
Dockerfile		Dockerfile
LICENSE		LICENSE
README.md		README.md
deno.json		deno.json
dev.ts		dev.ts
docker-compose.yml		docker-compose.yml
fresh.gen.ts		fresh.gen.ts
import_map.json		import_map.json
main.ts		main.ts