Node.js Express + MySQL vulnerable boilerplate project

[DEMO]

The sourcecode is referenced from https://codeshack.io/basic-login-system-nodejs-express-mysql/

Setup

All you need to do is to run docker-compose and check your http://localhost:3000/

Tested on Ubuntu Focal / Bionic.

$ docker-compose up --build -d

Explanation / Demonstration Methods

• https://flattsecurity.medium.com/finding-an-unseen-sql-injection-by-bypassing-escape-functions-in-mysqljs-mysql-90b27f6542b4 (English)
• https://blog.flatt.tech/entry/node_mysql_sqlinjection (日本語)
• https://harold.kim/blog/2022/02/nodejs-mysql-vulnerability/ (한국어)