Simple and vulnerable NodeJS app prone to Cross-Site Scripting (XSS) deployment with Google Cloud App Engine
I wrote a little script in node.js for a hands-on lab to test Cross-Site Scriptings (XSS).
You can download it from my github: https://github.com/defensahacker/nodexss
To deploy in Google Cloud App Engine:
$ git clone https://github.com/defensahacker/nodexss.git $ gcloud init $ gcloud projects create xss-lab$RANDOM $ gcloud config set project xss-lab$RANDOM $ gcloud projects describe xss-lab$RANDOM $ gcloud app create --project=xss-lab$RANDOM $ gcloud app deploy $ gcloud app logs tail -s default
To start the project from a local system:
git clone https://github.com/defensahacker/nodexss.git docker build -t defensahacker/nodexss:1.3 --no-cache . docker run --rm -p 8080:8080 -d defensahacker/nodexss:1.3
Now visit the vulnerable website:
http://localhost:8080/?name=world<script>alert(document.cookie);</script>