An invoice management application built on the MEAN stack with intentional vulnerabilities used to demonstrate insecure configurations and missing or insufficient security controls.
sudo apt-get install mongodb
mongoimport --db billing --collection invoices --file billing.json
mongoimport --db users --collection collection --file users.json
npm install
node server.js
The MEAN Bug application includes the following vulnerabilities:
- Authentication Bypass
- Query Selector Injection
- Angular Expression Injection
- Cross-Site Request Forgery (CSRF)
- Cross-Site Scripting (XSS)
- Local Storage Information Leakage
- Unsafe Session Management
- Insecure Direct Object Reference
- Verbose Errors
- and more...