Django Vs laravel Vs nodejs [closed]
Which framework is good for backend cryptocurrency exchange? (laravel, django, node.js) in terms of scalability, security, …
Category Archives: Node.js
Node.js Unrestricted File Upload
my question is very similar to this question but it has been closed without an actual answer.
I found an unrestricted file upload vulnerability in a Node.js application. Basically, I am able to upload any type of file and access the upload… Continue reading Node.js Unrestricted File Upload
Prototype Pollution – Is this effective only for the Global objects?
I recently found a prototype pollution vulnerability in an open-source project.
The code was something like this:
var a = {}
var b = JSON.parse(‘some_user_input_where_payload_can_be_sent’)
// consider b = JSON.parse(‘{"__proto__"… Continue reading Prototype Pollution – Is this effective only for the Global objects?
How to prevent multiple requests from passing database check? [migrated]
We discovered a vulnerability with our system. We have a situation a user can log in into multiple devices and trigger a request at once so that checks like this are bypassed.
if(credit > purchase){
// Make api call
If(successful){
// D… Continue reading How to prevent multiple requests from passing database check? [migrated]
Busines logic bypass issue
Good day, we deployed our app that has payment on it with a wallet system. We tried as much as possible to follow every security rule from server to code design. But yesterday we experienced a bridge with javascript logic that made us temp… Continue reading Busines logic bypass issue
Gesture Controlled Filming Gear Works Super Intuitively
Shooting good video can be an arduous task if you’re working all by yourself. [Pave Workshop] developed a series of gesture-responsive tools to help out, with a focus on creating …read more Continue reading Gesture Controlled Filming Gear Works Super Intuitively
Restrict node.js filesystem access
I have a Node.js app which has a lot of npm-dependencies, running on Linux (Centos) machine.
When Node starts, the script has access to the files outside its directory (as least by default), so malicious npm-package could traverse a direct… Continue reading Restrict node.js filesystem access
Can the data between Express.js middleware be manipulated/tampered in any way?
In the node.js express.js framework there is middleware support. Let’s assume I have two middleware – the first one, which verifies whether the JWT token is legit and not tampered with and the second middleware which doesn’t verify anymore… Continue reading Can the data between Express.js middleware be manipulated/tampered in any way?
How to send secure api requests? [closed]
When a user pays on the iOS app I want to let the node js backend know. What’s a secure way to authenticate the iOS app with the backend? Is it send a secret key and if so how do I keep this safe from
Prototype pollution in server instances exploit – what is the correct approach?
I am trying to perform prototype pollution exploit for a project to demonstrate the vulnerability to the owner.
So I am trying to pollute the toString() function from the user inputs.
The user input has two fields mode of contact and conta… Continue reading Prototype pollution in server instances exploit – what is the correct approach?