appsecco / dvna Goto Github PK
View Code? Open in Web Editor NEWDamn Vulnerable NodeJS Application
License: MIT License
Damn Vulnerable NodeJS Application
License: MIT License
Hi,
I followed the instructions to setup the DVNA using the official docker file.
When I run the docker image I get the following error.
``wait-for-it.sh: waiting 300 seconds for mysql-db:3306
wait-for-it.sh: mysql-db:3306 is available after 0 seconds
[email protected] start /app
node server.js
Fri, 23 Mar 2018 12:05:06 GMT sequelize deprecated String based operators are now deprecated. Please use Symbol based operators for better security, read more at http://docs.sequelizejs.com/manual/tutorial/querying.html#operators at node_modules/sequelize/lib/sequelize.js:236:13
Unable to connect to the database: { SequelizeAccessDeniedError: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Utils.Promise.tap.then.catch.err (/app/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:141:19)
at tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:512:31)
at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:569:18)
at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:614:10)
at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:689:18)
at Async._drainQueue (/app/node_modules/bluebird/js/release/async.js:133:16)
at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:143:10)
at Immediate.Async.drainQueues (/app/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:789:20)
at tryOnImmediate (timers.js:751:5)
at processImmediate [as _immediateCallback] (timers.js:722:5)
name: 'SequelizeAccessDeniedError',
parent:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' },
original:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' } }
An error occurred while creating the table: { SequelizeAccessDeniedError: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Utils.Promise.tap.then.catch.err (/app/node_modules/sequelize/lib/dialects/mysql/connection-manager.js:141:19)
at tryCatcher (/app/node_modules/bluebird/js/release/util.js:16:23)
at Promise._settlePromiseFromHandler (/app/node_modules/bluebird/js/release/promise.js:512:31)
at Promise._settlePromise (/app/node_modules/bluebird/js/release/promise.js:569:18)
at Promise._settlePromise0 (/app/node_modules/bluebird/js/release/promise.js:614:10)
at Promise._settlePromises (/app/node_modules/bluebird/js/release/promise.js:689:18)
at Async._drainQueue (/app/node_modules/bluebird/js/release/async.js:133:16)
at Async._drainQueues (/app/node_modules/bluebird/js/release/async.js:143:10)
at Immediate.Async.drainQueues (/app/node_modules/bluebird/js/release/async.js:17:14)
at runCallback (timers.js:789:20)
at tryOnImmediate (timers.js:751:5)
at processImmediate [as _immediateCallback] (timers.js:722:5)
name: 'SequelizeAccessDeniedError',
parent:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' },
original:
{ Error: Access denied for user 'dvna'@'172.17.0.3' (using password: YES)
at Packet.asError (/app/node_modules/mysql2/lib/packets/packet.js:713:13)
at ClientHandshake.Command.execute (/app/node_modules/mysql2/lib/commands/command.js:28:22)
at Connection.handlePacket (/app/node_modules/mysql2/lib/connection.js:515:28)
at PacketParser.onPacket (/app/node_modules/mysql2/lib/connection.js:94:16)
at PacketParser.executeStart (/app/node_modules/mysql2/lib/packet_parser.js:77:14)
at Socket. (/app/node_modules/mysql2/lib/connection.js:102:29)
at emitOne (events.js:116:13)
at Socket.emit (events.js:211:7)
at addChunk (_stream_readable.js:263:12)
at readableAddChunk (_stream_readable.js:250:11)
at Socket.Readable.push (_stream_readable.js:208:10)
at TCP.onread (net.js:594:20)
code: 'ER_ACCESS_DENIED_ERROR',
errno: 1045,
sqlState: '28000',
sqlMessage: 'Access denied for user 'dvna'@'172.17.0.3' (using password: YES)' } }
The command in "Quick start" section in README.md
starts DVNA with SQLite but the "Getting Started" section describes DVNA with MySQL. This leads to confusion when testing the application as the injection attacks are different for both versions. It would be very helpful if the README.md
has clear and distinct instructions for starting DVNA with MySQL and SQLite.
Please let me know if you need help with modifying the README.md
The Carbon LTS release is now EOL.
It would be nice to push a new release to DockerHub based on a supported LTS version of node.
The carbon-slim base image used did not feature iputils-ping
package. There broke the Connectivity test feature of the application which uses the ping OS command.
This link that is mentioned in the main readme is no longer working: https://appsecco.com/books/dvna-developers-security-guide/
Can we view the guide somewhere else now?
Thanks!
I've followed the commands to set up DVNA and it doesn't seem to be installing correctly.
I've tried all methods of installation.
The default credentials don't seem to have been set up and I get the following error when I try to log in:
Invalid Credentials
I've connected to the docker MySQL database and it's empty.
Can anybody tell me what I'm missing?
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.