Damn Vulnerable NodeJS Application.
ADDED BUGS
Prototype Pollution
No SQL Injection
Cross-site Scripting
Broken Access Control
Broken Session Management
Weak Regex Implementation
Race Condition
CSRF -Cross-Site Request Forgery
Weak Bruteforce Protection
User Enumeration
Reset Password token leaking in Referrer
Reset Password bugs
Sensitive Data Exposure
Unicode Case Mapping Collision
File Upload
SSRF
XXE
Open Redirection
Directory Traversal
[hide][Hidden Content]]