Express

Web application framework for Node.js

Enumeration

• When facing Login forms, try to mess with Content-Type headers, for example changing it application/json in the POST request:

  • When the server accepts JSON input, it typically parses this input directly into JavaScript objects.

  • If the backend uses MongoDB (NoSQL), the login authentication might involve querying MongoDB directly with this JSON data.

  • Crashing the site with invalid JSON can reveal the stack trace.

• server.js is a common name for a Node application and is a good place to look for the source code.