Web application framework for Node.js
Enumeration
When facing Login forms, try to mess with Content-Type headers, for example changing it application/json in the POST request:
Login forms
Content-Type
application/json
POST
When the server accepts JSON input, it typically parses this input directly into JavaScript objects.
JSON
If the backend uses MongoDB (NoSQL), the login authentication might involve querying MongoDB directly with this JSON data.
MongoDB
NoSQL
Crashing the site with invalid JSON can reveal the stack trace.
stack trace
server.js is a common name for a Node application and is a good place to look for the source code.
server.js
Last updated 1 month ago