NodeXP: NOde.js server-side JavaScript injection vulnerability DEtection and eXPloitation

Web applications are widely used, and new ways for easier and cost-effective methods to develop them are constantly introduced. A common omission among the new development and implementation techniques when designing them is security; Node.js is no exception, as Server-Side JavaScript Injection (SSJI) attacks are possible due to the use of vulnerable functions and neglecting to sanitize data input provided by untrusted sources. This specific kind of injection attack stands out because it has the potential to compromise servers, where the JavaScript code is executed.