feat: Add base files

backend/Dockerfile

@@ -0,0 +1,7 @@
+FROM node:23-slim
+
+WORKDIR /app
+COPY . .
+RUN npm install
+EXPOSE 5000
+CMD ["node", "index.js"]

backend/db.js

@@ -0,0 +1,18 @@
+const mysql = require('mysql2');
+
+const connection = mysql.createConnection({
+  host: 'db',
+  user: 'root',
+  password: 'root',
+  database: 'vulnapp',
+});
+
+connection.connect(err => {
+  if (err) {
+    console.error('DB connection failed:', err.stack);
+    return;
+  }
+  console.log('Connected to MySQL');
+});
+
+module.exports = connection;

backend/index.js

@@ -0,0 +1,27 @@
+const express = require('express');
+const mysql = require('mysql2');
+const cors = require('cors');
+const app = express();
+
+const db = require('./db');
+
+app.use(cors());
+app.use(express.json());
+
+app.post('/api/login', (req, res) => {
+  const { username, password } = req.body;
+
+  // 🚨 INTENTIONALLY VULNERABLE TO SQLi
+  const query = `SELECT * FROM users WHERE username = '${username}' AND password = '${password}'`;
+
+  db.query(query, (err, results) => {
+    if (err) return res.status(500).send('Error');
+    if (results.length > 0) {
+      res.send('Login successful');
+    } else {
+      res.status(401).send('Invalid credentials');
+    }
+  });
+});
+
+app.listen(5000, () => console.log('Backend running on port 5000'));