2023-11-10 16:16:15 +00:00
|
|
|
# Lab 03 - Let's Buy Some Juice
|
2023-11-10 12:00:16 +00:00
|
|
|
## Booting Up Juice Shop
|
|
|
|
|
```sh
|
|
|
|
|
docker run --pull always -p 127.0.0.1:80:3000 bkimminich/juice-shop
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## SQL Injection
|
|
|
|
|
### Login as Admin
|
|
|
|
|
1. Open `Account` => `Login`
|
|
|
|
|
2. Type `' OR TRUE; --` into `Email` and any password in `Password`
|
|
|
|
|
|
|
|
|
|
Result:
|
|
|
|
|
|
2023-11-10 12:27:50 +00:00
|
|
|
|
2023-11-10 12:00:16 +00:00
|
|
|
|
|
|
|
|
### Login as Jim
|
|
|
|
|
1. Open `Account` => `Login`
|
|
|
|
|
2. Type `jim@juice-sh.op'; --`
|
|
|
|
|
|
|
|
|
|
Result:
|
|
|
|
|
|
2023-11-10 12:27:50 +00:00
|
|
|
|
2023-11-10 12:09:54 +00:00
|
|
|
|
|
|
|
|
## Cross Site Scripting
|
|
|
|
|
1. Open up the Search Box
|
|
|
|
|
2. Type `<iframe src="javascript:alert('hello')">`
|
|
|
|
|
|
2023-11-10 12:27:50 +00:00
|
|
|
|
2023-11-10 12:23:38 +00:00
|
|
|
|
|
|
|
|
## Forged Picture
|
|
|
|
|
This challenge is impossible due to the `/profile` page only reading the username from POST variables.
|
|
|
|
|
|
|
|
|
|
POST variables cannot be set through links and thus can't be set in an `img`-tag's `src` either.
|
