UKBTutorials/Lab03 - Let's Buy Some Juice/README.md

# Let's Buy Some Juice
## Booting Up Juice Shop
```sh
docker run --pull always -p 127.0.0.1:80:3000 bkimminich/juice-shop
```

## SQL Injection
### Login as Admin
  1. Open `Account` => `Login`
  2. Type `' OR TRUE; --` into `Email` and any password in `Password`

Result:

<!--- ToDo: Insert Picture -->

### Login as Jim
  1. Open `Account` => `Login`
  2. Type `jim@juice-sh.op'; --`

Result:

<!--- ToDo: Insert Picture -->

## Cross Site Scripting
 1. Open up the Search Box
 2. Type `<iframe src="javascript:alert('hello')">`

<!--- ToDo: Insert Picture -->

## Forged Picture
This challenge is impossible due to the `/profile` page only reading the username from POST variables.

POST variables cannot be set through links and thus can't be set in an `img`-tag's `src` either.
Add solutions for SQL Injection 2023-11-10 12:00:16 +00:00			`# Let's Buy Some Juice`
			`## Booting Up Juice Shop`
			```sh
			`docker run --pull always -p 127.0.0.1:80:3000 bkimminich/juice-shop`
			```

			`## SQL Injection`
			`### Login as Admin`
			1. Open `Account` => `Login`
			2. Type `' OR TRUE; --` into `Email` and any password in `Password`

			`Result:`

			`<!--- ToDo: Insert Picture -->`

			`### Login as Jim`
			1. Open `Account` => `Login`
			2. Type `jim@juice-sh.op'; --`

			`Result:`

			`<!--- ToDo: Insert Picture -->`
Solve XSS task 2023-11-10 12:09:54 +00:00
			`## Cross Site Scripting`
			`1. Open up the Search Box`
			2. Type `<iframe src="javascript:alert('hello')">`

			`<!--- ToDo: Insert Picture -->`
Add explanation about forged image 2023-11-10 12:23:38 +00:00
			`## Forged Picture`
			This challenge is impossible due to the `/profile` page only reading the username from POST variables.

			POST variables cannot be set through links and thus can't be set in an `img`-tag's `src` either.