Compare commits
No commits in common. "73881dc6ca7abec9fec313899eaa913d00bde157" and "05066f1c27e5556f475e7a362c4bdf0746fe0398" have entirely different histories.
73881dc6ca
...
05066f1c27
1 changed files with 0 additions and 33 deletions
|
|
@ -1,33 +0,0 @@
|
||||||
# Let's Buy Some Juice
|
|
||||||
## Booting Up Juice Shop
|
|
||||||
```sh
|
|
||||||
docker run --pull always -p 127.0.0.1:80:3000 bkimminich/juice-shop
|
|
||||||
```
|
|
||||||
|
|
||||||
## SQL Injection
|
|
||||||
### Login as Admin
|
|
||||||
1. Open `Account` => `Login`
|
|
||||||
2. Type `' OR TRUE; --` into `Email` and any password in `Password`
|
|
||||||
|
|
||||||
Result:
|
|
||||||
|
|
||||||
<!--- ToDo: Insert Picture -->
|
|
||||||
|
|
||||||
### Login as Jim
|
|
||||||
1. Open `Account` => `Login`
|
|
||||||
2. Type `jim@juice-sh.op'; --`
|
|
||||||
|
|
||||||
Result:
|
|
||||||
|
|
||||||
<!--- ToDo: Insert Picture -->
|
|
||||||
|
|
||||||
## Cross Site Scripting
|
|
||||||
1. Open up the Search Box
|
|
||||||
2. Type `<iframe src="javascript:alert('hello')">`
|
|
||||||
|
|
||||||
<!--- ToDo: Insert Picture -->
|
|
||||||
|
|
||||||
## Forged Picture
|
|
||||||
This challenge is impossible due to the `/profile` page only reading the username from POST variables.
|
|
||||||
|
|
||||||
POST variables cannot be set through links and thus can't be set in an `img`-tag's `src` either.
|
|
||||||
Loading…
Reference in a new issue