Challenge:
Name: Retrieve Blueprint
Description: Deprive the shop of earnings by downloading the blueprint for one of its products.
Difficulty: 5 star
Category: Sensitive Data Exposure
Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html
Tools used:
Firefox Developer Tools
Resources used:
None.
Methodology:
The expanded description for this challenge provides two pieces of worthwhile information, the product name and the fact that it’s not on the FTP page. Without much in the way of a starting point, I opted to open the browser’s Developer tools and check out both the HTML and the Network tab. Both turned out to be important. From the Network tab, I figured that there might be something useful in the application-configuration file, as it holds all of the product information.

In the “OWAP Juice Shop Logo (3D-printed)” tab, there might as well have been a gigantic red arrow pointing to the blueprint’s filename.

Then I just updated the HTML to show the .stl file instead of the .jpg file on the store page and viola!

