Hacking OWASP’s Juice Shop Pt. 63: Retrieve Blueprint

Challenge: 

Name: Retrieve Blueprint

Description: Deprive the shop of earnings by downloading the blueprint for one of its products.

Difficulty: 5 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Tools used:

Firefox Developer Tools

Resources used:

None.

Methodology: 

The expanded description for this challenge provides two pieces of worthwhile information, the product name and the fact that it’s not on the FTP page. Without much in the way of a starting point, I opted to open the browser’s Developer tools and check out both the HTML and the Network tab. Both turned out to be important. From the Network tab, I figured that there might be something useful in the application-configuration file, as it holds all of the product information.

application-configuration

In the “OWAP Juice Shop Logo (3D-printed)” tab, there might as well have been a gigantic red arrow pointing to the blueprint’s filename.

• 25: Object {name: "OWASP Juice Shop Logo {3D-printed)". description: "This rare item was 
designed and handcrafted in Swedem This is why it is so incredibly expensive despite its 
complete lack of purpose price: 9999, } 
name: "OWASP Juice Shop Logo (3D-printed)" 
descriptiom "This rare item was designed and handcrafted in Sweden. This is why it is so 
incredibly expensive despite its complete lack of purpose. " 
price: 99.99 
image: •3d_keychain.jpg" 
fileForRetrieve31ueprintChaIIenge:

Then I just updated the HTML to show the .stl file instead of the .jpg file on the store page and viola!

• cd iv container" 
ngcontent-vuw- c 156="" self: center; 
flex: I I IOW; box-sizing: border-box; max-width: 60%; 
image irng- responsive img-thurnbnail " 
ngcontent- vuw-c156=•- 
mat - card- image=• 
Juice Shop Logo (3D-printed)" 
button "
You successfully solved a challenge: Retrieve Blueprint (Deprive the shop of 
earnings by downloading the blueprint for one of its products.) 
x

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s