codeblue04

Description: Inform the shop about a typosquatting trick it has been a victim of at least in v6.2.0-SNAPSHOT. (Mention the exact name of the culprit)

Difficulty: 4 star

Category: Vulnerable Components

Expanded Description: https://pwning.owasp-juice.shop/part2/vulnerable-components.html

Hacking OWASP’s Juice Shop Pt. 51: Ephemeral Accountant

Posted on December 16, 2020 by codeblue04

Challenge:

Name: Ephemeral Accountant

Description: Log in with the (non-existing) accountant acc0unt4nt@juice-sh.op without ever registering that user.

Difficulty: 4 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Hacking OWASP’s Juice Shop Pt. 50: Leaked Unsafe Product

Posted on December 15, 2020 by codeblue04

Challenge:

Name: Leaked Unsafe Product

Description: Identify an unsafe product that was removed from the shop and inform the shop which ingredients are dangerous.

Difficulty: 4 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 49: NoSQL Manipulation

Posted on December 14, 2020 by codeblue04

Challenge:

Name: NoSQL Manipulation

Description: Update multiple product reviews at the same time.

Difficulty: 4 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Hacking OWASP’s Juice Shop Pt. 48: Access Log

Posted on December 13, 2020 by codeblue04

Challenge:

Name: Access Log

Description: Gain access to any access log file of the server

Difficulty: 4 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 47: Forged Coupon

Posted on December 12, 2020 by codeblue04

Challenge:

Name: Forged Coupon

Description: Forge a coupon code that gives you a discount of at least 80%.

Difficulty: 6 star

Category: Cryptographic Issues

Expanded Description: https://pwning.owasp-juice.shop/part2/cryptographic-issues.html

Hacking OWASP’s Juice Shop Pt 46: User Credentials

Posted on December 11, 2020 by codeblue04

Challenge:

Name: User Credentials

Description: Retrieve a list of all user credentials via SQL Injection.

Difficulty: 4 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Curiosity Kills Colby

Northwestern Misadventures

Author: codeblue04

Hacking OWASP’s Juice Shop Pt. 55: GDPR Data Theft

Hacking OWASP’s Juice Shop Pt. 54: Login Bjoern

Hacking OWASP’s Juice Shop Pt. 53: Reset Uvogin’s Password

Hacking OWASP’s Juice Shop Pt. 52: Legacy Typosquatting

Hacking OWASP’s Juice Shop Pt. 51: Ephemeral Accountant

Hacking OWASP’s Juice Shop Pt. 50: Leaked Unsafe Product

Hacking OWASP’s Juice Shop Pt. 49: NoSQL Manipulation

Hacking OWASP’s Juice Shop Pt. 48: Access Log

Hacking OWASP’s Juice Shop Pt. 47: Forged Coupon

Hacking OWASP’s Juice Shop Pt 46: User Credentials