infosec | Curiosity Kills Colby | Page 4

Hacking OWASP’s Juice Shop Pt. 34: Privacy Policy Inspection

Posted on November 29, 2020 by codeblue04

Challenge:

Name: Privacy Policy Inspection

Description: Prove that you actually read our privacy policy.

Difficulty: 3 star

Category: Security Through Obscurity

Expanded Description: https://pwning.owasp-juice.shop/part2/security-through-obscurity.html

Hacking OWASP’s Juice Shop Pt. 33: GDPR Data Erasure

Posted on November 29, 2020 by codeblue04

Challenge:

Name: GDPR Data Exposure

Description: Log in with Chris’ erased user account

Difficulty: 3 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Hacking OWASP’s Juice Shop Pt. 32: Upload Size + Upload Type

Posted on November 28, 2020 by codeblue04

Challenge 1:

Name: Upload Size

Description: Upload a file larger than 100 kB.

Difficulty: 3 star

Category: Improper Input Validation

Challenge 2:

Name: Upload Type

Description: Upload a file that has no .pdf or .zip extension.

Difficulty: 3 star

Category: Improper Input Validation

Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html

Hacking OWASP’s Juice Shop Pt. 31: Bjoern’s Favorite Pet

Posted on November 27, 2020 by codeblue04

Challenge:

Name: Bjoern’s Favorite Pet

Description: Reset the password of Bjoern’s OWASP account via the Forgot Password mechanism with the original answer to his security question.

Difficulty: 3 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Hacking OWASP’s Juice Shop Pt. 30: Forged Review

Posted on November 26, 2020 by codeblue04

Challenge:

Name: Forged Review

Description: Post a product review as another user or edit any user’s existing review.

Difficulty: 3 star

Category: Broken Access Control

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html

Hacking OWASP’s Juice Shop Pt. 29: Login Bender

Posted on November 25, 2020 by codeblue04

Challenge:

Name: Login Bender

Description: Log in with Bender’s user account.

Difficulty: 3 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Hacking OWASP’s Juice Shop Pt. 28: Forged Feedback

Posted on November 24, 2020 by codeblue04

Challenge:

Name: Forged Feedback

Description: Post some feedback in another user’s name.

Difficulty: 3 star

Category: Broken Access Control

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html

Hacking OWASP’s Juice Shop Pt. 27: Reset Jim’s Password

Posted on November 23, 2020 by codeblue04

Challenge:

Name: Reset Jim’s Password

Description: Reset Jim’s password via the Forgot Password mechanism with the original answer to his security question.

Difficulty: 3 star

Category: Broken Authentication

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-authentication.html

Hacking OWASP’s Juice Shop Pt. 26: Login Jim

Posted on November 22, 2020 by codeblue04

Challenge:

Name: Login Jim

Description: Log in with Jim’s user account.

Difficulty: 3 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Hacking OWASP’s Juice Shop Pt. 25: Login Amy

Posted on November 21, 2020 by codeblue04

Challenge:

Name: Login Amy

Description: Log in with Amy’s original user credentials. (This could take 93.83 billion trillion trillion centuries to brute force, but luckily she did not read the “One Important Final Note”)

Difficulty: 3 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html