infosec | Curiosity Kills Colby

Hacking OWASP’s Juice Shop Pt. 14: Repetitive Registration

Posted on November 10, 2020 by codeblue04

Challenge:

Name: Repetitive Registration

Description: Follow the DRY principle while registering a user.

Difficulty: 1 star

Category: Improper Input Validation

Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html

Hacking OWASP’s Juice Shop Pt. 13: Confidential Document

Posted on November 9, 2020 by codeblue04

Challenge:

Name: Confidential Document

Description: Access a confidential document

Difficulty: 1 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 12: DOM XSS + Bonus Payload

Posted on November 8, 2020 by codeblue04

Challenge 1:

Name: DOM XSS + Bonus Payload

Description: Perform a DOM XSS attack with <iframe src=”javascript:alert(`xss`)”>.

Difficulty: 1 star

Category: XSS

Expanded Description: https://pwning.owasp-juice.shop/part2/xss.html

Challenge 2:

Name: Bonus Payload

Description: Use the bonus payload in the DOM XSS challenge.

Difficulty: 1 star

Category: XSS

Expanded Description: https://pwning.owasp-juice.shop/part2/xss.html

Hacking OWASP’s Juice Shop Pt. 11: Outdated Whitelist

Posted on November 7, 2020 by codeblue04

Challenge:

Name: Outdated Whitelist

Description: Let us redirect you to one of our crypto currency addresses which are not promoted any longer.

Difficulty: 1 star

Category: Unvalidated Redirects

Expanded Description: https://pwning.owasp-juice.shop/part2/unvalidated-redirects.html

Hacking OWASP’s Juice Shop Pt. 10: Zero Stars

Posted on November 6, 2020 by codeblue04

Challenge:

Name: Zero Stars

Description: Give a devastating zero-star feedback to the store.

Difficulty: 1 star

Category: Improper Input Validation

Expanded Description: https://pwning.owasp-juice.shop/part2/improper-input-validation.html

Hacking OWASP’s Juice Shop Pt. 9: Exposed Metrics

Posted on November 5, 2020 by codeblue04

Challenge:

Name: Exposed Metrics

Description: Find the endpoint that serves usage data to be scraped by a popular monitoring system.

Difficulty: 1 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 7: MC SafeSearch

Posted on November 3, 2020 by codeblue04

Challenge:

Name: Login MC SafeSearch

Description: Log in with MC SafeSearch’s original user credentials without applying SQL Injection or any other bypass.

Difficulty: 2 star

Category: Sensitive Data Exposure

Expanded Description: https://pwning.owasp-juice.shop/part2/sensitive-data-exposure.html

Hacking OWASP’s Juice Shop Pt. 6: Admin Section

Posted on November 2, 2020 by codeblue04

Challenge:

Name: Admin Section

Description: Access the administration section of the store.

Difficulty: 2 star

Category: Broken Access Control

Expanded Description: https://pwning.owasp-juice.shop/part2/broken-access-control.html

Hacking OWASP’s Juice Shop Pt. 5: Login Admin

Posted on November 1, 2020 by codeblue04

I’ve been writing up some fairly boring challenges for the sake of getting them out of the way, but now it’s finally time to actually hack!

Challenge:

Name: Login Admin

Description: Log in with the administrator’s user account

Difficulty: 2 star

Category: Injection

Expanded Description: https://pwning.owasp-juice.shop/part2/injection.html

Hacking OWASP’s Juice Shop Pt. 4: Privacy Policy

Posted on October 31, 2020 by codeblue04

Hardly a challenge.

Challenge:

Name: Privacy Policy

Description: Read our privacy policy.

Difficulty: 1 star

Category: Miscellaneous

Expanded Description:.https://pwning.owasp-juice.shop/part2/miscellaneous.html