Shulou(Shulou.com)06/01 Report--

Answers to some questions in OWASP Juice Shop v6.4.1

OWASP Juice Shop is a shooting range environment dedicated to safety skills training.

The interface after installation is complete:

Score Board

This question means to find a hidden scoring interface, which can be found by looking at the web page source code.

Then open the page.

Admin Section&Error Handling

Visit the store management section. The site will collapse as soon as it explodes with tools, so it is manual here. After trying admin and administrator, it was unsuccessful. Baidu looked for administration and tried it.

Password Strength

Login administrator user, click login, construct statement

Successful landing

Five-Star Feedback

Just delete all 5-star feedback.

Complete

XSS Tier 1

Insert malicious code into the page, find a box at random, and construct a statement

Alert ("XSS")

Enter, complete

Zero Stars

For the simplest one, log in to a user at will, send a random feedback at the "contact us", and then change the content of the packet.

Just change "2" to 0.

Basket Access

It's easy to get into someone else's shopping basket, just change the bag.

Change "1" to another number and send it.

Password Strength

It is stipulated to log in with a password without a statement. Open the tool password burst, get the password is admin123, go back to the login interface, login can be completed

Reset Jim's Password can get the mailbox "@ juice-sh.op" from the previous question. Open the login interface, click to forget the password, enter the mailbox br/ > from the previous question, you can get the mailbox is "@ juice-sh.op". Open the login interface, click to forget the password, and enter the mailbox.

The Samuel in this is from Star Wars Terrier.

Login Jim

You can log in directly after changing the password of the user Jim.

Summary

This environment contains many representative loopholes, and many vulnerabilities also need to be analyzed by grabbing packets. Because of their own lack of technology, only the above problems have been solved. I have to say that this environment is good for newcomers in this field.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.