Shulou(Shulou.com)06/01 Report--

Answers to part of the question of OWASP Juice Shop v6.4.1 (2)

Previous link: https://blog.51cto.com/10506646/2067233

Confidential Document

By grabbing the package, we can analyze that the website has a directory called ftp, and enter the

Redirects Tier 1 can be completed by visiting all at once.

By analyzing the source code of the payment interface, you can find a string of hidden code, copy the link and open it.

Christmas Special

Find a "special Christmas item", first go to search to check the error code, type'; to return

Use burpsuite to crawl packets

Fix the statement and you can see the Christmas merchandise that "does not exist"

))--

Easter Egg Tier 1 can be checked out after joining the shopping basket.

Find the hidden Easter eggs, according to Confidential Document this question can be concluded that there is a ftp directory, enter, see a named eastere.gg, but the server only allows .md and .pdf files to open, do not card .gg, this time can be truncated with 00

Why not directly here, but% 2500, because the URL url escapes a special string,% =% 25 reference article: http://blog.csdn.net/pcyph/article/details/45010609

5.Forged Feedback

Feedback with other people's user names, through the question of Basket Access, it can be concluded that the server has exceeded its authority. Click "contact us", submit a feedback, and then grab the package

UserID:1 stands for admin. Just change 1 to another number and submit it.

6.Upload Type

Just upload a file that is not a pdf file in "complaint".

Change the filename in the packet and change the file suffix

7.Upload Size

The uploaded file is larger than 100KB

The website is restricted and cannot be uploaded directly. It can be changed directly.

Change the content and enter something at random, which is larger than 100KB.

8.XSS Tier 2

Instead of inserting the XSS directly into the box and popping up, it is a persistent XSS, which goes to the interface of the registered user, submits a form normally, grabs the package, and then changes the mailbox to a XSS statement.

And then you'll find that you made a mistake.

View error message

It is found that each double quotation mark should be preceded by a backslash to reconstruct the statement.

Submit, then log in to admin, go to the / administration page, and succeed

Because / administration is the administrative interface, you can see all registered users, and the XSS submitted here will be executed

Summary:

Or because their own skills are not enough, so only completed less than 40% of the questions, many questions test the use of code audit and bag grabbing tools, very interesting environment, here posted a friend's blog link, you can also browse (laugh)

Https://blog.51cto.com/12804405

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.