Permalink
Browse files

Fix spelling of JavaScript

[ci skip]
  • Loading branch information...
bkimminich committed Sep 12, 2017
1 parent 4e483fe commit 5bf8c508af5a522bac3c8300ee053718c8d163ab
Showing with 13 additions and 13 deletions.
  1. +1 −1 Dockerfile
  2. +2 −2 README.md
  3. +1 −1 REFERENCES.md
  4. +1 −1 app.json
  5. +1 −1 app/index.template.html
  6. +1 −1 app/js/controllers/OAuthController.js
  7. +1 −1 bower.json
  8. +1 −1 docker/Dockerfile.template
  9. +1 −1 ftp/package.json.bak
  10. +1 −1 package.json
  11. +2 −2 test/api/fileServingSpec.js
@@ -1,4 +1,4 @@
# OWASP Juice Shop - An intentionally insecure Javascript Web Application
# OWASP Juice Shop - An intentionally insecure JavaScript Web Application
FROM node:6-alpine
MAINTAINER Bjoern Kimminich <bjoern.kimminich@owasp.org>
LABEL version = "5.0.0"
@@ -13,7 +13,7 @@
> ([@shehackspurple](https://twitter.com/shehackspurple))
OWASP Juice Shop is an intentionally insecure web application written
entirely in Javascript which encompasses the entire range of
entirely in JavaScript which encompasses the entire range of
[OWASP Top Ten](https://www.owasp.org/index.php/OWASP_Top_Ten) and other
severe security flaws.
@@ -120,7 +120,7 @@ docker run -d -p 80:3000 bkimminich/juice-shop
> and login. Apart from the visual/audible effect, the attacker also
> installed [an input logger](http://192.168.33.10/logger.php) to grab
> credentials! This could easily run on a 3rd party server in real life!
>
>
> _This feature is only available when running a Vagrant box. A
> recording of the effect is available on Youtube:_
> [:tv:](https://www.youtube.com/watch?v=L7ZEMWRm7LA)
@@ -178,7 +178,7 @@ where this project was mentioned or used!
by Björn Kimminich,
[German OWASP Day 2015](http://lanyrd.com/2015/owasp-d2015/),
01.12.2015
* [Juice Shop - Hacking an intentionally insecure Javascript Web Application](http://lanyrd.com/2015/jsunconf/sdmpzk/)
* [Juice Shop - Hacking an intentionally insecure JavaScript Web Application](http://lanyrd.com/2015/jsunconf/sdmpzk/)
by Björn Kimminich,
[JS Unconf 2015](http://lanyrd.com/2015/jsunconf/), 25.04.2015
* [So ein Saftladen! - Hacking Session für Developer (und Pentester)](http://lanyrd.com/2015/owasp-de/sdhctr/)
@@ -1,6 +1,6 @@
{
"name": "OWASP Juice Shop",
"description": "An intentionally insecure Javascript Web Application",
"description": "An intentionally insecure JavaScript Web Application",
"website": "https://www.owasp.org/index.php/OWASP_Juice_Shop_Project",
"repository": "https://github.com/bkimminich/juice-shop",
"logo": "https://raw.githubusercontent.com/bkimminich/juice-shop/master/app/public/images/JuiceShop_Logo.png",
@@ -12,7 +12,7 @@
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<title ng-bind="applicationName"></title>
<meta name="description" content="An intentionally insecure Javascript Web Application">
<meta name="description" content="An intentionally insecure JavaScript Web Application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<!-- Bootstrap -->
<link ng-controller="NavbarController" href="bower_components/bootswatch/slate/bootstrap.min.css" rel="stylesheet" id="theme">
@@ -37,7 +37,7 @@ angular.module('juiceShop').controller('OAuthController', [
/**
* Only the 'access_token' parameter is needed. This function only extracts all parameters to have some realistic
* parsing logic in the minified Javascript. This "noise code" is supposed to make analyzing the mechanism harder
* parsing logic in the minified JavaScript. This "noise code" is supposed to make analyzing the mechanism harder
* for the attacker.
*/
function parseRedirectUrlParams () {
@@ -1,6 +1,6 @@
{
"name": "juice-shop",
"description": "An intentionally insecure Javascript Web Application",
"description": "An intentionally insecure JavaScript Web Application",
"version": "5.0.0",
"private": true,
"dependencies": {
@@ -1,4 +1,4 @@
# OWASP Juice Shop - An intentionally insecure Javascript Web Application
# OWASP Juice Shop - An intentionally insecure JavaScript Web Application
FROM node:%%NODE_VERSION%%-alpine
MAINTAINER Bjoern Kimminich <bjoern.kimminich@owasp.org>
LABEL version = "%%APP_VERSION%%"
@@ -1,7 +1,7 @@
{
"name": "juice-shop",
"version": "5.0.0-SNAPSHOT",
"description": "An intentionally insecure Javascript Web Application",
"description": "An intentionally insecure JavaScript Web Application",
"homepage": "https://www.owasp.org/index.php/OWASP_Juice_Shop_Project",
"author": "Björn Kimminich <bjoern.kimminich@owasp.org> (https://www.owasp.org/index.php/User:Bjoern_Kimminich)",
"contributors": [
@@ -1,7 +1,7 @@
{
"name": "juice-shop",
"version": "5.0.0",
"description": "An intentionally insecure Javascript Web Application",
"description": "An intentionally insecure JavaScript Web Application",
"homepage": "https://www.owasp.org/index.php/OWASP_Juice_Shop_Project",
"author": "Björn Kimminich <bjoern.kimminich@owasp.org> (https://www.owasp.org/index.php/User:Bjoern_Kimminich)",
"contributors": [
@@ -32,14 +32,14 @@ describe('Server', () => {
it('GET a restricted file directly from file system path on server via Directory Traversal attack loads index.html instead', done => {
frisby.get(URL + '/public/images/../../ftp/eastere.gg')
.expect('status', 200)
.expect('bodyContains', '<meta name="description" content="An intentionally insecure Javascript Web Application">')
.expect('bodyContains', '<meta name="description" content="An intentionally insecure JavaScript Web Application">')
.done(done)
})
it('GET a restricted file directly from file system path on server via URL-encoded Directory Traversal attack loads index.html instead', done => {
frisby.get(URL + '/public/images/%2e%2e%2f%2e%2e%2fftp/eastere.gg')
.expect('status', 200)
.expect('bodyContains', '<meta name="description" content="An intentionally insecure Javascript Web Application">')
.expect('bodyContains', '<meta name="description" content="An intentionally insecure JavaScript Web Application">')
.done(done)
})
})

0 comments on commit 5bf8c50

Please sign in to comment.