Skip to content

Latest commit

 

History

History
36 lines (28 loc) · 1.29 KB

juice-shop.md

File metadata and controls

36 lines (28 loc) · 1.29 KB

OWASP Juice Shop

This lesson is to introduce you to a practical web application, and demonstrate some initial cyber security issues that show the website to be vulnerable to attack.

Learning Objectives

  • Understand how SQL injection and password brute force attacks can be used against the vulnerable website.
  • Identify vulnerable data storage methods within the website.
  • Understand different forms of Cross-Site Scripting attacks.

Task

https://owasp.org/www-project-juice-shop/

  1. What's the Administrator's email address?
  2. What parameter is used for searching?
  3. What show does Jim reference in his review?
  4. Log into the administrator account!
  5. Log into the Bender account!
  6. Bruteforce the Administrator account's password!
  7. Reset Jim's password!
  8. Access the Confidential Document!
  9. Log into MC SafeSearch's account!
  10. Download the Backup file!
  11. Access the administration page!
  12. View another user's shopping basket!
  13. Remove all 5-star reviews!
  14. Perform a DOM XSS!
  15. Perform a persistent XSS!
  16. Perform a reflected XSS!
  17. Access the /#/score-board/ page (provides even more challenges!)