7MS #234: Pentesting OWASP Juice Shop - Part 5

Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Intro

Today is part FIVE (insert menacing voice: "the final chapter!!!) of our series on attacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

Important note

The Juice Shop team is always working on cool and useful features, so before you get started hacking today, make sure you're running the latest Juice Shop container by using these commands:

docker pull bkimminich/juice-shop

Lets do this!

The vulnerabilities we'll pick at today include:

  • Identifying a vulnerable library that the Juice Shop should definitely not be using!
  • Identifying an algorithm that also should not be used.
  • Do some nifty z85 encoding/decoding.
  • Craft a special coupon that will give us 80%+ off our next Juice Shop order!
  • Injecting three XSS payloads of varying difficulty
  • Fooling a file upload capability to let us upload whatever extensions we want - and whatever size we want too!
  • Change the URL within a Juice Shop product description.
  • Defeat a pesky URL redirect.
  • Order a hidden item from the shop.
  • Find a hidden language file within the site.

Video:

Here's the complementary video content for today's audio podcast: