7MS #232: Pentesting OWASP Juice Shop - Part 3
Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!
The Juice Shop team is always working on cool and useful features, so before you get started hacking today, make sure you're running the latest Juice Shop container by using these commands:
docker pull bkimminich/juice-shop
Lets squeeze this juice shop like a juice box!
The vulnerabilities we'll pick at today include:
dirbto discover files/folders we might not otherwise see by just exploring Juice Shop in the browser.
- Learning about using/abusing null byte injection to trick the server into letting us download files we shouldn't be able to see.
- Using Burp and CO2 to identify and exploit SQL injection vulnerabilities.
Here's the complementary video content for today's audio podcast: