7MS #233: Pentesting OWASP Juice Shop - Part 4
Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!
The Juice Shop team is always working on cool and useful features, so before you get started hacking today, make sure you're running the latest Juice Shop container by using these commands:
docker pull bkimminich/juice-shop
Lets do this!
The vulnerabilities we'll pick at today include:
- Leverage a union-based SQL injection vulnerability to squeeze juicy info out of the database, including usernames and password hashes!
- Crack the discovered hashes
- Change creds of one of our newly discovered users
- Remove all 5-star ratings from the feedback section
Here's the complementary video content for today's audio podcast: