Be sure to scroll down and view the whole post as there is both audio and video coverage of today's episode!

Intro

Today is part FOUR of our continuing series on attacking the OWASP Juice Shop which is "an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws."

Important note

The Juice Shop team is always working on cool and useful features, so before you get started hacking today, make sure you're running the latest Juice Shop container by using these commands:

docker pull bkimminich/juice-shop

Lets do this!

The vulnerabilities we'll pick at today include:

  • Leverage a union-based SQL injection vulnerability to squeeze juicy info out of the database, including usernames and password hashes!
  • Crack the discovered hashes
  • Change creds of one of our newly discovered users
  • Remove all 5-star ratings from the feedback section

Video:

Here's the complementary video content for today's audio podcast: