If you missed day one check it out here:
https://medium.com/@osintiostom/owasp-juice-shop-63d1c328192b
How to retrieve a list of all user credentials via SQL Injection
I found this in main.js
The only page that provided different information when I was logged in was /adminstration.
SQL Injection http://webapplication21.herokuapp.com/rest/product/search?q=’)) UNION SELECT FROM Users —
Had to research what this meant basically I need to list the number of columns
Read this https://www.exploit-db.com/docs/41397
https://webapplication21.herokuapp.com/rest/product/search?=https://webapplication21.herokuapp.com/rest/product/search?q=%27))%20UNION%20SELECT%20%271%27,%20%272%27,%20%273%27,%20%274%27,%20%275%27,%20%276%27,%20%277%27,%20%278%27%20FROM%20Users--
Trail and error with tables was a bit challenging
Get registered as admin user
I found the path /api/Users earlier, just did know what it did.
I Finally decided to register as a new, noticed request to Users was made.
Clicked on Users and noticed isAdmin is sent as false, maybe sent a POST with true?????
Retrieve the language file that never made it into production
Looks like I will start following the trail by starting with component, I also find matcher: Ca pretty interesting. Checking ctrl+f login
ctrl+f user (main.js)
https://webapplication21.herokuapp.com/api/Feedbacks
Please checkout the below links
Resume website — https://tommarler.org
Linkedin — https://www.linkedin.com/in/tom-m-bb4857112/
