We covered broken authentication and SQL injection walkthrough as part of OWASP Juice Shop from TryHackMe. we will look at OWASP’s TOP 10 vulnerabilities in web applications. You will find these in all types of web applications. But for today we will be looking at OWASP’s own creation, Juice Shop!.

OSCP Certificate Study Notes

Vulnerabilities Covered:


Injection vulnerabilities are quite dangerous to a company as they can potentially cause downtime and/or loss of data. Identifying injection points within a web application is usually quite simple, as most of them will return an error. SQL Injection is when an attacker enters a malicious or malformed query to either retrieve or tamper data from a database. And in some cases, log into accounts. Command Injection is when web applications take input or user-controlled data and run them as system commands. An attacker may tamper with this data to execute their own system commands. This can be seen in applications that perform misconfigured ping tests. Email injection is a security vulnerability that allows malicious users to send email messages without prior authorization by the email server. These occur when the attacker adds extra data to fields, which are not interpreted by the server correctly.

Broken Authentication

Sensitive Data Exposure

A web application should store and transmit sensitive data safely and securely. But in some cases, the developer may not correctly protect their sensitive data, making it vulnerable. Most of the time, data protection is not applied consistently across the web application making certain pages accessible to the public. Other times information is leaked to the public without the knowledge of the developer, making the web application vulnerable to an attack.

Broken Access Control

Modern-day systems will allow for multiple users to have access to different pages. Administrators most commonly use an administration page to edit, add and remove different elements of a website. You might use these when you are building a website with programs such as Weebly or Wix. When Broken Access Control exploits or bugs are found, it will be categorised into one of two types: Horizontal Privilege Escalation which Occurs when a user can perform an action or access data of another user with the same level of permissions and  Vertical Privilege Escalation which Occurs when a user can perform an action or access data of another user with a higher level of permissions.

Cross-Site Scripting XSS

XSS or Cross-site scripting is a vulnerability that allows attackers to run javascript in web applications. These are one of the most found bugs in web applications. Their complexity ranges from easy to extremely hard, as each web application parses the queries in a different way. There are three major types of XSS attacks: DOM XSS (Document Object Model-based Cross-site Scripting) uses the HTML environment to execute malicious javascript. This type of attack commonly uses the <script></script> HTML tag.  Persistent XSS is javascript that is run when the server loads the page containing it. These can occur when the server does not sanitise the user data when it is uploaded to a page. These are commonly found on blog posts.  Reflected XSS is javascript that is run on the client-side end of the web application. These are most commonly found when the server doesn’t sanitise search data.

Challenge Answers

Question #1: What’s the Administrator’s email address?


Question #2: What parameter is used for searching? 


Question #3: What show does Jim reference in his review? 

Star Trek

Question #1: Log into the administrator account!


Question #2: Log into the Bender account!


Question #1: Bruteforce the Administrator account’s password!


Question #2: Reset Jim’s password!


Question #1: Access the Confidential Document!


Question #2: Log into MC SafeSearch’s account!


Question #3: Download the Backup file!


Question #1: Access the administration page!


Question #2: View another user’s shopping basket!


Question #3: Remove all 5-star reviews!


Question #1: Perform a DOM XSS!


Question #2: Perform a persistent XSS!


Question #3: Perform a reflected XSS!


Access the /#/score-board/ page


Video Walkthrough(s)

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles