search

juice-shop / juice-shop

OWASP Juice Shop: Probably the most modern and sophisticated insecure web application
https://owasp-juice.shop
MIT License
10.35k stars 10.69k forks source link

[🐛] Session storage crashes docker container #2358

Open mezotv opened 2 weeks ago

mezotv commented 2 weeks ago

:bug: Bug report

Description

When trying to generate a coupon code I modified the session storage to attempt that issue. When doing so and trying to purchase the item my docker container crashed.

Is this a regression?

No

:microscope: Minimal Reproduction

  1. Open the dev tools and navigate to session storage
  2. Put items in your basket
  3. Go to checkout and add any valid coupon
  4. Set the percentage of that coupon to 100
  5. Try to purchase said item at 100% discount

:fire: Exception or Error


Error [ERR_HTTP_HEADERS_SENT]: Cannot set headers after they are sent to the client
    at ServerResponse.setHeader (node:_http_outgoing:659:11)
    at ServerResponse.header (/juice-shop/node_modules/express/lib/response.js:795:10)
    at ServerResponse.send (/juice-shop/node_modules/express/lib/response.js:175:12)
    at ServerResponse.json (/juice-shop/node_modules/express/lib/response.js:279:15)
    at WriteStream. (/juice-shop/build/routes/order.js:64:25) {
  code: 'ERR_HTTP_HEADERS_SENT'
}

:deciduous_tree: Your Environment


Node 20.17.0
Npm 10.8.3
Docker 27.2.0
KapilSareen commented 1 week ago

Hi @mezotv , I tried to recreate this issue but it does not seem to crash in my case. Are you certain these were the only steps you did that led to the docker container crash?

bkimminich commented 1 week ago

How do you perform step 4? When submitting the coupon, you will get the discount value as a response, so that the UI can show the value. At no point is the discount value is directly submitted by the client to the server. It only submits the code, which is then processed on the server.

@mezotv If you meant that you created a coupon with the equivalent of 100% discount, could you post that here please so I can try it?

mezotv commented 1 week ago

How do you perform step 4? When submitting the coupon, you will get the discount value as a response, so that the UI can show the value. At no point is the discount value is directly submitted by the client to the server. It only submits the code, which is then processed on the server.

@mezotv If you meant that you created a coupon with the equivalent of 100% discount, could you post that here please so I can try it?

There was a value in the session/local storage that represented the percentage of the coupon for me changing that to 100 and trying to purchase with that coupon crashed the container.

bkimminich commented 1 week ago

Please send your example, otherwise I'm not even sure if you used a regular coupon or a campaign code. Thanks.

mezotv commented 1 week ago

Please send your example, otherwise I'm not even sure if you used a regular coupon or a campaign code. Thanks.

Ill try to do that tlday after work!

mezotv commented 1 week ago

Pretty sure it was this code I applied pEw8pg+yBo added that then edited the local storage and pressed the purchase button. Thats when the container crashed

bkimminich commented 1 week ago

Would you be able to reproduce this and could post the error log from the server so I see the exception stack trace?

mezotv commented 1 week ago

Would you be able to reproduce this and could post the error log from the server so I see the exception stack trace?

I probably wont have time to do that in the next few days but somewhere later next week I should be able to!