Share
## https://sploitus.com/exploit?id=606FB9F8-0AD4-5CF0-A506-E236F45187A6
# ๐Ÿ›ก OWASP Juice Shop โ€“ VAPT Assessment

Black-box web application penetration testing on OWASP Juice Shop demonstrating exploitation of SQL Injection, Cross-Site Scripting (XSS), Directory Exposure, and IDOR vulnerabilities.

---

## ๐Ÿ“Œ Assessment Overview

- **Target:** OWASP Juice Shop  
- **Testing Type:** Black-box Web Application Penetration Testing  
- **Tools Used:** Burp Suite, SQLmap, Dirsearch, Browser DevTools  
- **Total Findings:** 4  
  - Critical: 2  
  - High: 2  

---

## ๐Ÿšจ Vulnerability Summary

| # | Vulnerability | Severity | CVSS |
|---|--------------|----------|------|
| 1 | SQL Injection | Critical | 9.8 |
| 2 | Cross-Site Scripting (XSS) | Critical | 9.0 |
| 3 | Exposed FTP Directory | High | 7.5 |
| 4 | Privilege Escalation (IDOR) | High | 8.0 |

---
1๏ธโƒฃ SQL Injection โ€“ Authentication Bypass

POST /rest/user/login

๐Ÿ’‰ Payload Used
' OR 1=1--

๐Ÿ“ก Intercepted Request (Burp)
POST /rest/user/login HTTP/1.1
Content-Type: application/json

{
  "email": "' OR 1=1--",
  "password": "test"
}

โœ… Result

Authentication bypass successful.
JWT token returned.

๐Ÿ’ฅ Impact

Complete authentication bypass

Admin account compromise

Potential full database exposure
2๏ธโƒฃ Cross-Site Scripting (XSS)
๐ŸŽฏ Endpoint
#/search

๐Ÿ’‰ Payload
alert('XSS')

โœ… Result

JavaScript executed in browser context.
๐Ÿ’ฅ Impact

Session hijacking

Credential theft

Client-side attacks
3๏ธโƒฃ Exposed FTP Directory
๐ŸŽฏ URL
/ftp

โœ… Result

Directory listing enabled.
Files accessible without authentication.

๐Ÿ’ฅ Impact

Information disclosure

Exposure of internal files

Increased attack surface
4๏ธโƒฃ Privilege Escalation (IDOR)
๐ŸŽฏ Endpoint
GET /rest/basket/{id}

๐Ÿ›  Exploitation Method

Login as normal user

Intercept request in Burp

Modify basket ID

Modified Request
GET /rest/basket/1
Authorization: Bearer 

โœ… Result

Access to another user's basket.

๐Ÿ’ฅ Impact

Unauthorized data access

Privacy violation

Broken access control
๐Ÿง  Skills Demonstrated

Web Application Penetration Testing

Manual Exploitation Techniques

Burp Suite Interception & Manipulation

Injection Testing

Authorization Bypass Testing

Vulnerability Documentation

โš  Disclaimer

This testing was conducted in a controlled lab environment using OWASP Juice Shop, an intentionally vulnerable application designed for security training.