Recon Website

Looking at Page

When we first first the page It looks as shown below:

firefox --url https://ginandjuice.shop/

Looking at the hidden directory

feroxbuster --url https://ginandjuice.shop/ --filter-status 404

403      GET        1l        2w       15c https://ginandjuice.shop/admin
302      GET        0l        0w        0c https://ginandjuice.shop/logout => https://ginandjuice.shop/
200      GET       15l       51w     1175c https://ginandjuice.shop/resources/images/icon-account.svg
200      GET     3628l     8810w    83496c https://ginandjuice.shop/resources/css/labsScanme.css
200      GET      179l      439w     6307c https://ginandjuice.shop/resources/footer/js/scanme.js
302      GET        0l        0w        0c https://ginandjuice.shop/my-account => https://ginandjuice.shop/login
200      GET       17l       54w     1435c https://ginandjuice.shop/resources/images/icon-cart.svg
200      GET      350l     3296w   195161c https://ginandjuice.shop/resources/js/angular_1-7-7.js
200      GET      166l      648w    11166c https://ginandjuice.shop/about
200      GET      507l     1589w    17727c https://ginandjuice.shop/resources/labheader/css/scanMeHeader.css
200      GET       92l      222w     3739c https://ginandjuice.shop/resources/js/subscribeNow.js
200      GET      286l      714w    16798c https://ginandjuice.shop/catalog
200      GET      172l      673w    10923c https://ginandjuice.shop/blog
200      GET       98l      236w     5102c https://ginandjuice.shop/catalog/cart
405      GET        1l        3w       20c https://ginandjuice.shop/catalog/subscribe
400      GET        1l        3w       27c https://ginandjuice.shop/blog/post
400      GET        1l        3w       30c https://ginandjuice.shop/catalog/product
200      GET        4l       27w     1041c https://ginandjuice.shop/resources/images/rating3.png
200      GET        3l       18w      812c https://ginandjuice.shop/resources/images/rating5.png
200      GET       64l      258w     2128c https://ginandjuice.shop/resources/js/deparam.js
200      GET     1158l     2621w    23723c https://ginandjuice.shop/resources/css/labsBlog.css
200      GET       23l       55w      657c https://ginandjuice.shop/resources/js/searchLogger.js
200      GET     3342l    12825w   109909c https://ginandjuice.shop/resources/js/react.development.js
200      GET        3l       15w      979c https://ginandjuice.shop/resources/images/rating1.png
200      GET        3l       20w     1043c https://ginandjuice.shop/resources/images/rating4.png
403      GET        1l        2w       15c https://ginandjuice.shop/Admin
200      GET     1336l     3059w    28037c https://ginandjuice.shop/resources/css/labsEcommerce.css
200      GET        5l       21w     1062c https://ginandjuice.shop/resources/images/rating2.png
200      GET      209l     1412w   175137c https://ginandjuice.shop/image/scanme/blog/posts/5.jpg
200      GET      441l     2478w   207229c https://ginandjuice.shop/image/scanme/productcatalog/products/11.png
200      GET      301l     1989w   258433c https://ginandjuice.shop/image/scanme/blog/posts/3.jpg
200      GET      769l     3476w   256855c https://ginandjuice.shop/image/scanme/blog/posts/1.jpg
200      GET      364l     2275w   187239c https://ginandjuice.shop/image/scanme/productcatalog/products/4.png
404      GET      129l      351w     7326c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter
200      GET      132l      345w     7442c https://ginandjuice.shop/Login
200      GET      445l     2841w   318444c https://ginandjuice.shop/image/scanme/blog/posts/4.jpg
200      GET      719l     3757w   302697c https://ginandjuice.shop/image/scanme/productcatalog/products/2.png
200      GET      700l     4272w   337306c https://ginandjuice.shop/image/scanme/productcatalog/products/7.png
200      GET      419l     2791w   446670c https://ginandjuice.shop/image/scanme/blog/posts/6.jpg
200      GET     1025l     6111w   483064c https://ginandjuice.shop/image/scanme/productcatalog/products/10.png
200      GET      836l     4895w   387212c https://ginandjuice.shop/image/scanme/productcatalog/products/9.png
200      GET      420l     2889w   208898c https://ginandjuice.shop/resources/images/gin-and-juice-team.jpg
200      GET      298l     1844w   187708c https://ginandjuice.shop/resources/images/gin-and-juice-distillery.jpg
200      GET     1022l     6222w   480373c https://ginandjuice.shop/image/scanme/productcatalog/products/5.png
200      GET     1017l     6273w   516206c https://ginandjuice.shop/image/scanme/productcatalog/products/8.png
200      GET     1272l     8055w   662054c https://ginandjuice.shop/image/scanme/productcatalog/products/pineapple_edition.png
200      GET      172l      484w    10445c https://ginandjuice.shop/
200      GET     1201l     7411w   580391c https://ginandjuice.shop/image/scanme/productcatalog/products/purple_hat.png
200      GET    29869l   116026w  1077021c https://ginandjuice.shop/resources/js/react-dom.development.js
200      GET      132l      346w     7451c https://ginandjuice.shop/login
200      GET      931l     5166w   727474c https://ginandjuice.shop/image/scanme/blog/posts/2.jpg
200      GET     1193l     7603w   629337c https://ginandjuice.shop/image/scanme/productcatalog/products/original_dry_sqli.png
200      GET      286l      714w    16798c https://ginandjuice.shop/catalog/
200      GET     1266l     7911w   651119c https://ginandjuice.shop/image/scanme/productcatalog/products/batch_1337.png
200      GET     1126l     6905w   569926c https://ginandjuice.shop/image/scanme/productcatalog/products/12.png
200      GET     7711l    43184w  3472827c https://ginandjuice.shop/resources/images/gin-and-juice-team.mp4
200      GET     1407l     8305w   689546c https://ginandjuice.shop/image/scanme/productcatalog/products/1.png
200      GET     1489l     8168w   685398c https://ginandjuice.shop/image/scanme/productcatalog/products/3.png
200      GET     1080l     6618w   537017c https://ginandjuice.shop/image/scanme/productcatalog/products/kettle_still.png
200      GET     1228l     7134w   545804c https://ginandjuice.shop/image/scanme/productcatalog/products/lost_in_a_heyes.png
405      GET        1l        3w       20c https://ginandjuice.shop/subscribe
200      GET     1157l     6752w   568698c https://ginandjuice.shop/image/scanme/productcatalog/products/6.png
403      GET        1l        2w       15c https://ginandjuice.shop/ADMIN
200      GET      172l      671w    10905c https://ginandjuice.shop/Blog
200      GET        0l        0w        0c https://ginandjuice.shop/analytics
200      GET      166l      646w    11148c https://ginandjuice.shop/About
400      GET        1l        3w       30c https://ginandjuice.shop/catalog/Product
200      GET       98l      237w     5111c https://ginandjuice.shop/catalog/Cart
200      GET      286l      712w    16780c https://ginandjuice.shop/Catalog
302      GET        0l        0w        0c https://ginandjuice.shop/Logout => https://ginandjuice.shop/
200      GET      172l      671w    10905c https://ginandjuice.shop/BLOG
200      GET      166l      646w    11148c https://ginandjuice.shop/ABOUT
302      GET        0l        0w        0c https://ginandjuice.shop/My-Account => https://ginandjuice.shop/login
405      GET        1l        3w       20c https://ginandjuice.shop/Subscribe
405      GET        1l        3w       20c https://ginandjuice.shop/catalog/Subscribe
200      GET        0l        0w        0c https://ginandjuice.shop/Analytics
200      GET      132l      345w     7442c https://ginandjuice.shop/LOGIN
200      GET       98l      237w     5111c https://ginandjuice.shop/catalog/CART
400      GET        1l        3w       30c https://ginandjuice.shop/catalog/PRODUCT
200      GET      118l      488w     8011c https://ginandjuice.shop/promise

Accessed /admin

We are getting an access denied error.

https://ginandjuice.shop/vulnerabilities

Upon discovering a hint on the website indicating potential vulnerabilities, I will consider this information as a preliminary scan report.

Important things to consider:

Path: /	
Difficulties: JavaScript event handlers, JavaScript modifies request
Technologies: JavaScript
Vulnerabilities: Base64-encoded data in parameter, Request URL override

Path: /blog			
Vulnerabilities: Client-side prototype pollution, Client-side template injection, Cross-site scripting (DOM-based), Open redirection (DOM-based)

Path: /catalog			
Vulnerabilities: Client-side template injection, Cross-site scripting (reflected), DOM data manipulation (reflected DOM-based), HTTP response header injection, Link manipulation (reflected DOM-based), SQL injection

Path: /catalog/product/stock	
Difficulties: JavaScript event handlers, JavaScript modifies request, JavaScript client-side rendering
Technologies: JavaScript
Vulnerabilities: XML external entity injection

Path: /catalog/subscribe			
Vulnerabilities: Cross-site scripting (reflected)

Path: /login			
Vulnerabilities: Cross-site scripting (reflected), DOM data manipulation (reflected DOM-based)

Path: /resources/js/angular_1-7-7.js			
Vulnerabilities: Vulnerable JavaScript dependency

Let's Try to exploit it one by one.

Exploring Terms:

JavaScript event handlers

JavaScript Events - GeeksforGeeksGeeksforGeeks

JavaScript events are actions that occur when a user interacts with the browser, such as clicking a button, hovering over an element, or submitting a form. JavaScript provides many event listeners to handle these interactions. Examples include onclick, onmouseover, onkeydown, and more. The functions that execute in response to these events are called JavaScript event handlers.

PreviousGin & Juice Shop NextPath: /

Last updated 1 year ago

403 GET 1l 2w 15c https://ginandjuice.shop/admin 302 GET 0l 0w 0c https://ginandjuice.shop/logout => https://ginandjuice.shop/ 200 GET 15l 51w 1175c https://ginandjuice.shop/resources/images/icon-account.svg 200 GET 3628l 8810w 83496c https://ginandjuice.shop/resources/css/labsScanme.css 200 GET 179l 439w 6307c https://ginandjuice.shop/resources/footer/js/scanme.js 302 GET 0l 0w 0c https://ginandjuice.shop/my-account => https://ginandjuice.shop/login 200 GET 17l 54w 1435c https://ginandjuice.shop/resources/images/icon-cart.svg 200 GET 350l 3296w 195161c https://ginandjuice.shop/resources/js/angular_1-7-7.js 200 GET 166l 648w 11166c https://ginandjuice.shop/about 200 GET 507l 1589w 17727c https://ginandjuice.shop/resources/labheader/css/scanMeHeader.css 200 GET 92l 222w 3739c https://ginandjuice.shop/resources/js/subscribeNow.js 200 GET 286l 714w 16798c https://ginandjuice.shop/catalog 200 GET 172l 673w 10923c https://ginandjuice.shop/blog 200 GET 98l 236w 5102c https://ginandjuice.shop/catalog/cart 405 GET 1l 3w 20c https://ginandjuice.shop/catalog/subscribe 400 GET 1l 3w 27c https://ginandjuice.shop/blog/post 400 GET 1l 3w 30c https://ginandjuice.shop/catalog/product 200 GET 4l 27w 1041c https://ginandjuice.shop/resources/images/rating3.png 200 GET 3l 18w 812c https://ginandjuice.shop/resources/images/rating5.png 200 GET 64l 258w 2128c https://ginandjuice.shop/resources/js/deparam.js 200 GET 1158l 2621w 23723c https://ginandjuice.shop/resources/css/labsBlog.css 200 GET 23l 55w 657c https://ginandjuice.shop/resources/js/searchLogger.js 200 GET 3342l 12825w 109909c https://ginandjuice.shop/resources/js/react.development.js 200 GET 3l 15w 979c https://ginandjuice.shop/resources/images/rating1.png 200 GET 3l 20w 1043c https://ginandjuice.shop/resources/images/rating4.png 403 GET 1l 2w 15c https://ginandjuice.shop/Admin 200 GET 1336l 3059w 28037c https://ginandjuice.shop/resources/css/labsEcommerce.css 200 GET 5l 21w 1062c https://ginandjuice.shop/resources/images/rating2.png 200 GET 209l 1412w 175137c https://ginandjuice.shop/image/scanme/blog/posts/5.jpg 200 GET 441l 2478w 207229c https://ginandjuice.shop/image/scanme/productcatalog/products/11.png 200 GET 301l 1989w 258433c https://ginandjuice.shop/image/scanme/blog/posts/3.jpg 200 GET 769l 3476w 256855c https://ginandjuice.shop/image/scanme/blog/posts/1.jpg 200 GET 364l 2275w 187239c https://ginandjuice.shop/image/scanme/productcatalog/products/4.png 404 GET 129l 351w 7326c Auto-filtering found 404-like response and created new filter; toggle off with --dont-filter 200 GET 132l 345w 7442c https://ginandjuice.shop/Login 200 GET 445l 2841w 318444c https://ginandjuice.shop/image/scanme/blog/posts/4.jpg 200 GET 719l 3757w 302697c https://ginandjuice.shop/image/scanme/productcatalog/products/2.png 200 GET 700l 4272w 337306c https://ginandjuice.shop/image/scanme/productcatalog/products/7.png 200 GET 419l 2791w 446670c https://ginandjuice.shop/image/scanme/blog/posts/6.jpg 200 GET 1025l 6111w 483064c https://ginandjuice.shop/image/scanme/productcatalog/products/10.png 200 GET 836l 4895w 387212c https://ginandjuice.shop/image/scanme/productcatalog/products/9.png 200 GET 420l 2889w 208898c https://ginandjuice.shop/resources/images/gin-and-juice-team.jpg 200 GET 298l 1844w 187708c https://ginandjuice.shop/resources/images/gin-and-juice-distillery.jpg 200 GET 1022l 6222w 480373c https://ginandjuice.shop/image/scanme/productcatalog/products/5.png 200 GET 1017l 6273w 516206c https://ginandjuice.shop/image/scanme/productcatalog/products/8.png 200 GET 1272l 8055w 662054c https://ginandjuice.shop/image/scanme/productcatalog/products/pineapple_edition.png 200 GET 172l 484w 10445c https://ginandjuice.shop/ 200 GET 1201l 7411w 580391c https://ginandjuice.shop/image/scanme/productcatalog/products/purple_hat.png 200 GET 29869l 116026w 1077021c https://ginandjuice.shop/resources/js/react-dom.development.js 200 GET 132l 346w 7451c https://ginandjuice.shop/login 200 GET 931l 5166w 727474c https://ginandjuice.shop/image/scanme/blog/posts/2.jpg 200 GET 1193l 7603w 629337c https://ginandjuice.shop/image/scanme/productcatalog/products/original_dry_sqli.png 200 GET 286l 714w 16798c https://ginandjuice.shop/catalog/ 200 GET 1266l 7911w 651119c https://ginandjuice.shop/image/scanme/productcatalog/products/batch_1337.png 200 GET 1126l 6905w 569926c https://ginandjuice.shop/image/scanme/productcatalog/products/12.png 200 GET 7711l 43184w 3472827c https://ginandjuice.shop/resources/images/gin-and-juice-team.mp4 200 GET 1407l 8305w 689546c https://ginandjuice.shop/image/scanme/productcatalog/products/1.png 200 GET 1489l 8168w 685398c https://ginandjuice.shop/image/scanme/productcatalog/products/3.png 200 GET 1080l 6618w 537017c https://ginandjuice.shop/image/scanme/productcatalog/products/kettle_still.png 200 GET 1228l 7134w 545804c https://ginandjuice.shop/image/scanme/productcatalog/products/lost_in_a_heyes.png 405 GET 1l 3w 20c https://ginandjuice.shop/subscribe 200 GET 1157l 6752w 568698c https://ginandjuice.shop/image/scanme/productcatalog/products/6.png 403 GET 1l 2w 15c https://ginandjuice.shop/ADMIN 200 GET 172l 671w 10905c https://ginandjuice.shop/Blog 200 GET 0l 0w 0c https://ginandjuice.shop/analytics 200 GET 166l 646w 11148c https://ginandjuice.shop/About 400 GET 1l 3w 30c https://ginandjuice.shop/catalog/Product 200 GET 98l 237w 5111c https://ginandjuice.shop/catalog/Cart 200 GET 286l 712w 16780c https://ginandjuice.shop/Catalog 302 GET 0l 0w 0c https://ginandjuice.shop/Logout => https://ginandjuice.shop/ 200 GET 172l 671w 10905c https://ginandjuice.shop/BLOG 200 GET 166l 646w 11148c https://ginandjuice.shop/ABOUT 302 GET 0l 0w 0c https://ginandjuice.shop/My-Account => https://ginandjuice.shop/login 405 GET 1l 3w 20c https://ginandjuice.shop/Subscribe 405 GET 1l 3w 20c https://ginandjuice.shop/catalog/Subscribe 200 GET 0l 0w 0c https://ginandjuice.shop/Analytics 200 GET 132l 345w 7442c https://ginandjuice.shop/LOGIN 200 GET 98l 237w 5111c https://ginandjuice.shop/catalog/CART 400 GET 1l 3w 30c https://ginandjuice.shop/catalog/PRODUCT 200 GET 118l 488w 8011c https://ginandjuice.shop/promise

hashtagLooking at Page

hashtagLooking at the hidden directory

hashtagExploring Terms:

hashtagJavaScript event handlers

Looking at Page

Looking at the hidden directory

Exploring Terms:

JavaScript event handlers