VULNERABILITIES
Gin & Juice Shop is packed with vulnerabilities, ready to put any web vulnerability scanner to the test. To help you evaluate, we've also listed notable difficulties and technologies.
ACCOUNT LOGIN DETAILS
| Username | carlos | Password | hunter2 |
|---|
| Path | Difficulties | Technologies | Vulnerabilities |
|---|---|---|---|
| / | JavaScript event handlers JavaScript modifies request | JavaScript | Base64-encoded data in parameter Request URL override |
| /about | |||
| /blog | Client-side prototype pollution Client-side template injection Cross-site scripting (DOM-based) Open redirection (DOM-based) | ||
| /blog/post | |||
| /catalog | Client-side template injection Cross-site scripting (reflected) DOM data manipulation (reflected DOM-based) HTTP response header injection Link manipulation (reflected DOM-based) SQL injection | ||
| /catalog/cart | |||
| /catalog/product | |||
| /catalog/product/stock | JavaScript event handlers JavaScript modifies request JavaScript client side rendering | JavaScript | XML external entity injection |
| /catalog/subscribe | Cross-site scripting (reflected) | ||
| /image/scanme/blog/posts/1.jpg | |||
| /image/scanme/blog/posts/2.jpg | |||
| /image/scanme/blog/posts/3.jpg | |||
| /image/scanme/blog/posts/4.jpg | |||
| /image/scanme/blog/posts/5.jpg | |||
| /image/scanme/blog/posts/6.jpg | |||
| /image/scanme/productcatalog/products/1.png | |||
| /image/scanme/productcatalog/products/10.png | |||
| /image/scanme/productcatalog/products/11.png | |||
| /image/scanme/productcatalog/products/12.png | |||
| /image/scanme/productcatalog/products/2.png | |||
| /image/scanme/productcatalog/products/3.png | |||
| /image/scanme/productcatalog/products/4.png | |||
| /image/scanme/productcatalog/products/5.png | |||
| /image/scanme/productcatalog/products/6.png | |||
| /image/scanme/productcatalog/products/7.png | |||
| /image/scanme/productcatalog/products/8.png | |||
| /image/scanme/productcatalog/products/9.png | |||
| /image/scanme/productcatalog/products/batch_1337.png | |||
| /image/scanme/productcatalog/products/kettle_still.png | |||
| /image/scanme/productcatalog/products/lost_in_a_heyes.png | |||
| /image/scanme/productcatalog/products/original_dry_sqli.png | |||
| /image/scanme/productcatalog/products/pineapple_edition.png | |||
| /image/scanme/productcatalog/products/purple_hat.png | |||
| /logger | |||
| /login | Cross-site scripting (reflected) DOM data manipulation (reflected DOM-based) | ||
| /my-account | |||
| /resources/css/labsBlog.css | |||
| /resources/css/labsEcommerce.css | |||
| /resources/css/labsScanme.css | |||
| /resources/fonts/JosefinSans/JosefinSans-Bold.woff | |||
| /resources/fonts/Poppins/poppins-bold.woff | |||
| /resources/fonts/Poppins/poppins.woff | |||
| /resources/footer/js/scanme.js | |||
| /resources/images/Portswigger.png | |||
| /resources/images/avatar.svg | |||
| /resources/images/batch1337_can.png | |||
| /resources/images/check-circle.svg | |||
| /resources/images/close-button.svg | |||
| /resources/images/copy-to-clipboard.svg | |||
| /resources/images/dark-blue-squiggle-pattern-tile.jpg | |||
| /resources/images/dry_SQLI_can.png | |||
| /resources/images/footer_graphic.jpg | |||
| /resources/images/g_j_bottle.png | |||
| /resources/images/gin-and-juice-distillery.jpg | |||
| /resources/images/gin-and-juice-shop-logo-small.svg | |||
| /resources/images/gin-and-juice-shop-logo.svg | |||
| /resources/images/gin-and-juice-team.jpg | |||
| /resources/images/gin-and-juice-team.mp4 | |||
| /resources/images/goggles.svg | |||
| /resources/images/hero_banner_background1.jpg | |||
| /resources/images/hero_banner_background2.png | |||
| /resources/images/heyes_bottle.png | |||
| /resources/images/icon-account.svg | |||
| /resources/images/icon-cart.svg | |||
| /resources/images/icon-search.svg | |||
| /resources/images/kettle_bottle.png | |||
| /resources/images/not-found.svg | |||
| /resources/images/pineapple-can.png | |||
| /resources/images/rating1.png | |||
| /resources/images/rating2.png | |||
| /resources/images/rating3.png | |||
| /resources/images/rating4.png | |||
| /resources/images/rating5.png | |||
| /resources/images/shopping-cart.svg | |||
| /resources/images/tracker.gif | |||
| /resources/js/angular_1-7-7.js | Vulnerable JavaScript dependency | ||
| /resources/js/deparam.js | |||
| /resources/js/react-dom.development.js | |||
| /resources/js/react.development.js | |||
| /resources/js/searchLogger.js | |||
| /resources/js/stockCheck.js | |||
| /resources/js/subscribeNow.js | |||
| /resources/js/xmlStockCheckPayload.js | |||
| /resources/labheader/css/scanMeHeader.css | |||
| /robots.txt |