Medium |
Content Security Policy (CSP) Header Not Set |
Description |
Content Security Policy (CSP) is an added layer of security that helps to detect and mitigate certain types of attacks, including Cross Site Scripting (XSS) and data injection attacks. These attacks are used for everything from data theft to site defacement or distribution of malware. CSP provides a set of standard HTTP headers that allow website owners to declare approved sources of content that browsers should be allowed to load on that page — covered types are JavaScript, CSS, HTML frames, fonts, images and embeddable objects such as Java applets, ActiveX, audio and video files.
|
|
URL |
http://localhost:3000 |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 228 bytes.
|
GET http://localhost:3000 HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/ |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 229 bytes.
|
GET http://localhost:3000/ HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:27 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/ |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 275 bytes.
|
GET http://localhost:3000/assets/ HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 402 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 374 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 381 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 386 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 384 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 384 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 383 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 346 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 353 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 358 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 356 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 356 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 355 bytes.
|
GET http://localhost:3000/assets/assets/public/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 304 bytes.
|
GET http://localhost:3000/assets/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 325 bytes.
|
GET http://localhost:3000/assets/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 330 bytes.
|
GET http://localhost:3000/assets/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 328 bytes.
|
GET http://localhost:3000/assets/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 328 bytes.
|
GET http://localhost:3000/assets/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 327 bytes.
|
GET http://localhost:3000/assets/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 283 bytes.
|
GET http://localhost:3000/assets/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 288 bytes.
|
GET http://localhost:3000/assets/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/ |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 289 bytes.
|
GET http://localhost:3000/assets/public/ HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 416 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 388 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 395 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 400 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 398 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 398 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 397 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 360 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 367 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 372 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 370 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 370 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 369 bytes.
|
GET http://localhost:3000/assets/public/assets/public/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:33 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/favicon_js.ico |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 318 bytes.
|
GET http://localhost:3000/assets/public/assets/public/favicon_js.ico HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 339 bytes.
|
GET http://localhost:3000/assets/public/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 344 bytes.
|
GET http://localhost:3000/assets/public/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 342 bytes.
|
GET http://localhost:3000/assets/public/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 342 bytes.
|
GET http://localhost:3000/assets/public/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 341 bytes.
|
GET http://localhost:3000/assets/public/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/assets/public/favicon_js.ico
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/main.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 297 bytes.
|
GET http://localhost:3000/assets/public/main.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/polyfills.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 302 bytes.
|
GET http://localhost:3000/assets/public/polyfills.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 300 bytes.
|
GET http://localhost:3000/assets/public/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 300 bytes.
|
GET http://localhost:3000/assets/public/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/public/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 299 bytes.
|
GET http://localhost:3000/assets/public/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/public/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/runtime.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 286 bytes.
|
GET http://localhost:3000/assets/runtime.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/styles.css |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 286 bytes.
|
GET http://localhost:3000/assets/styles.css HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/assets/vendor.js |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 285 bytes.
|
GET http://localhost:3000/assets/vendor.js HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/assets/
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 14:02:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
http://localhost:3000/ftp |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 275 bytes.
|
GET http://localhost:3000/ftp HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/robots.txt
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 338 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Content-Length: 11063
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:27 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 11,052 bytes.
|
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<title>listing directory /ftp</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2, h3 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
h3 {
margin: 5px 0 10px 0;
padding-bottom: 5px;
border-bottom: 1px solid #eee;
font-size: 18px;
}
ul li {
list-style: none;
}
ul li:hover {
cursor: pointer;
color: #2e2e2e;
}
ul li .path {
padding-left: 5px;
font-weight: bold;
}
ul li .line {
padding-right: 5px;
font-style: italic;
}
ul li:first-child .path {
padding-left: 0;
}
p {
line-height: 1.5;
}
a {
color: #555;
text-decoration: none;
}
a:hover {
color: #303030;
}
#stacktrace {
margin-top: 15px;
}
.directory h1 {
margin-bottom: 15px;
font-size: 18px;
}
ul#files {
width: 100%;
height: 100%;
overflow: hidden;
}
ul#files li {
float: left;
width: 30%;
line-height: 25px;
margin: 1px;
}
ul#files li a {
display: block;
height: 25px;
border: 1px solid transparent;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
overflow: hidden;
white-space: nowrap;
}
ul#files li a:focus,
ul#files li a:hover {
background: rgba(255,255,255,0.65);
border: 1px solid #ececec;
}
ul#files li a.highlight {
-webkit-transition: background .4s ease-in-out;
background: #ffff4f;
border-color: #E9DC51;
}
#search {
display: block;
position: fixed;
top: 20px;
right: 20px;
width: 90px;
-webkit-transition: width ease 0.2s, opacity ease 0.4s;
-moz-transition: width ease 0.2s, opacity ease 0.4s;
-webkit-border-radius: 32px;
-moz-border-radius: 32px;
-webkit-box-shadow: inset 0px 0px 3px rgba(0, 0, 0, 0.25), inset 0px 1px 3px rgba(0, 0, 0, 0.7), 0px 1px 0px rgba(255, 255, 255, 0.03);
-moz-box-shadow: inset 0px 0px 3px rgba(0, 0, 0, 0.25), inset 0px 1px 3px rgba(0, 0, 0, 0.7), 0px 1px 0px rgba(255, 255, 255, 0.03);
-webkit-font-smoothing: antialiased;
text-align: left;
font: 13px "Helvetica Neue", Arial, sans-serif;
padding: 4px 10px;
border: none;
background: transparent;
margin-bottom: 0;
outline: none;
opacity: 0.7;
color: #888;
}
#search:focus {
width: 120px;
opacity: 1.0;
}
/*views*/
#files span {
display: inline-block;
overflow: hidden;
text-overflow: ellipsis;
text-indent: 10px;
}
#files .name {
background-repeat: no-repeat;
}
#files .icon .name {
text-indent: 28px;
}
/*tiles*/
.view-tiles .name {
width: 100%;
background-position: 8px 5px;
}
.view-tiles .size,
.view-tiles .date {
display: none;
}
/*details*/
ul#files.view-details li {
float: none;
display: block;
width: 90%;
}
ul#files.view-details li.header {
height: 25px;
background: #000;
color: #fff;
font-weight: bold;
}
.view-details .header {
border-radius: 5px;
}
.view-details .name {
width: 60%;
background-position: 8px 5px;
}
.view-details .size {
width: 10%;
}
.view-details .date {
width: 30%;
}
.view-details .size,
.view-details .date {
text-align: right;
direction: rtl;
}
/*mobile*/
@media (max-width: 768px) {
body {
font-size: 13px;
line-height: 16px;
padding: 0;
}
#search {
position: static;
width: 100%;
font-size: 2em;
line-height: 1.8em;
text-indent: 10px;
border: 0;
border-radius: 0;
padding: 10px 0;
margin: 0;
}
#search:focus {
width: 100%;
border: 0;
opacity: 1;
}
.directory h1 {
font-size: 2em;
line-height: 1.5em;
color: #fff;
background: #000;
padding: 15px 10px;
margin: 0;
}
ul#files {
border-top: 1px solid #cacaca;
}
ul#files li {
float: none;
width: auto !important;
display: block;
border-bottom: 1px solid #cacaca;
font-size: 2em;
line-height: 1.2em;
text-indent: 0;
margin: 0;
}
ul#files li:nth-child(odd) {
background: #e0e0e0;
}
ul#files li a {
height: auto;
border: 0;
border-radius: 0;
padding: 15px 10px;
}
ul#files li a:focus,
ul#files li a:hover {
border: 0;
}
#files .header,
#files .size,
#files .date {
display: none !important;
}
#files .name {
float: none;
display: inline-block;
width: 100%;
text-indent: 0;
background-position: 0 50%;
}
#files .icon .name {
text-indent: 41px;
}
}
#files .icon-directory .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAWtQTFRFAAAA/PPQ9Nhc2q402qQ12qs2/PTX2pg12p81+/LM89NE9dto2q82+/fp2rM22qY39d6U+/bo2qo2/frx/vz32q812qs12qE279SU8c4w9NZP+/LK//367s9y7s925cp0/vzw9t92//342po2/vz25s1579B6+OSO2bQ0/v799NyT8tE79dld8Msm+OrC/vzx79KA2IYs7s6I9d6R4cJe9+OF/PLI/fry79OF/v30//328tWB89RJ8c9p8c0u9eCf//7+9txs6sts5Mdr+++5+u2z/vrv+/fq6cFz8dBs8tA57cpq+OaU9uGs27Y8//799NdX/PbY9uB89unJ//z14sNf+emh+emk+vDc+uys9+OL8dJy89NH+eic8tN5+OaV+OWR9N2n9dtl9t529+KF9+GB9Nue9NdU8tR/9t5y89qW9dpj89iO89eG/vvu2pQ12Y4z/vzy2Ict/vvv48dr/vzz4sNg///+2Igty3PqwQAAAAF0Uk5TAEDm2GYAAACtSURBVBjTY2AgA2iYlJWVhfohBPg0yx38y92dS0pKVOVBAqIi6sb2vsWWpfrFeTI8QAEhYQEta28nCwM1OVleZqCAmKCEkUdwYWmhQnFeOStQgL9cySqkNNDHVJGbiY0FKCCuYuYSGRsV5KgjxcXIARRQNncNj09JTgqw0ZbkZAcK5LuFJaRmZqfHeNnpSucDBQoiEtOycnIz4qI9bfUKQA6pKKqAgqIKQyK8BgAZ5yfODmnHrQAAAABJRU5ErkJggg==);
}
#files .icon-text .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADoSURBVBgZBcExblNBGAbA2ceegTRBuIKOgiihSZNTcC5LUHAihNJR0kGKCDcYJY6D3/77MdOinTvzAgCw8ysThIvn/VojIyMjIyPP+bS1sUQIV2s95pBDDvmbP/mdkft83tpYguZq5Jh/OeaYh+yzy8hTHvNlaxNNczm+la9OTlar1UdA/+C2A4trRCnD3jS8BB1obq2Gk6GU6QbQAS4BUaYSQAf4bhhKKTFdAzrAOwAxEUAH+KEM01SY3gM6wBsEAQB0gJ+maZoC3gI6iPYaAIBJsiRmHU0AALOeFC3aK2cWAACUXe7+AwO0lc9eTHYTAAAAAElFTkSuQmCC);
}
#files .icon-default .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC4SURBVCjPdZFbDsIgEEWnrsMm7oGGfZrohxvU+Iq1TyjU60Bf1pac4Yc5YS4ZAtGWBMk/drQBOVwJlZrWYkLhsB8UV9K0BUrPGy9cWbng2CtEEUmLGppPjRwpbixUKHBiZRS0p+ZGhvs4irNEvWD8heHpbsyDXznPhYFOyTjJc13olIqzZCHBouE0FRMUjA+s1gTjaRgVFpqRwC8mfoXPPEVPS7LbRaJL2y7bOifRCTEli3U7BMWgLzKlW/CuebZPAAAAAElFTkSuQmCC);
}
</style>
<script>
function $(id){
var el = 'string' == typeof id
? document.getElementById(id)
: id;
el.on = function(event, fn){
if ('content loaded' == event) {
event = window.attachEvent ? "load" : "DOMContentLoaded";
}
el.addEventListener
? el.addEventListener(event, fn, false)
: el.attachEvent("on" + event, fn);
};
el.all = function(selector){
return $(el.querySelectorAll(selector));
};
el.each = function(fn){
for (var i = 0, len = el.length; i < len; ++i) {
fn($(el[i]), i);
}
};
el.getClasses = function(){
return this.getAttribute('class').split(/\s+/);
};
el.addClass = function(name){
var classes = this.getAttribute('class');
el.setAttribute('class', classes
? classes + ' ' + name
: name);
};
el.removeClass = function(name){
var classes = this.getClasses().filter(function(curr){
return curr != name;
});
this.setAttribute('class', classes.join(' '));
};
return el;
}
function search() {
var str = $('search').value.toLowerCase();
var links = $('files').all('a');
links.each(function(link){
var text = link.textContent.toLowerCase();
if ('..' == text) return;
if (str.length && ~text.indexOf(str)) {
link.addClass('highlight');
} else {
link.removeClass('highlight');
}
});
}
$(window).on('content loaded', function(){
$('search').on('keyup', search);
});
</script>
</head>
<body class="directory">
<input id="search" type="text" placeholder="Search" autocomplete="off" />
<div id="wrapper">
<h1><a href=".">~</a> / <a href="ftp">ftp</a></h1>
<ul id="files" class="view-tiles"><li><a href="ftp/quarantine" class="icon icon-directory" title="quarantine"><span class="name">quarantine</span><span class="size"></span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/acquisitions.md" class="icon icon icon-md icon-text" title="acquisitions.md"><span class="name">acquisitions.md</span><span class="size">928</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/announcement_encrypted.md" class="icon icon icon-md icon-text" title="announcement_encrypted.md"><span class="name">announcement_encrypted.md</span><span class="size">370431</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/coupons_2013.md.bak" class="icon icon icon-bak icon-default" title="coupons_2013.md.bak"><span class="name">coupons_2013.md.bak</span><span class="size">142</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/eastere.gg" class="icon icon icon-gg icon-default" title="eastere.gg"><span class="name">eastere.gg</span><span class="size">337</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/encrypt.pyc" class="icon icon icon-pyc icon-default" title="encrypt.pyc"><span class="name">encrypt.pyc</span><span class="size">573</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/incident-support.kdbx" class="icon icon icon-kdbx icon-default" title="incident-support.kdbx"><span class="name">incident-support.kdbx</span><span class="size">3246</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/legal.md" class="icon icon icon-md icon-text" title="legal.md"><span class="name">legal.md</span><span class="size">3100</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/package.json.bak" class="icon icon icon-bak icon-default" title="package.json.bak"><span class="name">package.json.bak</span><span class="size">4468</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="ftp/suspicious_errors.yml" class="icon icon icon-yml icon-text" title="suspicious_errors.yml"><span class="name">suspicious_errors.yml</span><span class="size">741</span><span class="date">19/12/2023 13:12:16</span></a></li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/ |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 280 bytes.
|
GET http://localhost:3000/ftp/ HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp/quarantine
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 338 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Content-Length: 11067
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:37 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 11,013 bytes.
|
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<title>listing directory /ftp/</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2, h3 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
h3 {
margin: 5px 0 10px 0;
padding-bottom: 5px;
border-bottom: 1px solid #eee;
font-size: 18px;
}
ul li {
list-style: none;
}
ul li:hover {
cursor: pointer;
color: #2e2e2e;
}
ul li .path {
padding-left: 5px;
font-weight: bold;
}
ul li .line {
padding-right: 5px;
font-style: italic;
}
ul li:first-child .path {
padding-left: 0;
}
p {
line-height: 1.5;
}
a {
color: #555;
text-decoration: none;
}
a:hover {
color: #303030;
}
#stacktrace {
margin-top: 15px;
}
.directory h1 {
margin-bottom: 15px;
font-size: 18px;
}
ul#files {
width: 100%;
height: 100%;
overflow: hidden;
}
ul#files li {
float: left;
width: 30%;
line-height: 25px;
margin: 1px;
}
ul#files li a {
display: block;
height: 25px;
border: 1px solid transparent;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
overflow: hidden;
white-space: nowrap;
}
ul#files li a:focus,
ul#files li a:hover {
background: rgba(255,255,255,0.65);
border: 1px solid #ececec;
}
ul#files li a.highlight {
-webkit-transition: background .4s ease-in-out;
background: #ffff4f;
border-color: #E9DC51;
}
#search {
display: block;
position: fixed;
top: 20px;
right: 20px;
width: 90px;
-webkit-transition: width ease 0.2s, opacity ease 0.4s;
-moz-transition: width ease 0.2s, opacity ease 0.4s;
-webkit-border-radius: 32px;
-moz-border-radius: 32px;
-webkit-box-shadow: inset 0px 0px 3px rgba(0, 0, 0, 0.25), inset 0px 1px 3px rgba(0, 0, 0, 0.7), 0px 1px 0px rgba(255, 255, 255, 0.03);
-moz-box-shadow: inset 0px 0px 3px rgba(0, 0, 0, 0.25), inset 0px 1px 3px rgba(0, 0, 0, 0.7), 0px 1px 0px rgba(255, 255, 255, 0.03);
-webkit-font-smoothing: antialiased;
text-align: left;
font: 13px "Helvetica Neue", Arial, sans-serif;
padding: 4px 10px;
border: none;
background: transparent;
margin-bottom: 0;
outline: none;
opacity: 0.7;
color: #888;
}
#search:focus {
width: 120px;
opacity: 1.0;
}
/*views*/
#files span {
display: inline-block;
overflow: hidden;
text-overflow: ellipsis;
text-indent: 10px;
}
#files .name {
background-repeat: no-repeat;
}
#files .icon .name {
text-indent: 28px;
}
/*tiles*/
.view-tiles .name {
width: 100%;
background-position: 8px 5px;
}
.view-tiles .size,
.view-tiles .date {
display: none;
}
/*details*/
ul#files.view-details li {
float: none;
display: block;
width: 90%;
}
ul#files.view-details li.header {
height: 25px;
background: #000;
color: #fff;
font-weight: bold;
}
.view-details .header {
border-radius: 5px;
}
.view-details .name {
width: 60%;
background-position: 8px 5px;
}
.view-details .size {
width: 10%;
}
.view-details .date {
width: 30%;
}
.view-details .size,
.view-details .date {
text-align: right;
direction: rtl;
}
/*mobile*/
@media (max-width: 768px) {
body {
font-size: 13px;
line-height: 16px;
padding: 0;
}
#search {
position: static;
width: 100%;
font-size: 2em;
line-height: 1.8em;
text-indent: 10px;
border: 0;
border-radius: 0;
padding: 10px 0;
margin: 0;
}
#search:focus {
width: 100%;
border: 0;
opacity: 1;
}
.directory h1 {
font-size: 2em;
line-height: 1.5em;
color: #fff;
background: #000;
padding: 15px 10px;
margin: 0;
}
ul#files {
border-top: 1px solid #cacaca;
}
ul#files li {
float: none;
width: auto !important;
display: block;
border-bottom: 1px solid #cacaca;
font-size: 2em;
line-height: 1.2em;
text-indent: 0;
margin: 0;
}
ul#files li:nth-child(odd) {
background: #e0e0e0;
}
ul#files li a {
height: auto;
border: 0;
border-radius: 0;
padding: 15px 10px;
}
ul#files li a:focus,
ul#files li a:hover {
border: 0;
}
#files .header,
#files .size,
#files .date {
display: none !important;
}
#files .name {
float: none;
display: inline-block;
width: 100%;
text-indent: 0;
background-position: 0 50%;
}
#files .icon .name {
text-indent: 41px;
}
}
#files .icon-directory .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAWtQTFRFAAAA/PPQ9Nhc2q402qQ12qs2/PTX2pg12p81+/LM89NE9dto2q82+/fp2rM22qY39d6U+/bo2qo2/frx/vz32q812qs12qE279SU8c4w9NZP+/LK//367s9y7s925cp0/vzw9t92//342po2/vz25s1579B6+OSO2bQ0/v799NyT8tE79dld8Msm+OrC/vzx79KA2IYs7s6I9d6R4cJe9+OF/PLI/fry79OF/v30//328tWB89RJ8c9p8c0u9eCf//7+9txs6sts5Mdr+++5+u2z/vrv+/fq6cFz8dBs8tA57cpq+OaU9uGs27Y8//799NdX/PbY9uB89unJ//z14sNf+emh+emk+vDc+uys9+OL8dJy89NH+eic8tN5+OaV+OWR9N2n9dtl9t529+KF9+GB9Nue9NdU8tR/9t5y89qW9dpj89iO89eG/vvu2pQ12Y4z/vzy2Ict/vvv48dr/vzz4sNg///+2Igty3PqwQAAAAF0Uk5TAEDm2GYAAACtSURBVBjTY2AgA2iYlJWVhfohBPg0yx38y92dS0pKVOVBAqIi6sb2vsWWpfrFeTI8QAEhYQEta28nCwM1OVleZqCAmKCEkUdwYWmhQnFeOStQgL9cySqkNNDHVJGbiY0FKCCuYuYSGRsV5KgjxcXIARRQNncNj09JTgqw0ZbkZAcK5LuFJaRmZqfHeNnpSucDBQoiEtOycnIz4qI9bfUKQA6pKKqAgqIKQyK8BgAZ5yfODmnHrQAAAABJRU5ErkJggg==);
}
#files .icon-text .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAADoSURBVBgZBcExblNBGAbA2ceegTRBuIKOgiihSZNTcC5LUHAihNJR0kGKCDcYJY6D3/77MdOinTvzAgCw8ysThIvn/VojIyMjIyPP+bS1sUQIV2s95pBDDvmbP/mdkft83tpYguZq5Jh/OeaYh+yzy8hTHvNlaxNNczm+la9OTlar1UdA/+C2A4trRCnD3jS8BB1obq2Gk6GU6QbQAS4BUaYSQAf4bhhKKTFdAzrAOwAxEUAH+KEM01SY3gM6wBsEAQB0gJ+maZoC3gI6iPYaAIBJsiRmHU0AALOeFC3aK2cWAACUXe7+AwO0lc9eTHYTAAAAAElFTkSuQmCC);
}
#files .icon-default .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC4SURBVCjPdZFbDsIgEEWnrsMm7oGGfZrohxvU+Iq1TyjU60Bf1pac4Yc5YS4ZAtGWBMk/drQBOVwJlZrWYkLhsB8UV9K0BUrPGy9cWbng2CtEEUmLGppPjRwpbixUKHBiZRS0p+ZGhvs4irNEvWD8heHpbsyDXznPhYFOyTjJc13olIqzZCHBouE0FRMUjA+s1gTjaRgVFpqRwC8mfoXPPEVPS7LbRaJL2y7bOifRCTEli3U7BMWgLzKlW/CuebZPAAAAAElFTkSuQmCC);
}
</style>
<script>
function $(id){
var el = 'string' == typeof id
? document.getElementById(id)
: id;
el.on = function(event, fn){
if ('content loaded' == event) {
event = window.attachEvent ? "load" : "DOMContentLoaded";
}
el.addEventListener
? el.addEventListener(event, fn, false)
: el.attachEvent("on" + event, fn);
};
el.all = function(selector){
return $(el.querySelectorAll(selector));
};
el.each = function(fn){
for (var i = 0, len = el.length; i < len; ++i) {
fn($(el[i]), i);
}
};
el.getClasses = function(){
return this.getAttribute('class').split(/\s+/);
};
el.addClass = function(name){
var classes = this.getAttribute('class');
el.setAttribute('class', classes
? classes + ' ' + name
: name);
};
el.removeClass = function(name){
var classes = this.getClasses().filter(function(curr){
return curr != name;
});
this.setAttribute('class', classes.join(' '));
};
return el;
}
function search() {
var str = $('search').value.toLowerCase();
var links = $('files').all('a');
links.each(function(link){
var text = link.textContent.toLowerCase();
if ('..' == text) return;
if (str.length && ~text.indexOf(str)) {
link.addClass('highlight');
} else {
link.removeClass('highlight');
}
});
}
$(window).on('content loaded', function(){
$('search').on('keyup', search);
});
</script>
</head>
<body class="directory">
<input id="search" type="text" placeholder="Search" autocomplete="off" />
<div id="wrapper">
<h1><a href=".">~</a> / <a href="">ftp</a> / </h1>
<ul id="files" class="view-tiles"><li><a href="quarantine" class="icon icon-directory" title="quarantine"><span class="name">quarantine</span><span class="size"></span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="acquisitions.md" class="icon icon icon-md icon-text" title="acquisitions.md"><span class="name">acquisitions.md</span><span class="size">928</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="announcement_encrypted.md" class="icon icon icon-md icon-text" title="announcement_encrypted.md"><span class="name">announcement_encrypted.md</span><span class="size">370431</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="coupons_2013.md.bak" class="icon icon icon-bak icon-default" title="coupons_2013.md.bak"><span class="name">coupons_2013.md.bak</span><span class="size">142</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="eastere.gg" class="icon icon icon-gg icon-default" title="eastere.gg"><span class="name">eastere.gg</span><span class="size">337</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="encrypt.pyc" class="icon icon icon-pyc icon-default" title="encrypt.pyc"><span class="name">encrypt.pyc</span><span class="size">573</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="incident-support.kdbx" class="icon icon icon-kdbx icon-default" title="incident-support.kdbx"><span class="name">incident-support.kdbx</span><span class="size">3246</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="legal.md" class="icon icon icon-md icon-text" title="legal.md"><span class="name">legal.md</span><span class="size">3100</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="package.json.bak" class="icon icon icon-bak icon-default" title="package.json.bak"><span class="name">package.json.bak</span><span class="size">4468</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="suspicious_errors.yml" class="icon icon icon-yml icon-text" title="suspicious_errors.yml"><span class="name">suspicious_errors.yml</span><span class="size">741</span><span class="date">19/12/2023 13:12:16</span></a></li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/.%5C.. |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 286 bytes.
|
GET http://localhost:3000/ftp/.%5C.. HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp/quarantine
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 344 bytes.
|
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:37 GMT
Connection: keep-alive
Keep-Alive: timeout=5
content-length: 3335
|
Response Body
- size: 3,335 bytes.
|
<html>
<head>
<meta charset='utf-8'>
<title>ForbiddenError: Forbidden</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>403</em> ForbiddenError: Forbidden</h2>
<ul id="stacktrace"><li> at C:\code\juice-shop_16.0.0\node_modules\serve-index\index.js:125:19</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:346:12)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at serveIndexMiddleware (C:\code\juice-shop_16.0.0\build\server.js:250:9)</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:346:12)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\build\lib\antiCheat.js:71:5</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:346:12)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:646:15</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:265:14)</li><li> at Function.handle (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:175:3)</li><li> at router (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:47:12)</li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/coupons_2013.md.bak |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 288 bytes.
|
GET http://localhost:3000/ftp/coupons_2013.md.bak HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 344 bytes.
|
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
content-length: 2076
|
Response Body
- size: 2,076 bytes.
|
<html>
<head>
<meta charset='utf-8'>
<title>Error: Only .md and .pdf files are allowed!</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>403</em> Error: Only .md and .pdf files are allowed!</h2>
<ul id="stacktrace"><li> at verify (C:\code\juice-shop_16.0.0\build\routes\fileServer.js:55:18)</li><li> at C:\code\juice-shop_16.0.0\build\routes\fileServer.js:39:13</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:365:14)</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:376:14)</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:421:3)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\node_modules\serve-index\index.js:145:39</li><li> at FSReqCallback.oncomplete (node:fs:205:5)</li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/eastere.gg |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 279 bytes.
|
GET http://localhost:3000/ftp/eastere.gg HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 344 bytes.
|
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
content-length: 2076
|
Response Body
- size: 2,076 bytes.
|
<html>
<head>
<meta charset='utf-8'>
<title>Error: Only .md and .pdf files are allowed!</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>403</em> Error: Only .md and .pdf files are allowed!</h2>
<ul id="stacktrace"><li> at verify (C:\code\juice-shop_16.0.0\build\routes\fileServer.js:55:18)</li><li> at C:\code\juice-shop_16.0.0\build\routes\fileServer.js:39:13</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:365:14)</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:376:14)</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:421:3)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\node_modules\serve-index\index.js:145:39</li><li> at FSReqCallback.oncomplete (node:fs:205:5)</li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/encrypt.pyc |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 280 bytes.
|
GET http://localhost:3000/ftp/encrypt.pyc HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 344 bytes.
|
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
content-length: 2076
|
Response Body
- size: 2,076 bytes.
|
<html>
<head>
<meta charset='utf-8'>
<title>Error: Only .md and .pdf files are allowed!</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>403</em> Error: Only .md and .pdf files are allowed!</h2>
<ul id="stacktrace"><li> at verify (C:\code\juice-shop_16.0.0\build\routes\fileServer.js:55:18)</li><li> at C:\code\juice-shop_16.0.0\build\routes\fileServer.js:39:13</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:365:14)</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:376:14)</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:421:3)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\node_modules\serve-index\index.js:145:39</li><li> at FSReqCallback.oncomplete (node:fs:205:5)</li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/package.json.bak |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 285 bytes.
|
GET http://localhost:3000/ftp/package.json.bak HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 344 bytes.
|
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
content-length: 2076
|
Response Body
- size: 2,076 bytes.
|
<html>
<head>
<meta charset='utf-8'>
<title>Error: Only .md and .pdf files are allowed!</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>403</em> Error: Only .md and .pdf files are allowed!</h2>
<ul id="stacktrace"><li> at verify (C:\code\juice-shop_16.0.0\build\routes\fileServer.js:55:18)</li><li> at C:\code\juice-shop_16.0.0\build\routes\fileServer.js:39:13</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:365:14)</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:376:14)</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:421:3)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\node_modules\serve-index\index.js:145:39</li><li> at FSReqCallback.oncomplete (node:fs:205:5)</li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/quarantine |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 279 bytes.
|
GET http://localhost:3000/ftp/quarantine HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 337 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Content-Length: 9612
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 9,584 bytes.
|
<!DOCTYPE html>
<html>
<head>
<meta charset='utf-8'>
<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
<title>listing directory /ftp/quarantine</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2, h3 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
h3 {
margin: 5px 0 10px 0;
padding-bottom: 5px;
border-bottom: 1px solid #eee;
font-size: 18px;
}
ul li {
list-style: none;
}
ul li:hover {
cursor: pointer;
color: #2e2e2e;
}
ul li .path {
padding-left: 5px;
font-weight: bold;
}
ul li .line {
padding-right: 5px;
font-style: italic;
}
ul li:first-child .path {
padding-left: 0;
}
p {
line-height: 1.5;
}
a {
color: #555;
text-decoration: none;
}
a:hover {
color: #303030;
}
#stacktrace {
margin-top: 15px;
}
.directory h1 {
margin-bottom: 15px;
font-size: 18px;
}
ul#files {
width: 100%;
height: 100%;
overflow: hidden;
}
ul#files li {
float: left;
width: 30%;
line-height: 25px;
margin: 1px;
}
ul#files li a {
display: block;
height: 25px;
border: 1px solid transparent;
-webkit-border-radius: 5px;
-moz-border-radius: 5px;
border-radius: 5px;
overflow: hidden;
white-space: nowrap;
}
ul#files li a:focus,
ul#files li a:hover {
background: rgba(255,255,255,0.65);
border: 1px solid #ececec;
}
ul#files li a.highlight {
-webkit-transition: background .4s ease-in-out;
background: #ffff4f;
border-color: #E9DC51;
}
#search {
display: block;
position: fixed;
top: 20px;
right: 20px;
width: 90px;
-webkit-transition: width ease 0.2s, opacity ease 0.4s;
-moz-transition: width ease 0.2s, opacity ease 0.4s;
-webkit-border-radius: 32px;
-moz-border-radius: 32px;
-webkit-box-shadow: inset 0px 0px 3px rgba(0, 0, 0, 0.25), inset 0px 1px 3px rgba(0, 0, 0, 0.7), 0px 1px 0px rgba(255, 255, 255, 0.03);
-moz-box-shadow: inset 0px 0px 3px rgba(0, 0, 0, 0.25), inset 0px 1px 3px rgba(0, 0, 0, 0.7), 0px 1px 0px rgba(255, 255, 255, 0.03);
-webkit-font-smoothing: antialiased;
text-align: left;
font: 13px "Helvetica Neue", Arial, sans-serif;
padding: 4px 10px;
border: none;
background: transparent;
margin-bottom: 0;
outline: none;
opacity: 0.7;
color: #888;
}
#search:focus {
width: 120px;
opacity: 1.0;
}
/*views*/
#files span {
display: inline-block;
overflow: hidden;
text-overflow: ellipsis;
text-indent: 10px;
}
#files .name {
background-repeat: no-repeat;
}
#files .icon .name {
text-indent: 28px;
}
/*tiles*/
.view-tiles .name {
width: 100%;
background-position: 8px 5px;
}
.view-tiles .size,
.view-tiles .date {
display: none;
}
/*details*/
ul#files.view-details li {
float: none;
display: block;
width: 90%;
}
ul#files.view-details li.header {
height: 25px;
background: #000;
color: #fff;
font-weight: bold;
}
.view-details .header {
border-radius: 5px;
}
.view-details .name {
width: 60%;
background-position: 8px 5px;
}
.view-details .size {
width: 10%;
}
.view-details .date {
width: 30%;
}
.view-details .size,
.view-details .date {
text-align: right;
direction: rtl;
}
/*mobile*/
@media (max-width: 768px) {
body {
font-size: 13px;
line-height: 16px;
padding: 0;
}
#search {
position: static;
width: 100%;
font-size: 2em;
line-height: 1.8em;
text-indent: 10px;
border: 0;
border-radius: 0;
padding: 10px 0;
margin: 0;
}
#search:focus {
width: 100%;
border: 0;
opacity: 1;
}
.directory h1 {
font-size: 2em;
line-height: 1.5em;
color: #fff;
background: #000;
padding: 15px 10px;
margin: 0;
}
ul#files {
border-top: 1px solid #cacaca;
}
ul#files li {
float: none;
width: auto !important;
display: block;
border-bottom: 1px solid #cacaca;
font-size: 2em;
line-height: 1.2em;
text-indent: 0;
margin: 0;
}
ul#files li:nth-child(odd) {
background: #e0e0e0;
}
ul#files li a {
height: auto;
border: 0;
border-radius: 0;
padding: 15px 10px;
}
ul#files li a:focus,
ul#files li a:hover {
border: 0;
}
#files .header,
#files .size,
#files .date {
display: none !important;
}
#files .name {
float: none;
display: inline-block;
width: 100%;
text-indent: 0;
background-position: 0 50%;
}
#files .icon .name {
text-indent: 41px;
}
}
#files .icon-directory .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAMAAAAoLQ9TAAAABGdBTUEAALGPC/xhBQAAAWtQTFRFAAAA/PPQ9Nhc2q402qQ12qs2/PTX2pg12p81+/LM89NE9dto2q82+/fp2rM22qY39d6U+/bo2qo2/frx/vz32q812qs12qE279SU8c4w9NZP+/LK//367s9y7s925cp0/vzw9t92//342po2/vz25s1579B6+OSO2bQ0/v799NyT8tE79dld8Msm+OrC/vzx79KA2IYs7s6I9d6R4cJe9+OF/PLI/fry79OF/v30//328tWB89RJ8c9p8c0u9eCf//7+9txs6sts5Mdr+++5+u2z/vrv+/fq6cFz8dBs8tA57cpq+OaU9uGs27Y8//799NdX/PbY9uB89unJ//z14sNf+emh+emk+vDc+uys9+OL8dJy89NH+eic8tN5+OaV+OWR9N2n9dtl9t529+KF9+GB9Nue9NdU8tR/9t5y89qW9dpj89iO89eG/vvu2pQ12Y4z/vzy2Ict/vvv48dr/vzz4sNg///+2Igty3PqwQAAAAF0Uk5TAEDm2GYAAACtSURBVBjTY2AgA2iYlJWVhfohBPg0yx38y92dS0pKVOVBAqIi6sb2vsWWpfrFeTI8QAEhYQEta28nCwM1OVleZqCAmKCEkUdwYWmhQnFeOStQgL9cySqkNNDHVJGbiY0FKCCuYuYSGRsV5KgjxcXIARRQNncNj09JTgqw0ZbkZAcK5LuFJaRmZqfHeNnpSucDBQoiEtOycnIz4qI9bfUKQA6pKKqAgqIKQyK8BgAZ5yfODmnHrQAAAABJRU5ErkJggg==);
}
#files .icon-default .name {
background-image: url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAQAAAC1+jfqAAAABGdBTUEAAK/INwWK6QAAABl0RVh0U29mdHdhcmUAQWRvYmUgSW1hZ2VSZWFkeXHJZTwAAAC4SURBVCjPdZFbDsIgEEWnrsMm7oGGfZrohxvU+Iq1TyjU60Bf1pac4Yc5YS4ZAtGWBMk/drQBOVwJlZrWYkLhsB8UV9K0BUrPGy9cWbng2CtEEUmLGppPjRwpbixUKHBiZRS0p+ZGhvs4irNEvWD8heHpbsyDXznPhYFOyTjJc13olIqzZCHBouE0FRMUjA+s1gTjaRgVFpqRwC8mfoXPPEVPS7LbRaJL2y7bOifRCTEli3U7BMWgLzKlW/CuebZPAAAAAElFTkSuQmCC);
}
</style>
<script>
function $(id){
var el = 'string' == typeof id
? document.getElementById(id)
: id;
el.on = function(event, fn){
if ('content loaded' == event) {
event = window.attachEvent ? "load" : "DOMContentLoaded";
}
el.addEventListener
? el.addEventListener(event, fn, false)
: el.attachEvent("on" + event, fn);
};
el.all = function(selector){
return $(el.querySelectorAll(selector));
};
el.each = function(fn){
for (var i = 0, len = el.length; i < len; ++i) {
fn($(el[i]), i);
}
};
el.getClasses = function(){
return this.getAttribute('class').split(/\s+/);
};
el.addClass = function(name){
var classes = this.getAttribute('class');
el.setAttribute('class', classes
? classes + ' ' + name
: name);
};
el.removeClass = function(name){
var classes = this.getClasses().filter(function(curr){
return curr != name;
});
this.setAttribute('class', classes.join(' '));
};
return el;
}
function search() {
var str = $('search').value.toLowerCase();
var links = $('files').all('a');
links.each(function(link){
var text = link.textContent.toLowerCase();
if ('..' == text) return;
if (str.length && ~text.indexOf(str)) {
link.addClass('highlight');
} else {
link.removeClass('highlight');
}
});
}
$(window).on('content loaded', function(){
$('search').on('keyup', search);
});
</script>
</head>
<body class="directory">
<input id="search" type="text" placeholder="Search" autocomplete="off" />
<div id="wrapper">
<h1><a href=".\..">~</a> / <a href=".">ftp</a> / <a href="quarantine">quarantine</a></h1>
<ul id="files" class="view-tiles"><li><a href="." class="icon icon-directory" title=".."><span class="name">..</span><span class="size"></span><span class="date"></span></a></li>
<li><a href="quarantine/juicy_malware_linux_amd_64.url" class="icon icon icon-url icon-default" title="juicy_malware_linux_amd_64.url"><span class="name">juicy_malware_linux_amd_64.url</span><span class="size">171</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="quarantine/juicy_malware_linux_arm_64.url" class="icon icon icon-url icon-default" title="juicy_malware_linux_arm_64.url"><span class="name">juicy_malware_linux_arm_64.url</span><span class="size">171</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="quarantine/juicy_malware_macos_64.url" class="icon icon icon-url icon-default" title="juicy_malware_macos_64.url"><span class="name">juicy_malware_macos_64.url</span><span class="size">167</span><span class="date">19/12/2023 13:12:16</span></a></li>
<li><a href="quarantine/juicy_malware_windows_64.exe.url" class="icon icon icon-url icon-default" title="juicy_malware_windows_64.exe.url"><span class="name">juicy_malware_windows_64.exe.url</span><span class="size">173</span><span class="date">19/12/2023 13:12:16</span></a></li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/ftp/suspicious_errors.yml |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 290 bytes.
|
GET http://localhost:3000/ftp/suspicious_errors.yml HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
referer: http://localhost:3000/ftp
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 344 bytes.
|
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:32 GMT
Connection: keep-alive
Keep-Alive: timeout=5
content-length: 2076
|
Response Body
- size: 2,076 bytes.
|
<html>
<head>
<meta charset='utf-8'>
<title>Error: Only .md and .pdf files are allowed!</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>403</em> Error: Only .md and .pdf files are allowed!</h2>
<ul id="stacktrace"><li> at verify (C:\code\juice-shop_16.0.0\build\routes\fileServer.js:55:18)</li><li> at C:\code\juice-shop_16.0.0\build\routes\fileServer.js:39:13</li><li> at Layer.handle [as handle_request] (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\layer.js:95:5)</li><li> at trim_prefix (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:328:13)</li><li> at C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:286:9</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:365:14)</li><li> at param (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:376:14)</li><li> at Function.process_params (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:421:3)</li><li> at next (C:\code\juice-shop_16.0.0\node_modules\express\lib\router\index.js:280:10)</li><li> at C:\code\juice-shop_16.0.0\node_modules\serve-index\index.js:145:39</li><li> at FSReqCallback.oncomplete (node:fs:205:5)</li></ul>
</div>
</body>
</html>
|
URL |
http://localhost:3000/sitemap.xml |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 240 bytes.
|
GET http://localhost:3000/sitemap.xml HTTP/1.1
host: localhost:3000
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36
pragma: no-cache
cache-control: no-cache
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 466 bytes.
|
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
X-Recruiting: /#/jobs
Accept-Ranges: bytes
Cache-Control: public, max-age=0
Last-Modified: Fri, 03 May 2024 09:12:31 GMT
ETag: W/"ea4-18f3dba02fa"
Content-Type: text/html; charset=UTF-8
Content-Length: 3748
Vary: Accept-Encoding
Date: Fri, 03 May 2024 13:57:27 GMT
Connection: keep-alive
Keep-Alive: timeout=5
|
Response Body
- size: 3,748 bytes.
|
<!--
~ Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
~ SPDX-License-Identifier: MIT
--><!DOCTYPE html><html lang="en"><head>
<meta charset="utf-8">
<title>OWASP Juice Shop</title>
<meta name="description" content="Probably the most modern and sophisticated insecure web application">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link id="favicon" rel="icon" type="image/x-icon" href="assets/public/favicon_js.ico">
<link rel="stylesheet" type="text/css" href="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.css">
<script src="//cdnjs.cloudflare.com/ajax/libs/cookieconsent2/3.1.0/cookieconsent.min.js"></script>
<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.4/jquery.min.js"></script>
<script>
window.addEventListener("load", function(){
window.cookieconsent.initialise({
"palette": {
"popup": { "background": "var(--theme-primary)", "text": "var(--theme-text)" },
"button": { "background": "var(--theme-accent)", "text": "var(--theme-text)" }
},
"theme": "classic",
"position": "bottom-right",
"content": { "message": "This website uses fruit cookies to ensure you get the juiciest tracking experience.", "dismiss": "Me want it!", "link": "But me wait!", "href": "https://www.youtube.com/watch?v=9PnbKL3wuH4" }
})});
</script>
<style>.bluegrey-lightgreen-theme{--theme-primary:#546e7a;--theme-primary-lighter:#607e8c;--theme-primary-light:#698998;--theme-primary-darker:#485e68;--theme-primary-dark:#3f535c;--theme-primary-fade-10:rgba(84, 110, 122, .9);--theme-primary-fade-20:rgba(84, 110, 122, .8);--theme-primary-fade-30:rgba(84, 110, 122, .7);--theme-primary-fade-40:rgba(84, 110, 122, .6);--theme-primary-fade-50:rgba(84, 110, 122, .5);--theme-accent:#689f38;--theme-accent-lighter:#77b640;--theme-accent-light:#81bf4b;--theme-accent-darker:#598830;--theme-accent-dark:#4f792b;--theme-accent-fade-10:rgba(104, 159, 56, .9);--theme-accent-fade-20:rgba(104, 159, 56, .8);--theme-accent-fade-30:rgba(104, 159, 56, .7);--theme-accent-fade-40:rgba(104, 159, 56, .6);--theme-accent-fade-50:rgba(104, 159, 56, .5);--theme-warn:#ff5722;--theme-warn-lighter:#ff6e41;--theme-warn-light:#ff7e55;--theme-warn-darker:#ff4003;--theme-warn-dark:#ee3900;--theme-warn-fade-10:rgba(255, 87, 34, .9);--theme-warn-fade-20:rgba(255, 87, 34, .8);--theme-warn-fade-30:rgba(255, 87, 34, .7);--theme-warn-fade-40:rgba(255, 87, 34, .6);--theme-warn-fade-50:rgba(255, 87, 34, .5);--theme-text:white;--theme-text-lighter:white;--theme-text-light:white;--theme-text-darker:#e6e6e6;--theme-text-dark:#bfbfbf;--theme-text-fade-10:rgba(255, 255, 255, .9);--theme-text-fade-20:rgba(255, 255, 255, .8);--theme-text-fade-30:rgba(255, 255, 255, .7);--theme-text-fade-40:rgba(255, 255, 255, .6);--theme-text-fade-50:rgba(255, 255, 255, .5);--theme-text-invert-15:#d9d9d9;--theme-text-invert-30:#b3b3b3;--theme-background:#424242;--theme-background-lighter:#515151;--theme-background-light:#5c5c5c;--theme-background-darker:#333333;--theme-background-dark:#292929;--theme-background-darkest:#1e1e1e}.bluegrey-lightgreen-theme.mat-app-background{background-color:#303030;color:#fff}@media screen and (-webkit-min-device-pixel-ratio:0){}</style><link rel="stylesheet" href="styles.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.css"></noscript></head>
<body class="mat-app-background bluegrey-lightgreen-theme">
<app-root></app-root>
<script src="runtime.js" type="module"></script><script src="polyfills.js" type="module"></script><script src="vendor.js" type="module"></script><script src="main.js" type="module"></script>
</body></html>
|
URL |
https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAGE_VISIBILITY |
Method |
GET |
Parameter |
|
Attack |
|
Evidence |
|
|
|
Request Header
- size: 482 bytes.
|
GET https://optimizationguide-pa.googleapis.com/downloads?name=1673999601&target=OPTIMIZATION_TARGET_PAGE_VISIBILITY HTTP/1.1
host: optimizationguide-pa.googleapis.com
Connection: keep-alive
X-Goog-Api-Key: AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Accept-Language: en-US,en;q=0.9
|
Request Body
- size: 0 bytes.
|
|
Response Header
- size: 457 bytes.
|
HTTP/1.1 200 OK
Vary: X-Goog-Api-Key
Cache-Control: public, max-age=86400
Date: Fri, 03 May 2024 14:14:01 GMT
Expires: Sat, 04 May 2024 14:14:01 GMT
Accept-Ranges: bytes
X-GUploader-UploadID: ABPtcPqMZVW_uf_dP1AYOmcY5jTJQQ-Q51apVFL3Qx5QRzSv8N7mSc8H3vAOnuLBzYgWEUlbTyOFOiqmVw
X-Goog-Hash: crc32c=phKVxw==
Content-Length: 883094
Server: UploadServer
Content-Type: text/html; charset=UTF-8
Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
|
Response Body
- size: 883,094 bytes.
|
Cr24 E �
�0�"0
*�H��
� 0�
� �:2�W�))���I��5_U(I7nzԂ��2[�;�H�ǦS��٨/���nb%Yx�6�]i�����u���PDF�iLJK�?��l����R��|���j�C
�j!%'�s��[�"�
�Gy�
�=l).�=�l\���4蠕�Q!$e�=���C�1�%d��B�ݖK�[�l,�����7�� �y�$7J�G&TT��W�-=jgs[���&�@/гj$���+��yk|l^��Km)\Yx��}OCXf�� ��A5s7�8�o����L�(p[��^e�Ȃ���㟪?&X�
:~,�)��C�nʯ��Hh�����<�N�0.����woa6��'&y����tHƔ�*7@�a�t�����F�YQU�����<�����m!.^�#f�'F"��lt�97U3f��WM˦�]Lw���)�x��)��Hy Z���l�a�)J~'�y�o�NS�#�,6D�9UMW�l>
pa�WG䍇^�L,��B���"p�Y� ĸ��<��� �y�x�2LP�n9O�y�$M��f�J��
�E��/�b�Ü=1n�9ʛ&Z��A�h&1� �'|��{f�h��/@�����6}L��^�kk9�i��T�0��0�-:�N�\�O�J�պ�y��րt&�Z�]����-�%J%���! o���jG �7�p���!=K��A"�ː�Μ�/�����j=Sv���$���t��.������*6��.�I٘�$1�q��5�*�H����w�wDs�;���*��Գ@�9�j��44&�<���5�7�� ��������:<y�:����9V;�*���O���c�q]fC�3�_�f�����`,%oO��ч�� �[&L͢��$��xD�Ru����a�>IB���l�d���J���r��`����I�Rn\-_%-�#0��b]d�~4��x;�*���[�g�Ɗ�a#�?9݀���d@1�@G�+ɤ�=��t�r���YdaO0#@��(���W־ ˘u��?F�Rn��
0xE:?�Җ*��PK �~1V
model-info.pb����r�<6%F& |