OWASP juice-shop #2

Picking up where we left off, we have gained admin access. What can we do with admin. Checking the side menu! Oh there are new options to choose from!

>Login as Admin
>Check Side bar

(Okay, if you have been following along this far screenshots are really a pain to add. I'll probably add images later.)

Let's go down the sidebar list! First link, 'Customer Feedback'.

>Click 'Customer Feedback'.

Lets leave some feedback! 5 Stars! -- Okay. Now lets check Burp.
Found url entry /api/Feedbacks/ with a 201 status code. 201=Created. Lets try changing the rating from 5 to 6? Successful. Entry was created. What happens if we enter a rating of 0. Successful. Entry was created. Went back to home page!
>Entered comment Hello this is a test!
>Adjust rating slider to 5.
>Answer Captcha and Submit
>Access Burp HTTP history
>Located /api/Feebacks/
>Adjusted Request 'rating":5' to 'rating":0'

You successfully solved a challenge: Zero Stars (Give a devastating zero-star feedback to the store.)

Contact

Reach out with questions or feedback anytime.

Email

Phone

me@tdashadow.com

+1-555-0199

© 2025. All rights reserved.