This course puts into practice a lot of the concepts we've covered so far. We'll be using a vulnerable website called Juice Shop to solve a variety of challenges. This will give us opportunity to practice what we have learned so far, and also learn about new techniques and new vulnerabilities as well, such as XX vulnerabilities.
Hi, within this lecture we're going to continue working on our scoreboard. So, while we have solved three, actually, we have solved two but Burp Suite I believe solved one of them for us. Now I'm going to focus on this one. As you can see there are kind of weird things as well like it says that "Follow the DRY principle while registering a user". So, it gives us a hint, so it has to do something with the registering user but we cannot understand what this is at first glance, right? So, what is DRY principle? Maybe you have never heard of it before. So, it has to be something to do with the registering a user. So, maybe we can just go along and try registering a user and find a bug here, there, right? So, let's try this. Now I'm going to say "Not yet a customer?" so it can lead us to the registry page. Here we go. It says that we have to give an email and password and repeat the password and security questions and stuff. So, this is not actually hacking into something, it's kind of a finding a misconfiguration, I believe. And we're going to do what we have to do when we start web pentesting, okay? I'm just going to try to give an email or I'm just going to skip giving an email and see what happens. For example, if I write an email over here. If I come back, it says that your email address is not valid. So, it's trying to find a regex, a regular expression and it's trying to see if this is actually an email or not which is very good. So, I'm going to say atil@test.com and for the password, I'm going to give 123456, okay? So, here we go. The password should be 5-20 characters long and mine is so, so it's good. And for the repeat password, if you write something like maybe the same thing or the not the same thing, 12345, it gives us an error, right? So, it says that passwords do not match which is very good again for security purposes. So, I'm going to give 123456 here as well and there is nothing wrong with my registry page. So, I'm going to choose a random security question over here like grandmother's first name. I'm just going to give something random over here, okay? I'm going to give tests and everything seems to be fine and the register button is activated at this point as you can see, I can just register right now. But let's do this, let's come back to password and just change one of these things, okay? So, I gave 12345 the password and the reset password is 123456. So, it doesn't give me any error as you can see, so there is something wrong with this registration page. Now I can hit the 'Register' and it doesn't even control it and it lets me register. And as you can see we saw the challenge, repeat the registration. So, what is wrong here? So, it doesn't actually control this afterwards. So, if I come over here and try atil@test.com and give some password like 12345 then I can log in. So, it didn't even count the 123456 password over there. So, this is repetitive registration and what does it have to do with DRY principle, right? What is DRY principle and why is this an issue? So, DRY principle actually is a term that we use in software. So, if you come over here to google.com and if you actually studied something like software engineering maybe you have heard this before and maybe if you didn't then it's good to know about this. So, if you just search for DRY principle software, it's actually short for Don't Repeat Yourself, okay? It's a term that we use in software development and as you can see it aims to reduce the software patterns that you reuse repetitively in a code so you're going to have to encapsulate this or refactor this in a way that it doesn't repeat itself, and there is an opposition of that, it's called WET and it says Write Everything Twice or two times, okay, of course we don't follow, Write Everything Twice in general software development, we try to stick to the DRY but sometimes there is misconfigurations and like a flaw in a software development environment like that, so that you can actually exploit this and bypass some filters. So, in this case it controls, there is a password, the second password, the confirmation password. But if you change the first one after that, it doesn't actually control it. So, that's the misconfiguration it wanted us to find out and we found out that thing. So, again, it's not a regular vulnerability that we have seen before but it's a good idea to test all of these things before you start pentesting because it might actually help the developers to develop a safer place, a safer web application and it might get you rewards and bug bounties as well. So, we're going to stop here and continue with the next one.
Atil is an instructor at Bogazici University, where he graduated back in 2010. He is also co-founder of Academy Club, which provides training, and Pera Games, which operates in the mobile gaming industry.