Juice-shop: Buffer Overflow Challenge

Created on 20 Mar 2019  路  9Comments  路  Source: bkimminich/juice-shop

A buffer overflow challenge in the coupon code field of the juice-shop. It can be implemented in the following way:
When a user enters a string of longer than a specified length(say 40 chars), the user gets a discount of 20%.

Although, to demonstrate this the restriction on the length in the front-end(presently 10 digits) would need to be removed or a user can do request tempering?
Please let me know of your suggestions.
@bkimminich @J12934 @CaptainFreak

challenge wontfix

All 9 comments

I doubt that this is actually a web vulnerability. If it is a valid vulnerability scenario please provide reference.

I would suggest to keep following things in mind when looking forward to contributing new challenges to Juice-shop :

  1. The challenge should be around feature which is relevant to Juice-shop's E-commerce domain.

  2. The Challenge and the vulnerability involved should actually teach the hackers to detect bugs in JavaScript based web application.Like for example, the hacker should learn the mindset of not using common vectors while attacking Angular apps for XSS. Which juice shop is doing perfectly.

  3. The Challenge should not be too much fictional.

Please always consider above things as Juice-shop aims to be a completely legit e-commerce app.

In the above proposed challenge, In my opinion the new learners will get mis leaded as upon real testing scenarios they will put long strings in any coupon code forms which will never lead to any kind of vulnerability detection.

Please let me know any supporting material you have for this issue.

@CaptainFreak I might steal your "3 challenge commandments" and put them into the contributor's guide... :+1:

Hi @CaptainFreak @bkimminich Actually the buffer overflows are quite common in applications using servers other than NodeJS.
References: https://www.dummies.com/programming/networking/buffer-overflow-hacks-in-web-applications/
https://www.owasp.org/index.php/Buffer_Overflows
Although I too doubt of it's existence in _JavaScript_ based applications. Please let me know of your views.
Thank You!!

Agreed, but they're not randomly giving 20% discounts for no reason, right? 馃槈

I'm fine having a BO challenge, but it needs to be _real_ and probably needs a sandbox like the XXE/RCE.

We also know clearly about Buffer Overflows situations on server side. But as you mentioned yourself, JavaScript context is what we are concerned about.

Don't even bother about Juice-shop scenario, I will look into that. Just come up with valid implementation of Buffer overflow bug in Juice Shop's server side and we will be happy for it. But I would suggest to invest time in looking for other opportunities of improvements.

Agreed, but they're not randomly giving 20% discounts for no reason, right? 馃槈

I'm fine having a BO challenge, but it needs to be _real_ and probably needs a sandbox like the XXE/RCE.

True. I should have thought properly.馃槙
Next, time I will come up with something more concrete馃槑

We also know clearly about Buffer Overflows situations on server side. But as you mentioned yourself, JavaScript context is what we are concerned about.

Don't even bother about Juice-shop scenario, I will look into that. Just come up with valid implementation of Buffer overflow bug in Juice Shop's server side and we will be happy for it. But I would suggest to invest time in looking for other opportunities of improvements.

Yeah Sure. I will take your inputs and try to come up with better implementation and opportunities.
Thank You馃檪

This thread has been automatically locked because it has not had recent activity after it was closed. :lock: Please open a new issue for regressions or related bugs.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

kingthorin picture kingthorin  路  4Comments

GraoMelo picture GraoMelo  路  7Comments

inkz picture inkz  路  4Comments

cnotin picture cnotin  路  5Comments

teodor440 picture teodor440  路  6Comments