Skip to content

Commit

Permalink
Merge branch 'develop'
Browse files Browse the repository at this point in the history
  • Loading branch information
@bkimminich
bkimminich committed Aug 5, 2024
2 parents 81a18e1 + c39ff32 commit bbb2ece
Show file tree
Hide file tree
Showing 4 changed files with 12 additions and 12 deletions.
Binary file added docs/modules/ROOT/assets/images/appendix/npm_ngx-cookie.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file added docs/modules/ROOT/assets/images/appendix/npm_ngy-cookie.png
View file
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
18 changes: 9 additions & 9 deletions docs/modules/ROOT/pages/appendix/solutions.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2343,22 +2343,22 @@ solve this challenge
. Request http://localhost:3000/3rdpartylicenses.txt to retrieve the
3rd party license list generated by Angular CLI by default
. Combing through the list of modules you will come across
`anuglar2-qrcode` which openly reveals its intent on
https://www.npmjs.com/package/anuglar2-qrcode
`ngy-cookie` which openly reveals its intent on
https://www.npmjs.com/package/ngy-cookie
+
image::appendix/npm_anuglar2-qrcode.png[anuglar2-qrcode on NPM]
image::appendix/npm_ngy-cookie.png[ngy-cookie on NPM]

. Visit http://localhost:3000/#/contact
. Submit your feedback with `anuglar2-qrcode` in the comment to solve
. Submit your feedback with `ngy-cookie` in the comment to solve
this challenge

You can probably imagine that the typosquatted `anuglar2-qrcode` would
You can probably imagine that the typosquatted `ngy-cookie` would
be _a lot harder_ to distinguish from the original repository
`ngx-bar-rating`, if it where not marked with the _THIS IS *NOT* THE
`ngx-cookie`, if it where not marked with the _THIS IS *NOT* THE
MODULE YOU ARE LOOKING FOR!_-warning at the very top. Below you can see
the original `ngx-bar-rating` module page on NPM:
the original `ngx-cookie` module page on NPM:

image::appendix/npm_angular2-qrcode.png[angular2-qrcode on NPM]
image::appendix/npm_ngx-cookie.png[ngx-cookie on NPM]

=== Give the server something to chew on for quite a while

Expand Down Expand Up @@ -3057,4 +3057,4 @@ solution should trigger accordingly.
+
image::appendix/web3-wallet.png[Sample Contract]
. Compile and Deploy the contract on the Sepolia testnet.
. Execute the attack function by depositing some ETH which successfully exploits the wallet.
. Execute the attack function by depositing some ETH which successfully exploits the wallet.
6 changes: 3 additions & 3 deletions docs/modules/ROOT/pages/attributes.adoc
View file
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
:ctfdVersion: 3.6 or higher
:is_ctf: 0
:rtbVersion: 3.3 or higher
:juiceShopVersion: v17.0.0
:juiceShopVersion: v17.1.0
:juiceShopCtfVersion: v10.0.1
:multiJuicerVersion: v7.1.0
:multiJuicerVersion: v7.2.2
:juiceShopNumberOfChallenges: 107
:nodeVersions: 18.x, 20.x (except 20.6.0 due to a bug) and 21.x
:nodeVersions: 18.x, 20.x, 21.x and 22.x
:recommendedNodeVersion: 20.x
:backupSchemaVersion: 1
:maxNodeVersionWithXmlBinaries: 20.x

0 comments on commit bbb2ece

Please sign in to comment.