Generated: 2026-06-30 12:36:26 UTC | Tool: Strix v1.0.4 | Model: GLM-5.2 (ollama-cloud)
A comprehensive black-box security assessment was performed against OWASP Juice Shop v20.1.1 hosted at http://host.docker.internal:3000. The assessment identified 26 confirmed vulnerabilities across 7 vulnerability classes, including 5 critical-severity findings that enable complete authentication bypass, database exfiltration, and administrative account takeover.
The most severe issues: SQL injection in the login endpoint allowing password-free admin access; UNION-based SQL injection in product search enabling full database extraction (all 29 user accounts with MD5 password hashes); JWT algorithm confusion and alg=none attacks allowing forged admin tokens; and mass assignment on user registration creating admin accounts. Multiple high-severity IDOR vulnerabilities allow any authenticated user to read other users' baskets, checkout on their behalf, delete their feedback, and access all user profiles and complaints.
The application's security posture is critically weak. Authentication, authorization, input validation, and output encoding controls are systematically broken across the API surface. An unauthenticated attacker can extract the entire database or gain admin access within minutes. Authenticated low-privilege users can compromise other accounts, manipulate financial transactions, and abuse race conditions for fraud.
No SSRF, XXE, RCE, or SSTI vulnerabilities were found in this version, indicating some server-side controls have been improved in recent releases.
| # | Severity | Vulnerability | CWE | CVSS | Endpoint |
|---|---|---|---|---|---|
| 1 | Critical | SQL Injection in Login | CWE-89 | 9.8 | POST /rest/user/login |
| 2 | Critical | UNION-based SQLi in Product Search | CWE-89 | 9.8 | GET /rest/products/search |
| 3 | Critical | JWT alg=none Auth Bypass | CWE-347 | 9.8 | All protected endpoints |
| 4 | Critical | JWT RS256 to HS256 Algorithm Confusion | CWE-347 | 9.8 | /encryptionkeys/jwt.pub |
| 5 | Critical | Mass Assignment Privilege Escalation | CWE-915 | 9.8 | POST /api/Users |
| 6 | High | DOM-based XSS in Search | CWE-79 | 8.9 | GET /search?q= |
| 7 | High | Stored XSS via Product Reviews + Data Export | CWE-79 | 7.1 | PUT /rest/products/{id}/reviews |
| 8 | High | Sensitive File Disclosure via Null Byte Bypass | CWE-22 | 8.2 | GET /ftp/ |
| 9 | High | Unauthenticated Configuration Disclosure | CWE-200 | 7.5 | GET /rest/admin/application-configuration |
| 10 | High | Race Condition on Basket Checkout | CWE-362 | 7.1 | POST /rest/basket/{id}/checkout |
| 11 | Medium | IDOR on Basket Read | CWE-639 | 8.1 | GET /rest/basket/{id} |
| 12 | Medium | IDOR on Feedback Deletion | CWE-639 | 8.1 | DELETE /api/Feedbacks/{id} |
| 13 | Medium | IDOR on Basket Checkout | CWE-639 | 6.5 | POST /rest/basket/{id}/checkout |
| 14 | Medium | BFLA on User Listing | CWE-639 | 6.5 | GET /api/Users |
| 15 | Medium | IDOR on User Profile Access | CWE-639 | 6.5 | GET /api/Users/{id} |
| 16 | Medium | IDOR on Basket Item Deletion | CWE-639 | 6.5 | DELETE /api/BasketItems/{id} |
| 17 | Medium | Negative Basket Quantity Checkout | CWE-20 | 6.5 | POST /api/BasketItems |
| 18 | Medium | IDOR on Complaints Read | CWE-639 | 4.3 | GET /api/Complaints |
| 19 | Medium | BFLA on Inventory Access | CWE-639 | 4.3 | GET /api/Quantitys |
| 20 | Medium | Unauthenticated Review Submission | CWE-306 | 5.3 | PUT /rest/products/{id}/reviews |
| 21 | Medium | Mass Assignment in Recycle API | CWE-915 | 4.3 | POST /api/Recycles |
| 22 | Medium | Zero-Quantity Basket Checkout | CWE-20 | 4.3 | POST /rest/basket/{id}/checkout |
| 23 | Medium | Verbose Error Messages | CWE-209 | 5.3 | All error responses |
| 24 | Medium | Prometheus Metrics and Swagger UI Exposure | CWE-200 | 5.3 | /metrics, /api-docs/ |
| 25 | Medium | JWT Contains Password Hash | CWE-522 | 7.5 | All JWT tokens |
| 26 | Medium | Exposed /ftp/ Directory | CWE-538 | 5.3 | GET /ftp/ |
Endpoint: POST /rest/user/login
The login endpoint accepts SQL injection in the email field. The backend constructs raw SQL queries without parameterization. Payload bypasses password verification and returns a valid admin JWT token.
Endpoint: GET /rest/products/search?q=
UNION-based injection extracts the complete database: all 29 user accounts with MD5 password hashes, full schema (22 tables), and SQLite version info.
Library: express-jwt 0.1.3 (outdated)
The outdated JWT library accepts tokens with {"alg":"none"} and no signature. Forged tokens with admin claims grant full administrative access to all protected endpoints.
Endpoint: /encryptionkeys/jwt.pub (RSA public key exposed)
The RSA public key can be used as an HMAC secret to forge valid HS256 tokens. The server accepts these forged tokens as legitimate, enabling impersonation of any user including admin.
Endpoint: POST /api/Users (registration)
The registration endpoint accepts a "role" field in the JSON body. Setting "role":"admin" during registration creates a user with administrative privileges, bypassing the intended customer-only default role.
Angular frontend calls bypassSecurityTrustHtml() on the URL query parameter q, rendering it via [innerHTML]. No authentication required.
Product reviews stored without HTML sanitization. Data export feature uses document.write() to render user data, causing stored XSS payloads in reviews to execute. Requires authentication.
The /ftp/ endpoint restricts file access to .md/.pdf extensions, but double-encoded null bytes bypass the filter. Confirmed retrieval of package.json.bak, suspicious_errors.yml, KeePass database, and Python bytecode.
GET /rest/admin/application-configuration returns 23KB of sensitive configuration without authentication, including OAuth client IDs, chatbot model details, challenge solutions, and internal server settings.
POST /rest/basket/{id}/checkout has no concurrency control. 20 concurrent requests on the same basket all succeeded, creating 20 duplicate orders from a single item.
Any user can read other users' baskets via GET /rest/basket/{id}. No ownership verification.
Any user can delete other users' feedback via DELETE /api/Feedbacks/{id}. No ownership check.
Any user can checkout other users' baskets via POST /rest/basket/{id}/checkout.
Regular users can list all users including admin emails via GET /api/Users. Broken Function Level Authorization.
Any user can access other user profiles via GET /api/Users/{id}.
No ownership check on basket item deletion via DELETE /api/BasketItems/{id}.
Negative quantities accepted, resulting in negative order totals. No server-side validation.
Any user can read all complaints via GET /api/Complaints.
Inventory data accessible to customers via GET /api/Quantitys.
Reviews accepted without authentication via PUT /rest/products/{id}/reviews.
POST /api/Recycles accepts UserId, negative quantities, and arbitrary IDs via mass assignment.
Checkout succeeds with 0 items in basket. No validation for minimum basket contents.
Stack traces leak filesystem paths, Express/SQLite versions in error responses.
/metrics and /api-docs/ endpoints publicly accessible without authentication.
MD5 password hash and TOTP secret embedded in JWT payload. Token leakage exposes credential material.
Confidential business documents publicly served via GET /ftp/ directory listing.
Seven specialized testing agents were deployed in parallel, each focusing on a specific vulnerability class:
Login, search, basket, product endpoints. Manual payload crafting + sqlmap. Error-based, boolean-based, and UNION-based injection.
Login bypass, token forgery, algorithm confusion, password hashing. JWT manipulation with jwt_tool and custom scripts.
Basket, user, admin, feedback, complaint endpoints. Ownership and role verification testing.
Search, reviews, feedback, chatbot, file upload, DOM analysis. Browser-based verification via agent-browser.
FTP directory, sensitive files, error messages, metrics. Null byte encoding bypass testing.
Basket manipulation, checkout, reviews, recycle, concurrency. Async testing with asyncio/aiohttp.
Profile image, B2B orders, XML parsing, command injection, SSTI. OAST via interactsh for blind confirmation.
curl sqlmap jwt_tool Python (asyncio/aiohttp) agent-browser interactsh-client custom exploit scripts