Fun with SQLi
Now that we have everything set up, let's move forward and do some pentesting on the vulnerable web application, Juice Shop. If you need a refresher on what SQLi is and how it works, please review Chapter 5, Understanding Vulnerable RDS Services.
Before we can begin, we need to make sure of a couple of things:
- Our EC2 instance with Juice Shop is started and accessible via a web browser. This will ensure that we can access it for the following exercises.
- Our local Kali Linux virtual machine is started up in a virtual box.
Once you have completed both of those steps, proceed to the public DNS of your Juice Shop EC2 instance. Next, let's move to the scoreboard to see what challenges are on the web application.
Move to the directory in your web browser: http://<<public dns>>/#/score-board/:
Figure 6.11 – The Juice Shop scoreboard
Important note
Finding /score-board is a challenge within the...
