★★★★ Legacy Typosquatting (Vulnerable Components)

Поделиться
HTML-код
  • Опубликовано: 21 авг 2024
  • Inform the shop about a typosquatting trick it has been a victim of at least in v6.2.0-SNAPSHOT. (Mention the exact name of the culprit)
    🤴 Credits to Bjoern Kimminich for providing this excellent vulnerable web app. Download here: github.com/bki...
    📃 This video is part of the OWASP Juice Shop solutions & walkthrough playlist ( • ★ Zero Stars (Improper... .
    📓 Make sure to check out all the other videos in this playlist as well to get a full tutorial.
    💡 If you have any questions or want to request a new video about a special topic, feel free to leave me a comment. You can also contact me on all of my social medias below.
    💖 I need your help. Subscribe to this channel, link and retweet my videos and share them with your friends. This going to help make this project more sustainable in the long-run.
    👕 If you fancy some swag, make sure to check out teespring.com/...
    💙 Last but not least: Subscribe to my Twitter channels / hacksplained & / pascalsec , and support me on Patreon / hacksplained or www.buymeacoff...

Комментарии • 8

  •  3 года назад +3

    Another great video, thanks mate! One thing worth noticing: The typosquatted library is a full copy of the entire original repo with all commits and everything. Without that banner it would be really hard to distinguish from the original. The small number of dependents and low monthly downloads are a bit of a red flag if you expect a popular module. So, better double check what you're depending on, folks! 😉👍

    • @Hacksplained
      @Hacksplained  3 года назад +1

      Thanks Björn for adding this piece of information over here! I could have pointed this out a little more, yeap.
      It's just too easy anyway to fall for any sort of typosquatting.

  • @sujith6323
    @sujith6323 3 года назад +1

    ❤️

  • @cloufish7790
    @cloufish7790 3 года назад +2

    first

  • @unusedchannelgotomyaboutpa2007
    @unusedchannelgotomyaboutpa2007 3 года назад

    turns out a popular typosquatting site "facebok.com" now leads to the actual facebook :D

    • @Hacksplained
      @Hacksplained  3 года назад

      If you are as big as facebook, it makes a lot of sense to buy up all domains that sound similar!! Good move by them!