This is a deliberately vulnerable web application designed for testing web vulnerability scanners. Put your scanner to the test!

VULNERABILITIES

Gin & Juice Shop is packed with vulnerabilities, ready to put any web vulnerability scanner to the test. To help you evaluate, we've also listed notable difficulties and technologies.

ACCOUNT LOGIN DETAILS

Usernamecarlos
Passwordhunter2
PathDifficultiesTechnologiesVulnerabilities
/
JavaScript event handlers
JavaScript modifies request
JavaScript
Base64-encoded data in parameter
External service interaction (DNS)
External service interaction (HTTP)
Request URL override
/about
/blog
Client-side prototype pollution
Client-side template injection
Cross-site scripting (DOM-based)
Open redirection (DOM-based)
/blog/post
/catalog
Client-side template injection
Cross-site scripting (reflected)
DOM data manipulation (reflected DOM-based)
HTTP response header injection
Link manipulation (reflected DOM-based)
SQL injection
/catalog/cart
/catalog/product
/catalog/product/stock
JavaScript event handlers
JavaScript modifies request
JavaScript client side rendering
JavaScript
XML external entity injection
/catalog/subscribe
Cross-site scripting (reflected)
/image/scanme/blog/posts/1.jpg
/image/scanme/blog/posts/2.jpg
/image/scanme/blog/posts/3.jpg
/image/scanme/blog/posts/4.jpg
/image/scanme/blog/posts/5.jpg
/image/scanme/blog/posts/6.jpg
/image/scanme/productcatalog/products/1.png
/image/scanme/productcatalog/products/10.png
/image/scanme/productcatalog/products/11.png
/image/scanme/productcatalog/products/12.png
/image/scanme/productcatalog/products/2.png
/image/scanme/productcatalog/products/3.png
/image/scanme/productcatalog/products/4.png
/image/scanme/productcatalog/products/5.png
/image/scanme/productcatalog/products/6.png
/image/scanme/productcatalog/products/7.png
/image/scanme/productcatalog/products/8.png
/image/scanme/productcatalog/products/9.png
/image/scanme/productcatalog/products/batch_1337.png
/image/scanme/productcatalog/products/kettle_still.png
/image/scanme/productcatalog/products/lost_in_a_heyes.png
/image/scanme/productcatalog/products/original_dry_sqli.png
/image/scanme/productcatalog/products/pineapple_edition.png
/image/scanme/productcatalog/products/purple_hat.png
/logger
/login
Cross-site scripting (reflected)
DOM data manipulation (reflected DOM-based)
/my-account
/resources/css/labsBlog.css
/resources/css/labsEcommerce.css
/resources/css/labsScanme.css
/resources/fonts/JosefinSans/JosefinSans-Bold.woff
/resources/fonts/Poppins/poppins-bold.woff
/resources/fonts/Poppins/poppins.woff
/resources/footer/js/scanme.js
/resources/images/Portswigger.png
/resources/images/avatar.svg
/resources/images/batch1337_can.png
/resources/images/check-circle.svg
/resources/images/close-button.svg
/resources/images/copy-to-clipboard.svg
/resources/images/dark-blue-squiggle-pattern-tile.jpg
/resources/images/dry_SQLI_can.png
/resources/images/footer_graphic.jpg
/resources/images/g_j_bottle.png
/resources/images/gin-and-juice-distillery.jpg
/resources/images/gin-and-juice-shop-logo-small.svg
/resources/images/gin-and-juice-shop-logo.svg
/resources/images/gin-and-juice-team.jpg
/resources/images/gin-and-juice-team.mp4
/resources/images/goggles.svg
/resources/images/hero_banner_background1.jpg
/resources/images/hero_banner_background2.png
/resources/images/heyes_bottle.png
/resources/images/icon-account.svg
/resources/images/icon-cart.svg
/resources/images/icon-search.svg
/resources/images/kettle_bottle.png
/resources/images/not-found.svg
/resources/images/pineapple-can.png
/resources/images/rating1.png
/resources/images/rating2.png
/resources/images/rating3.png
/resources/images/rating4.png
/resources/images/rating5.png
/resources/images/shopping-cart.svg
/resources/images/tracker.gif
/resources/js/angular_1-7-7.js
Vulnerable JavaScript dependency
/resources/js/deparam.js
/resources/js/react-dom.development.js
/resources/js/react.development.js
/resources/js/searchLogger.js
/resources/js/stockCheck.js
/resources/js/subscribeNow.js
/resources/js/xmlStockCheckPayload.js
/resources/labheader/css/scanMeHeader.css
/robots.txt

Never miss a deal - subscribe now

Join our worldwide community of gin and juice fanatics, for exclusive news on our latest deals, new releases, collaborations, and more.

20% off everything

Coupon not found

Apply this coupon to your Shopping Cart before placing your order.
© 2023 PortSwigger Ltd.