Log in as admin via SQL Injection and delete all 5-star feedback entries to retrieve the flag.
Unzip a series of recursively compressed ZIP files, collect password fragments from each layer, and use the final combined password to extract the flag.
Log in as a specific user (Jim) in OWASP Juice Shop using SQL Injection to retrieve the flag.
Access the Juice Shop instance running on port `42000` and locate the scoreboard to find the flag.
Decode the hidden flag from a seemingly normal message given by User Two.
Access and explore an exposed FTP server tied to an OWASP Juice Shop challenge to retrieve confidential internal files, including the flag.
Investigate uploaded files to identify a malicious web shell used by an attacker.
Interact with a newly added OWASP Juice Shop AI-based feature and identify how to retrieve a hidden flag through it.
Identify the real IP address of the attacker from the data provided by User Six.
Explore the OWASP Juice Shop instance and retrieve the flag by reading the Privacy Policy page.