optiv / insecureshop Goto Github PK

Cannot find config.yml under .prismaCloud folder in repo InsecureShop. Please make sure the file is present in correct format (sample file - https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-devops-security/use-the-prisma-cloud-app-for-github.html) at the main branch of your repo under .prismaCloud folder.

Does the extra mile included there actually work any more ?

If yes, what is the correct intent that should be used.
As far as i checked and searched it should no longer work.

This is the result i am getting:

09-16 22:29:26.838 13798 13798 I chromium: [INFO:CONSOLE(0)] "Navigation is blocked: intent:#Intent;action=ACTION_VIEW;type=text/plain;component=com.insecureshop/com.insecureshop.WebView2Activity;S.url=http://someurl.com;end", source: http://myawesomesite.com/ (0)

Where from http://myawesomesite.com/ i tried with javascript, or with a button.

<a href="intent://#Intent;action=ACTION_VIEW;type=text/plain;component=com.insecureshop/com.insecureshop.WebView2Activity;S.url=http://someurl.com;end">Trigger</a>

The given identity pool can access two buckets, from which one of them has full control granted to all users. Was that bucket supposed to contain something ?
Based on the description here https://docs.insecureshopapp.com/insecureshop-challenges/aws-cognito-misconfiguration
I thought that you probably had something different in mind (like give permission to write acl but not read - and the user should be first add the read permission to all users before seeing the files).
Is that the case?

(also thought that someone before could have overwritten this for example and deleted any file you had there)
In any case i dont know if the bucket is intentionally empty or not, hence this issue.

This repo will be archived.
Please direct all your contributions and issues to the new repository: https://github.com/hax0rgb/InsecureShop

...reading the logcat, more sophisticated than the others but still. Great Job devs 👍