Hello, i think you can easily found flag2 without sign in.
i notice that after scanning the web directories with dirscan, and then found /edit page.
first, i try to open that directories, but i got an 400 reply. then i think.. "how if i provide an id on the url?" so, the web url now look like ip/edit?id=idhere.
then i search for possible id.. so i going to inspect element and found id 0 for cat, and id 1 for puppy.
then i put the id to the url that i mentioned before.
the url now look like this ip/edit?id=0
then voila..!! i entered the edit pages without being administrator.
on that pages, i tried to entered some xss payload, but nothing happend :D. so i came to this writeup and try the payload.. and it's work!!
sorry for my bad english :(
and thank you for this writeup, i very like it!
Hey bro, I just wanted to tell you that /edit/id=0 OR /edit/id=1 works for flag2.
change the name parameter to "" and keep all the same(I also change the price to -ve like -1.0 or -2.0) I my case works for me,save the changes now.
I added that item to my cart.
Go to checkout now, and here is your Flag2.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Hello, i think you can easily found flag2 without sign in.
i notice that after scanning the web directories with dirscan, and then found /edit page.
first, i try to open that directories, but i got an 400 reply. then i think.. "how if i provide an id on the url?" so, the web url now look like ip/edit?id=idhere.
then i search for possible id.. so i going to inspect element and found id 0 for cat, and id 1 for puppy.
then i put the id to the url that i mentioned before.
the url now look like this ip/edit?id=0
then voila..!! i entered the edit pages without being administrator.
on that pages, i tried to entered some xss payload, but nothing happend :D. so i came to this writeup and try the payload.. and it's work!!
sorry for my bad english :(
and thank you for this writeup, i very like it!
Hello, thank you very much for the writeup!
Hey bro, I just wanted to tell you that /edit/id=0 OR /edit/id=1 works for flag2.
" and keep all the same(I also change the price to -ve like -1.0 or -2.0) I my case works for me,save the changes now.
change the name parameter to "
I added that item to my cart.
Go to checkout now, and here is your Flag2.