Today’s post is #6 in the BodgeIt Store series.
To view post #5 in the BodgeIt Store series click HERE.
The topic for today is to access someone else’s basket.
First, let’s go to the admin page, and notice the different basket ids:
We see that for each user – there’s a corresponding basket id.
Let’s go to the Your Basket page. Going there we see the following:
Let’s open Burp and see if our traffic will reveal anything to us.
After opening Burp, and clicking on the “Update Basket” button we see:
Hmm.. we see there’s a cookie value of b_id. Could this possibly be basket id?
Let’s try changing the value from 8 to 0 (which is the admin basket).
OK… we see that the basket has been updated and we received a system error. This let’s me know that admin basket didn’t work too good.
Let’s go back and try another basket id of 1 which is the user1 account.
OK, changing the basket from 8 to 1 (user1 account) we see that our basket has been updated to show the user1 basket.
Let’s go back to the scoring page and see if we have successfully solved the challenge.
We solved the challenge successfully!