Happy hacking!
Today’s blog post is #7 in the BodgeIt Store series.
To view the blog post #6 click HERE.
Today’s topic is we’re going to change our password via a GET request.
Let’s get started.
We were able to log into the application without supplying a password – click HERE to read it.
Logging into the application as user1@thebodgeitstore.com’ OR ‘1’=’1
We get the following:
Clicking on the user1@thebodgeitstore.com link we see:
Let’s view the page source of the webpage:
We see that the update password is looking for a POST, but we need to send it as a GET. How are we going to solve this?
Let’s do a right click on one of the text boxes and select “inspect element”.
From there we see:
Double clicking on the form method we’re going to change the method from POST to GET.
Going back to the password page, we can select the password to anything. I am going to use “hello”, and press “Submit”
We we’re able to change our password, through a GET request.
Let’s see if our solution was accepted.
Our solution was accepted (as the challenge is now green)!
Hi birdofbeauty12! I’m a computer science student and I’m super interested in pen testing! I had a go at the BodgeIt store site, so this series was super super fun for me to read, thank you so much for posting it 😀 I’m still trying to figure out how to do the other puzzles, and I’m struggling a little, so I was wondering if you might have any tips as to how to solve those? Thanks and keep up the great work!