hacking, owasp, web application security

The BodgeIT Store Series #7, Change your Passwords via a GET Request – #bodgeit #infosec #pentest #appsec #webapp

Happy hacking!

Today’s blog post is #7 in the BodgeIt Store series.

To view the blog post #6 click HERE.

Today’s topic is we’re going to change our password via a GET request.

Let’s get started.

We were able to log into the application without supplying a password – click HERE to read it.

Logging into the application as user1@thebodgeitstore.com’ OR ‘1’=’1

We get the following:

burp_login_user1_successful

Clicking on the user1@thebodgeitstore.com link we see:

bodgeit_GET_1

Let’s view the page source of the webpage:

bodgeit_GET_2

We see that the update password is looking for a POST, but we need to send it as a GET. How are we going to solve this?

Let’s do a right click on one of the text boxes and select “inspect element”.

From there we see:

bodgeit_GET_3

Double clicking on the form method we’re going to change the method from POST to GET.

bodgeit_GET_4

Going back to the password page, we can select the password to anything. I am going to use “hello”, and press “Submit”

bodgeit_GET_5

bodgeit_GET_6

We we’re able to change our password, through a GET request.

Let’s see if our solution was accepted.

bodgeit_GET_7

Our solution was accepted (as the challenge is now green)!

2 thoughts on “The BodgeIT Store Series #7, Change your Passwords via a GET Request – #bodgeit #infosec #pentest #appsec #webapp”

  1. Hi birdofbeauty12! I’m a computer science student and I’m super interested in pen testing! I had a go at the BodgeIt store site, so this series was super super fun for me to read, thank you so much for posting it 😀 I’m still trying to figure out how to do the other puzzles, and I’m struggling a little, so I was wondering if you might have any tips as to how to solve those? Thanks and keep up the great work!

  2. what happened with “Force someone to add an item to their basket when they visit your webpage” and “Level 3: Display a popup using: alert(“XSS”)” ?.
    could you solve it?