Exploiting a mass assignment vulnerability
Link: https://portswigger.net/web-security/api-testing/lab-exploiting-mass-assignment-vulnerability
To solve the lab, find and exploit a mass assignment vulnerability to buy a Lightweight l33t Leather Jacket. You can log in to your own account using the following credentials: wiener:peter.
solution
- Start the challange by logging using wiener:peter credentials
- I navigated through the website to find api endpoints
- After navigation i found it when you add item to cart, go to your cart and click
place order - This moves you to this API endpoint
/api/checkoutand this is the request body when the request method isPOST{ "chosen_products":[ { "product_id":"1", "quantity":1, "item_price":0 } ] } - I tried to change the request method to PUT and i found in the response that only GET, POST are the allowed methods
- When i change the request method to
GETi get this response{ "chosen_discount":{ "percentage":0 }, "chosen_products":[ { "product_id":"1", "name":"Lightweight \"l33t\" Leather Jacket", "quantity":2, "item_price":133700 } ] } - We note that there’s
chosen_discountLet’s add it the body of the request and send the post request but after making the chosen_discount = 100 - Congratzzzzzzzzzzzzzzzzzz