User

@anonymous


SHX #4 Banana Shopping

SHX #4 Banana Shopping  

  Por: feer em 7 de Agosto de 2017 às 22:26

Does anyone have any ideas? I tried fuzzing in some params but nothing do. The price is not sending on the POST (It would be very easy) Someone could direct me to the correct mindset ? What vulnerability do we see?

THX

Re: SHX #4 Banana Shopping  

  Por: feer em 10 de Agosto de 2017 às 22:16

I tried manual fuzzing in javascript but nothing = / I analyzed the all the source code and nothing too I use nikto and found nothing relevant Any idea ?

Re: SHX #4 Banana Shopping  

  Por: sauloh em 11 de Agosto de 2017 às 02:46

Feer, it's not that complicated.

Try playing with the values. Try to make some logic out of it. Play with the values with burp suite or some similar tool.

Re: SHX #4 Banana Shopping  

  Por: feer em 11 de Agosto de 2017 às 21:52

Can you give me one more tip?

What values do you refer to are the form values? (Quantity)

I fuzzing the values of quantity using burp and nothing =/

Thx

Re: SHX #4 Banana Shopping  

  Por: Sql3t0 em 13 de Agosto de 2017 às 12:58

Hello feer ! The tip I can give you is that you must pay attention to the order of the mathematical operations in relation to their signals. \m/

Re: SHX #4 Banana Shopping  

  Por: s1g em 13 de Agosto de 2017 às 14:09

You're thinking too hard. Compare what you enter versus what gets sent ;)

Re: SHX #4 Banana Shopping  

  Por: feer em 14 de Agosto de 2017 às 00:19

Solved.

Thx for all

Re: SHX #4 Banana Shopping  

  Por: SirAlpha em 24 de Dezembro de 2017 às 21:09

Please give me a hint as to what to do, I've already intercepted the request for Burp, but I did not understand what to do with math operations and I did not even find them.