The BodgeIT Store Series #6, Access Someone Else’s Basket – #bodgeit #infosec #pentest #appsec #webapp

Happy Hacking!

Today’s post is #6 in the BodgeIt Store series.

To view post #5 in the BodgeIt Store series click HERE.

The topic for today is to access someone else’s basket.

First, let’s go to the admin page, and notice the different basket ids:


We see that for each user – there’s a corresponding basket id.

Let’s go to the Your Basket page. Going there we see the following:

Let’s open Burp and see if our traffic will reveal anything to us.

After opening Burp, and clicking on the “Update Basket” button we see:


Hmm.. we see there’s a cookie value of b_id. Could this possibly be basket id?

Let’s try changing the value from 8 to 0 (which is the admin basket).



OK… we see that the basket has been updated and we received a system error. This let’s me know that admin basket didn’t work too good.

Let’s go back and try another basket id of 1 which is the user1 account.




OK, changing the basket from 8 to 1 (user1 account) we see that our basket has been updated to show the user1 basket.

Let’s go back to the scoring page and see if we have successfully solved the challenge.


We solved the challenge successfully!

InfoSec Institute CTF Challenge #4

Another day, another challenge…

Today’s challenge is #4 from the InfoSec Institute CTF challenge.

Going to the following link we see the following:


Doing a right click view page source we see the following:


Looking at the page we see the following hint – “Hypertext Transmission Protocol”

Pressing F12 to view the developer tools and going to the “Network” tab we see the following:


Inside the set-cookie we see “fusrodah=vasbfrp_syntvf_jrybirpbbxvrf”. This is interesting…

Doing a quick Google search and putting in the second half of our value we get the following link for ROT-13.

ROT-13 is a rotation 13 cipher. This cipher rotates each character by 13 characters.

Using the following site, and putting in our value we get:


We retrieved the flag.

Lessons learned:

Use the hints provided. We our trust right click, view page source, but that didn’t help us. Going back to the page we noticed that the hint was HTTP. Using the development tools inside Chrome and going to the network tab we saw the files retrieved when accessing the site.

Clicking on the page, and viewing the headers we noticed that the cookie was being set. Using this information inside Google we were able to decode the message.