The BodgeIT Store Series #2, Find Hidden Content as a Non-Admin User – #bodgeit #infosec #pentest #appsec #webapp

Happy Hacking!

Today’s post is #2 in a series of solving the BodgeIt Store vulnerability.

If you want to read the initial post, click HERE.

As the title says, we’re going to solve the vulnerability of finding hidden content as a non-admin user.

Let’s begin.

Going back to the Scoring Page (About Us –> Scoring Page Link) we see the following. Pay attention to our username, right now we’re logged in as a guest user.

bodgeit_scoring_2

Going to the home page we see the following:

bodgeit_home_1

What would happen if we view the HTML source of the page? Let’s try it.

Right clicking the page, and select View Page Source we see:

bodgeit_home_page_source_1

Hmm… we see a commented code on line 41 (green line) that shows a link to an admin page. What will happen if we navigated to this page?

Navigating to this page we see the following:
bodgeit_admin_1

We found a hidden page! This page lists the different user, and their role. Along with their BasketId, ProductId, and Quantity.

Let’s bookmark this page because I am sure we will need this page later for the other vulnerabilities.

Going back to the scoring page we see:
bodgeit_scoring_3

The hidden content as a non admin user is now complete (green)!

 

Advertisements