Let's play it!
- found a link that is commented in page source
- login raised an error when entering ' in input box
- search box is vulnerable to reflect XSS
- I thought it was persistent XSS, but it's not. I found admin page at #/administration
- SKIP
- When I try to checkout things in basket, it's show path that file is stored. http://localhost:3000/ftp/
- Already found at #/administration
- Just reclick the stars
- SKIP
- Enter 'or'a'='a' and like %admin% --
- I thought it was SQLi and crack password, but pass word is in response in administration page. password crackable.
- Modify Request URL: http://localhost:3000/rest/basket/1 -> 2
- Use technique called nullbyte injection append %2500.pdf (or %2500.md) to URL.