We are back, yet again at the famous CafeClub! The vulnerability was similar to this, but it’s always good to find and practice.
Step 1: Register and Identify the vulnerability
Register. Then get your traffic intercepted by burpsuite or whatever tool you use. Click onto one of the products.
Step 2: Ensure your burpsuite is displaying images
This one often catches people out, but ensure you can view images in burpsuite. If not, change your filters. You’ll see product png files are being fetched in such a way that might be useful for us, as a “bad guy”:
Step 3: Repeater
Send the request to repeater so we can tamper with it. ../flag.txt contains our flag:
Thanks for reading!
