We’re back at Cheesy Does It! The only pizza restaurant that somehow stays in business despite losing gargantuan amounts of cash!
Step 1: Register
Step 2: Support Cheesy Does It and buy a pizza!
Buy a pre-made pizza, though I’m sure this vulnerability is for every pizza (note: it is).
Step 2: Check out
Browse to your cart, scroll down and hit checkout (whilst intercepting traffic):
Step 3: Intercept and modify
When you hit the ‘api/orders’ POST req, you’ll want to change the price to 0.01, then hit “Forward”:
Once the GET request hits, right-click > Do Intercept > Response to this request:
Step 4: Retrieve the flag
Scroll down and you’ll see your flag!
Thanks for reading!
