Cheesy Does It

We're getting ready to order some free pizza's with the hint broken logic.

I thought I had it all figured out, I found a bug where I was able to tamper with the payment and made sure my pizza was free of charge. All though this was a legit bug, it wasn't the thing I was looking for.

The thing I was looking for turned out to be on the refund endpoint. When hitting orders/2/refund I could change the variable refund_amount in the POST request to any value I wanted.

And when I claimed an amount that I wasn't entitled to, I received my flag 🇧🇪

PreviousCheesy Does It NextCafeClub

Last updated 3 months ago