0xnhl

Petshop Pro

/ Update
1 min read

Easy | Web

ctf url: https://ctf.hacker101.com/

Flag 1#

  • Inspect /cart.
  • We see hidden input field containing item details
  • POST /checkout content

URL encoded:

cart=%5B%5B0%2C+%7B%22name%22%3A+%22Kitten%22%2C+%22desc%22%3A+%228%5C%22x10%5C%22+color+glossy+photograph+of+a+kitten.%22%2C+%22logo%22%3A+%22kitten.jpg%22%2C+%22price%22%3A+8.95%7D%5D%5D
text

Decoded JSON array:

[
  [0, {
    "name": "Kitten",
    "desc": "8\"x10\" color glossy photograph of a kitten.",
    "logo": "kitten.jpg",
    "price": 8.95
  }]
]
js
  • Change item price to 0 in burp or the hidden input field
    we get 1st flag in the checkout page
    attachments/Petshop-Pro-1759060200155

Flag 2#

  • Fuzz url to find other pages
  • found admin page login at /login
  • Bruteforce credentials using hydra or fuzz or burp turbo intruder
  • used names.txt from seclist

attachments/Petshop-Pro-1759060805150

attachments/Petshop-Pro-1759059507607

Flag 3#

Try XSS in item name
attachments/Petshop-Pro-1759060427511
Go to cart
attachments/Petshop-Pro-1759060498783

Petshop Pro
https://nahil.xyz/vault/writeups/hacker101/petshop-pro/
Author Nahil Rasheed
Published at September 28, 2025
Copyright CC BY-NC-SA 4.0
Disclaimer This content is provided strictly for educational purposes only.

Kioptrix

Advent of Cyber 2024