in this ctf how did you know that that id can be changed upto 189*5=945 without using the burpsuit or like tools?

I'm getting 500 error on the last step, even with .txt used, so don't know if the txt file is not correctly created, or if the last step is unable to display the txt file. Does this still work for you?

once shell is uploaded how can i connect to it ?

I use curl to make a POST request to the edit/2 url ,but it says that the method is not allowed.Does this happen because I am using Windows?

Hi!

Thanks a lot for sharing all your documentation.

I read the "Photo Gallery - Flag2" document. In my opinion, there is a little bug in the sections "0x02 Remote Code Execution" and "0x03 FLAG".

The command "id=1 UNION SELECT 'test'--" does not work for me. Running this command results in an HTTP 500 error. If I add a file extension everything works fine. Finally, the command looks like: "id=1 UNION SELECT 'test.txt'--".

It seems just like a random number... how did you get to 945?
btw thanks for the writeup :)

I can't see any link to edit the items in the pet store so I can't change the content which is forwarded to the /cart page. I don't know whether there was an update to this challenge or the web page doesn't render properly. I checked on other browsers so I don't think that's the issue.

I did change the 'name' of the item by intercepting the POST request to /checkout from /cart and got XSS on the /checkout page but don't see the flag.

Maybe, the XSS needs to pop up on the /cart webpage? Anyways, just wanted to ask if there's another way around this. Btw thank you for creating this repo, great help.