Shop7 [EPT 2025]

In this task, we got access to the source code and the web application! I read through the code to figure out where something would be vulnerable, and I found this function:

setattr is vulnerable here, as it will set a new value for the customer class.

As usual, we use Burp for this!

The vulnerability here is that the objects sent in the POST request can contain more variables than what is shown. So here you can simply inject Customer_cash (Refereed to earlier) to set a new int value when creating a new account.

When making a user, capture the register request and add the following payload:

Confirm that you have enough money and… Buy the flag :D