Client Side | Client Side Filtering (3) | Cycubix Docs
PreviousClient Side | Client Side Filtering (2) | Cycubix DocsNextClient Side | HTML Tampering | Cycubix Docs
Last updated
Was this helpful?
Last updated
Was this helpful?
No need to pay if you know the code …
Solution
Let's intercept the request with ZAP and see what we can find about the checkout code.
If we open the developer tools we will see that there are some checkout code's but they do not work.
Let's see what the source code say at https://github.com/WebGoat/WebGoat/blob/main/src/main/java/org/owasp/webgoat/lessons/clientsidefiltering/ClientSideFilteringFreeAssignment.java
We can see there is a SUPER_COUPON_CODE="get_it_for_free".