Today was better compared to the previous 2 days in terms of challenges, I got to work a lot more before my power went out. I focused on 2 functionalities — the file upload for the profile, and the address for delivery. These are two very valuable functionalities, the file upload function can grant you a critical vulnerability(an RCE), and the address function can grant you an IDOR or BAC. If you don’t already have these vulnerabilities in your methodology I suggest you research file upload, Insecure Direct Object Reference, and Broken Access Control vulnerabilities. These vulnerabilities can range from low to critical. I spent the entire day hacking these functions and I did not find any vulnerabilities, the next step for me is to move on to the next function in my notes :)
Thank you for taking the time to read through my post. Take care.
For updates — Twitter: https://twitter.com/wallotry/
To send me private program invites — HackerOne: https://hackerone.com/wallotry
