petshop_pro flag2

Author: testert1ng

README.md

@@ -12,7 +12,7 @@
 | Easy (2 / flag)     | [Micro-CMS v1][3]                          | Web    | 4 / 4      |
 | Moderate (3 / flag) | [Micro-CMS v2][5]                          | Web    | 3 / 3      |
 | Easy (4 / flag)     | [Postbook][6]                              | Web    | 7 / 7      |
-| Easy (3 / flag)     | [Petshop Pro][7]                           | Web    | 1 / 3      |
+| Easy (3 / flag)     | [Petshop Pro][7]                           | Web    | 3 / 3      |
 | Moderate (5 / flag) | [TempImage][4]                             | Web    | 2 / 2      |
 
 [1]: https://ctf.hacker101.com/ctf

petshop_pro/README.md

@@ -11,7 +11,7 @@
 - Tools may help you find the entrypoint
 - Tools are also great for finding credentials
 
-## [Flag2](./flag2) -- Not Found
+## [Flag2](./flag2) -- Found
 
 - Always test every input
 - Bugs don't always appear in a place where the data is entered

petshop_pro/flag2/README.md

@@ -0,0 +1,21 @@
+# Petshop Pro - FLAG2
+
+## 0x00 Admin Index
+
+![](../flag1/imgs/flag.jpg)
+
+## 0x01 Edit Page
+
+Insert with XSS code for all possible inputs.
+
+``` js
+<img src=x onerror=alert(1)>
+```
+
+![](./imgs/edit.jpg)
+
+## 0x02 FLAG
+
+Add them into cart and go check the shopping cart.
+
+![](./imgs/flag.jpg)