Petshop Pro

Flag 0

• burp suite intercept, change the %3A+7.95%2C to %3A+0%2C and let it load
• Flag 0 found, this is easy!

Flag 1

• Locating the admin interface login, off the top of my head, I used admin, Admin, ps-admin, login and bingo found /Login
• Used repeater  and dumped the user name github is a good place to get a common usernames list.
• get a list for the passwords to, this will take a while let. I used.. hydra for this task built a script to dump the username, password, This one took about an hour.
• found user/password combo and logged in
• Flag 1 found brute force was the key here.

Flag 2

• This one relayed upon XSS exploit, so you need to dump  it as the user go edit a product and add the following. <img src=x onerror=alert(1)> in the name and description and hit save.
• Add the product to to the shopping cart and check out.
• Flag 2 found during check out.