HackTheBox - Bookworm

00:00 - Introduction 00:50 - Start of nmap 04:30 - Discovering a potential XSS in the Notes field of an order. Content Security Policy (CSP) blocks us, because JS cannot be on the same page. Looking for a file upload functionality. 08:29 - Finding out we can upload anything we want to the avatar. This should allow us to bypass the CSP in the book edit field 11:55 - Confirmed XSS on the page, checking if there's an IDOR Vulnerability that allows us to add notes to other people's items by creating a second account 16:00 - Creating a Python Script that will automatically poison items in peoples basket (cart) 28:00 - Backet Poisoner script is completed 28:50 - Creating a JavaScript payload, explaining why I'm doing await, fetch, and helper functions. 40:15 - Having the XSS Payload fetch profile, look for orders, then perform a get on all orders to examine the order page. Then send us the HTML of that page 49:55 - Creating a Python Flask Server that will save all of the orde