I found the window and I’m able to get some info out. I’m also able to toss some stuff in the window, but nothing is actually getting executed. Can someone push me in the right direction?
That’s definitely not intended, people need to cleanup after themselves
1 Like
Surely, I answered you message in private, if you need further help through the machine, you can ask me at anytime 
hi, i have bypass the login at the dev.stocker.htb
I do not see any items such as the cup, bin, axe at all. How do i proceed?
Thank you!
no stock available, how to get cart working ?
do you find the web after login not working ? i got that problem. been reseting the machine too but still no product appeared
People, don’t be shy to call me on PM, R is always here 
I have sent you two a message, hope it helps to pass through the machine 
I’m stuck on authentication bypass. I try common NoSQLi with no success
about login bypass, ippsec’s vid of shoppy is helpful: HackTheBox - Shoppy Shoppy
im stuck on after the bypass
the ordering function is suspicious but i cant find any vulnerabilities
2 Likes
I had the same issue (caused by several CORS errors), in my case turning off burpsuite solved the error (which isn’t really a solution, but it’s better than nothing to have at least a first look around). I guess some tweaks to burp’s settings will solve the issue for good.
1 Like
yeah i would just switch foxyproxy not to forward it to burp and it will load the products
cant reply because new user restrictions
rooted it
the root was much easier than the user by faaaaaaar
anyhow thank you for your help
2 Likes
I am happy I could help, if anytime you need again, you can surely call me
2 Likes
Yes, I manage to bypass authentication, but I don’t find any vulns in the page.
about root, the deep knowledge of js is not needed
Start with short one and if no success try another one more complex.
I’m stuck after bypassing the login page. The cart looks suspicious but I’m confused. Can you give me a hint?
Of course
I will send you a private message on the topic so there is no spoilers in the official discussion, but it is related to where the order redirects you
1 Like
i saw the tip that the DB was a specific type of DB. I am new still and I went through the fundamentals but I cannot figure out how this DB type was identified. I feel that unless I can make this identification on my own that I am not learning anything if I just use the info.
Can someone help me on what method or tool I should use to identify this in the future? Thank you!
Of course, I sent you a DM related to this topic
1 Like
Hi, can you kindly assist me on the stocker machine ? thank you