shopdev2.inlanefreight.local

its a login page and weak creds admin:admin worked.

Once in, none of the buttons work except for my cart which takes us to cart.php. Trying to follow the prompts says this feature is not yet implemented.

Clicking on Complete Purchase take us to checkout.php with XML data. Possible XXE?

Testing it for XXE shows that it is indeed vulnearble.

Reading /etc/passwd

Previousgitlab.inlanefreight.local Nextmonitoring.inlanefreight.local

Last updated 10 months ago