BugForge Write-Up 3/2/2026
- icanhaspii
- Mar 3
- 1 min read
Updated: Mar 3
BugForge Daily Challenge 3/2/2026 - Cheesy Does It
Hint: Broken Logic.
Note:
If there is an admin account active for a lab, the credentials are admin:admin123
I launched Caido.
I checked to see if there was an admin login using the set/known creds, but there was not.
I created a user account and was taken to an app that appeared to behave a lot like an online pizza shop.
I then ordered and paid for a delivery of a pizza.
Once the pizza arrived, (following along with the @_shadowforge__ write-up), the pizza was cold, yuck. Back in college, cold pizza was a staple, but I'm supposed to be all grown up now LOL!... so I hit the "Report Problem with Order" button, checked-off the "Request refund" box, and hit "Submit":
Over in my Caido proxy window, I found the
"POST /api/orders/1/refund"traffic. I highlighted that line and right-clicked and selected, "Send to Replay -> Default Collection":
Moving over to the Caido "Replay" tab, I hit the red "Send" button so that I would have a baseline of what the traffic "Response" looked like.
Still following along with the @_shadowforge__ write-up, and still in the Caido "Replay" tab, inside the "Request" pane, I changed the following lines:
{
"issue_reason":"Order was cold",
"request_refund":true,
"refund_amount":12.99
}
to:
{
"issue_reason":"Order was cold",
"request_refund":true,
"refund_amount":102.99
}
When I hit the red "Send" button, the flag appeared in my "Response" pane!!!
{
"success": true,
"message": "Refund request processed successfully",
"refund_approved": true,
"refund_amount": 102.99,
"flag": "bug{********************************}"
}
##### End of Report #####
