FastFoodHackings - Is our new profile updater secure?

Challenge Information

Note For this challenge you will need an account on https://www.bugbountytraining.com/FFH/

Thanks again for everyone helping us test our site and let us know where we are making mistakes. We've started patching some bugs but we'd love your help to know if we have fixed the bug enabling XSS in the name and if it's all done correctly.

  1. Login to your account on https://www.bugbountytraining.com/FFH/

  2. Visit https://www.bugbountytraining.com/FFH/newsettings.php

You are ONLY testing on newsettings.php for this challenge!

  1. Find any issues with how it works, let us know! :)


Challenge Solutions

Show Solution