PHP Auction Site is not vulnerable..?

Question

I downloaded the file here:
https://devcentral.f5.com/articles/configuring-the-big-ip-and-php-hack-it-yourself-auction-site
And I am trying out the discover parameter tampering vul from the ASM 13 lab guide by entering a nick for a different user:
http://asmauction.com/user_menu.php?nick=allwyn
And I am nicely being dropped at the login page as if this a damn good secure app, lol. 
Is there some updated version of this auction site that I should be using?

nathe · Answer

I've just tested my lab PHP Auction site. This works once you are already authenticated. So login as user joe and then change the parameter to someone else. This will show you their Control Panel. Works for me.&nbsp;
Hope this helps,&nbsp;
N&nbsp;

Forum Discussion

PHP Auction Site is not vulnerable..?

Recent Discussions

VS FORWARDING & ROUTE

Diameter iRules attachment?

Source IP F5 DNS Zone Forwarder

F5 BIG-IP

BIG-IP Oauth Client and AS

Related Content

Configuring the BIG-IP and PHP "Hack-It-Yourself" Auction Site

Migrating between sites using stretched VLANs

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS