Forum Discussion

Cirrus

Sep 29, 2018

PHP Auction Site is not vulnerable..?

I downloaded the file here: https://devcentral.f5.com/articles/configuring-the-big-ip-and-php-hack-it-yourself-auction-site And I am trying out the discover parameter tampering vul from the ASM 13 ...

ASM Advanced WAF

security

nathe

Cirrocumulus

Oct 01, 2018

I've just tested my lab PHP Auction site. This works once you are already authenticated. So login as user joe and then change the parameter to someone else. This will show you their Control Panel. Works for me.

Hope this helps,

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

PHP Auction Site is not vulnerable..?

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

F5 Academies Are Back – And We’re Coming to a City Near You

Recent Discussions

Why does SSLO not support ACTIVE-ACTIVE mode deployments？

Failed to set RDP launch token timeout

Horizon View iApp - Big-IP 17.5

r4600 Tenant CPU Assignment

master key file on vcmp guest HA Cluster different?

Related Content

Configuring the BIG-IP and PHP "Hack-It-Yourself" Auction Site

Migrating between sites using stretched VLANs

Mitigating Apache Camel Vulnerability CVE-2025–27636 with F5 Products

Site-to-Site Connectivity in F5 Distributed Cloud Network Connect – Reference Architecture

F5 Distributed Cloud: Virtual Sites - Regional Edge (RE)

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS