intx0x80

hacky holidays  h1 CTF this year Hackerone hosted CTF it's amazing CTF i will   write write up for  interesting challenges  Swag Shop Get your Grinch Merch! Try and find a way to pull the Grinch's personal details from the online shop this challenge it's 100% real life which in order to get flag we must enumeration grinch profile. first we must enumeration target page and do some spider pages by using burpsuite spider     after spider target you notice api   endpoints that use in application we must FUZZ endpoint to find hidden endpoints using burpsuite intruder or any tools you  like.   you notice user  endpoint status code and response message  and sessions endpoint which response with  JWT Tokens  which will going to decode it and find information using  jwt io .  after decode jwt tokens we find one has user name value          now back to user endpoint which we nee...