Deprecated Interface

Difficulty: 🌟🌟

Description: Use a deprecated B2B interface that was not properly shut down.

Category: Security Misconfiguration

Tags: Contraption, Prerequisite

Solution:

When searching for term deprecated, B2B, shut down in file main.js, I found this

B2B customer is allowed to upload XML order file, so head to http://localhost:3000/#/complain and try to upload a random XML file The Choose File is to default accepting (filtering) "Custom Files" which seems to be PDF, ZIP file

I changed filter to All Files and force upload an XML file

Result: