A pizza-ordering web application on Bugforge gives registered users a single-use discount code. The flag goes to whoever can apply more discount than they should — the fix is one HTTP request away, but you'll need to think carefully about how the server interprets the input you send.
Objective: Create an account, log in to the application, and locate the discount code that is presented to you after authentication.
Context: The target is a Bugforge pizza-ordering web application. You need a valid account to proceed through the purchase flow.
Only reveal the ones you need. Claude tracks how many you used to calibrate the feedback.
After logging in, look around your account dashboard or the checkout area for any promotional information the app surfaces automatically.
Applications often display coupon or discount codes on the landing page or in the user dashboard after login — check for any banner, label, or text that looks like a promo code.
The discount code displayed to you after login is PIZZA-10. Note it down; you will inject it into the purchase request.
Chat with a spoiler-safe tutor for this step. It uses only this lab spec and gives the smallest useful nudge first.
Tell the tutor what you tried, where you got stuck, or paste the response/error you are seeing.
Enjoying Hintru? Buy me a coffee ☕ ☕