VendX — Vending Machine Exploit

VendXv1.0

READY

Target Configuration

Machine ID

JWT Token

Exploit Pipeline

🔍 Discover Products

💳 Poll Payment Status

📦 Create Order

⚡ Force Success

✅ Verify Order

🎰 Trigger Dispense

exploit-terminal

$ waiting for exploit launch...

# Vulnerability: Server accepts client-supplied

# order_status with no payment verification

$ Configure target and click "Launch Exploit"

⚠ Vulnerability Details

Type: Broken Access Control — Client-Side Enforcement
Endpoint: PUT /orders/{id}
Flaw: Server trusts client-supplied order_status without verifying payment completion
Impact: Full product dispensing without payment — complete business logic bypass