Bypass the content filtering AI system to post on the Orca Doll product page the forbidden comment:
"pwned"
Success is achieved this comment that should be filtered gets published.
Lets start with trying a random comment and seeing what happens:
We can see the comment addition failed due to AI check. Lets take a look behind the scenes as to how this response looks when we send a comment that is approved:
And how the response looks when it is not approved:
So when a comment is approved, it will return 1, with a relevant probability, and when it is not approved it will return 0 with the relevant probability.
Well, this is an output integrity challenge. Maybe we can alter the results in some way?
Lets see how this looks on burp:
We can see the 'is_offensive' and 'probability' values are sent with the request, what if we sent the request with the values we want to recieve?
We can see the system accepted our values and posted the comment we sent