Listen to this Post
This article delves into two cases of price manipulation discovered by a bug bounty hunter. The first case involves buying items for free by exploiting a cart quantity vulnerability, while the second case focuses on bypassing shipping fees by manipulating the system logic.
Case One: Buying Items for Free (Easy Catch)
The application allowed users to add items to the cart, adjust quantities, and proceed to checkout. The vulnerability was found in the cart quantity parameter.
Steps to Exploit:
1. Intercept Requests:
Use a proxy tool like Burp Suite to intercept requests related to cart modifications. Focus on the `quantity` parameter.
2. Test Invalid Values:
Test invalid values such as null, 0, -1, and 0.1. These attempts may fail, but they help identify how the system handles unexpected inputs.
3. Send Multiple Quantity Fields:
Send multiple `quantity` fields in the request:
{
"quantity": 1,
"quantity": 1,
"cartItem": 1234
}
4. Attempt Integer Overflow:
Test with an extremely large number:
{
"quantity": 9223372036854775808,
"cartItem": 1234
}
5. Discover the Vulnerability:
While reviewing proxy history, notice a `PUT` request with a different parameter:
{
"qty": 0.1,
"itemID": 1234
}
Setting `qty` to `0.1` resulted in the price being set to 0, allowing the purchase of items for free.
Case Two: Abusing Promo Codes for Free Shipping
The application offered free shipping to Japan but charged users from other countries. The vulnerability allowed users to bypass shipping fees.
Steps to Exploit:
1. Set Shipping Address to Japan:
Set the default shipping address to Japan to trigger free shipping.
2. Manipulate Address on Checkout:
Open multiple tabs:
- Tab 1: Set the default address to the US.
- Tab 2: Set the default address to Japan.
- Tab 3: Refresh the payment page to see the shipping fee removed while the address remains set to the US.
You Should Know:
- Burp Suite Commands:
Use Burp Suite to intercept and modify HTTP requests. Key commands:</li> </ul> <h1>Start Burp Suite</h1> java -jar burpsuite.jar
Configure your browser to use Burp as a proxy.
- Linux Commands for Proxy Setup:
Use `iptables` to redirect traffic through a proxy:
iptables -t nat -A OUTPUT -p tcp --dport 80 -j REDIRECT --to-port 8080 iptables -t nat -A OUTPUT -p tcp --dport 443 -j REDIRECT --to-port 8080
- Windows Commands for Network Testing:
Use `netsh` to configure proxy settings:
netsh winhttp set proxy 127.0.0.1:8080
- Testing for Integer Overflow:
Use Python to generate large numbers for testing:
print(9223372036854775808)
What Undercode Say:
Price manipulation vulnerabilities can have severe financial impacts on businesses. This article highlights the importance of thorough input validation and secure coding practices. Developers should:
- Validate all user inputs, especially numeric values.
- Use server-side checks to prevent logic manipulation.
- Regularly audit code for vulnerabilities.
For further reading on secure coding practices, visit:
OWASP Secure Coding Practices
Burp Suite DocumentationBy understanding and addressing these vulnerabilities, businesses can protect themselves from financial losses and maintain customer trust.
References:
Reported By: Kareem Abfe – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅Join Our Cyber World:



