People who don’t know me, I’m Aakash Patel, 2nd Year B.Tech Computer Science Student.
Hello everyone this is my first writ up, so please ignore if I made any mistake. As you must have read the title, we will learn about price manipulation or price tempering here.
So what is price manipulation?
Price Manipulation is a type of vulnerability where attacker can change the price of placed order. This vulnerability is common in e-commerce websites. This means you can place any order for 1 rupee or even for free.
So this is enough intro for this vulnerability. Let’s start
One’s I’m just using google search engine And I thought why not do bug hunting on any e-commerce website. So I used this google dork to find some e-commerce websites.
site:*.com intext:"shopping"So I found a website let’s say its name is example.com Then I normally tested that website and I did not find any special security in many places. So I thought why not check the price manipulation. I quickly added 2 products to my cart. Now the price of my cart is Rs. 6580 then I enabled my burpsuite proxy and proceeded to pay for this. Then I intercept the request and found a GET request having a amount parameter having amount 6580 then I changed it to 1 and forwarded the request.
and got 200 OK
then I made a payment of Rs. 1 and my order is placed.
Then I quickly contacted them and told them about this bug. I didn’t get any bounty as they didn’t have any responsible disclosure program.But I got gift card of worth 8000 🙂
Hope you enjoyed this write-up ????
Have a good day . Peace out ✌
You can visit my profile and follow me on :
Linkedin : https://www.linkedin.com/in/aakash-patel-6250/
Twitter : https://twitter.com/AAKASH_6250
Youtube : https://youtube.com/channel/UCOjZF3dnFCXhZ4yUtNc7DHA
