People who don’t know me, I’m Aakash Patel, 2nd Year B.Tech Computer Science Student.

Hello everyone this is my first writ up, so please ignore if I made any mistake. As you must have read the title, we will learn about price manipulation or price tempering here.

So what is price manipulation?

Price Manipulation is a type of vulnerability where attacker can change the price of placed order. This vulnerability is common in e-commerce websites. This means you can place any order for 1 rupee or even for free.

So this is enough intro for this vulnerability. Let’s start

One’s I’m just using google search engine And I thought why not do bug hunting on any e-commerce website. So I used this google dork to find some e-commerce websites.

site:*.com intext:"shopping"

So I found a website let’s say its name is example.com Then I normally tested that website and I did not find any special security in many places. So I thought why not check the price manipulation. I quickly added 2 products to my cart. Now the price of my cart is Rs. 6580 then I enabled my burpsuite proxy and proceeded to pay for this. Then I intercept the request and found a GET request having a amount parameter having amount 6580 then I changed it to 1 and forwarded the request.

manipulating request

and got 200 OK

price manipulation
got success response

then I made a payment of Rs. 1 and my order is placed.

order successful

Then I quickly contacted them and told them about this bug. I didn’t get any bounty as they didn’t have any responsible disclosure program.But I got gift card of worth 8000 🙂

Hope you enjoyed this write-up ????

Have a good day . Peace out ✌

You can visit my profile and follow me on :

Linkedin : https://www.linkedin.com/in/aakash-patel-6250/

Twitter https://twitter.com/AAKASH_6250

Youtube : https://youtube.com/channel/UCOjZF3dnFCXhZ4yUtNc7DHA