Bug bounty: Payment bypass using Response manipulation
2021-08-10 14:48:41 Author: infosecwriteups.com(查看原文) 阅读量:45 收藏

Krishnadev P Melevila

Hi friends,

It’s me Krishnadev P Melevila, After my first account takeover blog, I am back with a new Response manipulation bug.

For those who don’t know me, Please search google “Krishnadev P Melevila” Or “Founder of Nodeista Infotech

So let’s start,

Photo by Arget on Unsplash

As per the program policy, I am not able to reveal the site identity. so I am mentioning the site name as example.com

This bug allows an attacker to manipulate response before being sent to the payment gateway and bypassing the overall payment system.

This is mainly caused by the improper configuration of the payment system.

This bug causes severe damage to the economy of the company. So they considered it as a P2 bug.

Steps to reproduce in attackers point of view:

  • Choose any package and click on buy now and intercept the response from the server.

  • Change the amount_to_pay parameter value to 0 on the response from the server.
  • Then forward the request to the browser and see the magic…

So in this way, we can buy all the things for free by exploiting this bug.

Summary and Timeline

Reported On: 23–07–2021T02:02PM IST

First response: 23–07–2021T04:05PM IST

Triaged On: 24–07–2021T10:00AM IST

Bounty Awarded On: 26–07–2021T04:50PM IST

My Instagram Handle: @krishnadev_p_melevila


文章来源: https://infosecwriteups.com/bug-bounty-response-manipulation-leading-to-payment-bypass-cb5fde360b1a?source=rss----7b722bfd1b8d--bug_bounty
如有侵权请联系:admin#unsafe.sh