High-level logic vulnerability
https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-excessive-trust-in-client-side-controls
Last updated
https://portswigger.net/web-security/logic-flaws/examples/lab-logic-flaws-excessive-trust-in-client-side-controls
Last updated
Let's click on the My account
button and login using the following credentials:
Username | Password |
---|---|
wiener | peter |
Now we can add the "Lightweight l33t leather jacket" to our cart.
Since we are proxying the traffic through Burp Suite, we can go Proxy > HTTP History
to view the request.
Let's forward this request to the Repeater
for further modification.
Once in the Repeater
, we can set the quantity
parameter to the following:
Let's go back to our cart in the browser.
We can see that the quantity
has gone from 1 to -1 since we set the quantity
parameter to -2. Also the price is now negative.
Next, we have to set the quantity
back to 1 and add another product ("The Trolley-ON") to the cart.
We can view this request in the Proxy > HTTP History
tab.
Let's forward it to the Repeater
. Inside the Repeater
set the quantity
parameter to the following and send the request:
Let's check out our cart.
We can see that the quantity of "The Trolley-ON" has gone from 1 to -21. More importantly the price which in in negative has been subtracted from the jacket's price and the total is now lower than our credits.
Let's buy the products.
We have solved the lab.