Bug Allowed users to enroll course for free

KumaraGurubaran
2 min readOct 3, 2021

--

Hi guys This is my first bug.I can’t disclose the website so let us consider the site as example.com.The site was an online learning platform there users can enroll the course they want.Here the website provide single course for Rs1499 for one month and bundle course for 5999 and has lifetime access.

So I decided to check for parameter tampering vulnerablity.I clicked the enroll course button and capture the request in burpsuite and I found the amount= parameter.Now I changed the amount to 1 and sent the request but in the response no change.The amount was validated in the backend.So once again I click the enroll button and capture the request.This time I don’t do any change in the request and in burp I clicked >> Do intercept and response to the request and in the response I found the value 5999.Now I changed the value to 1.Now it successfully worked and asked for payment option to pay the amount of 1 Rs.

First I thought that it was just hapend in the front end so it doesn’t work.So with half mind I choose the payment option as paytm and send the request.But this time there is no validation in the backend and it redirect to my paytm account and I paid one rupee and enroll the course.Then I submitted the report to their security team.After two days they confirm the issue and fix it within a day and send me a acknowledgment mail.

Acknowledgment mail.

Note:While checking for parameter tampering always check both the request and response.

--

--