This is my second parameter tampering bug. I Reported the bug to the company in 22–02–2022 but still now they don’t fix this. So here I don’t disclose the target. Let consider the target as Redacted.com.
About The Target:
The target website is an edutech company. The have lot of training course material and books. To access those content we need to purchase their membership. They have three package like three month, Six month and One year Subscription.
Now straight to the vulnerability,
So as the first step of testing I started subdomain enumeration but i didn’t find anything interesting. So I started to test the website functionalities using burp suite. I started to check for account takeover but no luck. So I tried to test the payment functionality. So I choose the three month subscription and click the pay button and capture the request in burpsuite.
In the request there is no payment parameter but when i checked the response for the particular request I found the “Amount=” parameter.So I changed the value of the amount parameter to rupees 3 and pass the response.
And then I choose card for banking and click the pay now button. payment successful. Now the account is upgraded to premium and can access the course material for three month.
I reported this issue to the company but they are very lazy to fix the issue.
Follow Me for More Updates: