Payment Bypass Allowed Me to Purchase Anything for Free
Hi, My name is abdelkader mouaz and also know as Hamzadzworm
“Today, I’ll share an interesting finding that allowed me to shop for anything for free.”
“I received an invite to a private program, but subdomains were out of scope because they said the subdomains belonged to third-party companies.”
“So, I kept digging to find any subdomains owned by the company I was working with.”
And after few hours i got an interesting subdomain that sell products and i noticed that in this products there is logo of company iam working for
so i started working on it
“This subdomain doesn’t have many functions; you can only shop on it.”
“So, I went straight to trying to manipulate the payment to see if there was anything I could do.”
“Here are some things I tried that you can also test:
- I attempted to change the product price.
- I tried to modify the currency.”
- I tried replacing ‘false’ with ‘true’ in the response.
I also tried replacing ‘failed’ with ‘success.’”
“None of these worked for me.
After spending some time on it, I went to the cart and started experimenting with the quantity parameter.”
“I tried to calculate a quantity using subtraction (-).”
And result was:
“But since you can’t pay anything with a negative amount (-), I searched for multipe other products to make price =130.
So, (-130) + (130) = 0.
This way, I was able to get a product for free. Then the triager asked me to prove that I was able to place an order successfully by tampering with the price.”
Result:
And they was able to validat my report:
I hope you enjoyed reading that, and I hope you gained some new ideas from my report that may help you in the future.”
All the best. -.-
