.png)
2 months ago
33 BOOK THIS SPACE FOR AD
ARTICLE ADAfter choosing some random course I entered my details & intercept the HTTP request so I can analysis it further
Price of the course was fixed and cant not be altered through front end
In HTTP request you can notice there are two interesting parameters which caught my attention.
&amount=300
&gross_total=300
After changing the parameters values from 300 to 30 I forwarded the request and Boom!!!
Final price was reflecting as 30 INR and now you just need to pay the amount for 30 INR
But sometimes these changes only happen on the client side and don’t affect the server side, which is crucial for completing the final payment.
Still at this point I wasn’t really sure if I was able change the final price, To clear my doubt I paid the 30 INR and I got the receipt for that
I quickly prepared the “Vulnerability Disclosure Report” with all the image and video proofs I was able to attach and reported through their email.
Bengali (Bangladesh) · 
English (United States) ·