Part -2: Uncovering a Critical Parameter Tampering Vulnerability on a Major OTT Platform

Hello Knights, Today, I’m coming to you with an interesting bug-hunting story that I recently performed. A couple of months back, I started posting blogs on Medium, and my first blog was about parameter tampering on an event Expo booking platform, where I managed to exploit the issue by changing the price parameter.

Now, I’m back with another case of parameter tampering, but this time on a different application. This post will help you gain knowledge on how to find and exploit this type of vulnerability. So, let’s dive into the topic!

In this blog, I’ll share a recent discovery of a severe parameter tampering vulnerability on a well-known OTT platform. This issue allowed me to change the price of premium subscriptions from a high amount to just Rs. 1, enabling me to access all premium content at a fraction of the cost. This poses a significant financial risk to the platform. I’ll walk you through the steps of how I found and exploited this vulnerability, how I reported it, and the importance of remediation.

Online platforms, especially those dealing with financial transactions, must be secure. However, vulnerabilities can sometimes slip through, leading to significant risks. Recently, I discovered a critical parameter tampering issue on a popular OTT (Over-The-Top) streaming platform. This vulnerability allowed me to change the price of premium subscriptions from Rs. 3,333 to Rs. 1, giving me access to all premium content for practically nothing.

My journey began when I noticed something unusual while navigating the subscription options on this OTT platform. The platform offered various subscription plans, each with different prices. I wondered if there was a way to manipulate the data being sent to the server when purchasing a subscription.

Upon further investigation, I found that the parameters sent during the subscription process were not properly validated. This meant that by tampering with the parameters, I could modify the price from the original amount to as low as Rs. 1.

Here’s how I exploited the vulnerability:

Step 1: Log in to the website and navigate to the dashboard. On the top right corner, locate the “Subscribe” icon.

Step 2: Click on “Subscribe” and select the first subscription plan.

Step 3: The payment methods along with the total amount will be displayed.

Step 4: Intercept the request in Burp Suite and select the Razorpay option in the browser. To identify key parameters involved in the subscription process, such as the subscription ID and the amount.

Step 5: Modify the amount parameter from Rs. 2,824.59 to Rs. 1.00, keeping the subscription ID unchanged.

Step 6: Submit the modified request. The payment amount will now reflect as Rs. 1.18 (includes GST😅).

Step 7: Complete the payment by verifying the number and paying the modified amount using UPI.

Step 8: After the payment is processed, log in to the platform to verify that all premium videos and features, originally intended for customers paying the full price, are accessible.

Step 9: The “Subscribe” icon on the dashboard will no longer be visible, indicating that the premium subscription has been successfully activated.

This vulnerability was not just about a small discount — it had the potential to cause a massive financial loss for the platform if exploited on a large scale.

Once I confirmed the vulnerability, I immediately reported it to the security team of the OTT platform. I provided them with all the details, including the steps to reproduce the issue and the potential impact. However, despite the critical nature of the vulnerability, I contacted the team several times but received no response. I don’t even know what they were busy with, but it was frustrating to send multiple emails for such a serious issue and get no reply. The lack of response and poor maintenance on their part was disappointing, especially given the financial risk posed by this vulnerability.

To address this critical vulnerability, the OTT platform should take the following steps:

Implement Server-Side Validation: Ensure that all transaction parameters, especially those related to pricing, are validated on the server side. This prevents attackers from modifying data sent from the client.Enforce Integrity Checks: Use cryptographic methods such as HMAC (Hash-based Message Authentication Code) to ensure the integrity of critical parameters. This makes it difficult for attackers to tamper with the data without being detected.Monitor for Suspicious Activity: Implement logging and monitoring to detect abnormal behavior, such as repeated attempts to purchase subscriptions at unusually low prices. Alerts should be triggered for any suspicious activity.Conduct Regular Security Audits: Regularly audit the application’s security to identify and address any vulnerabilities. Penetration testing should be conducted periodically to ensure the platform remains secure.Improve Response and Maintenance Protocols: The platform’s security team should establish a more efficient process for handling vulnerability reports. Timely responses and swift remediation are crucial, especially when dealing with critical issues that can lead to significant financial loss.

This vulnerability highlights the importance of secure coding practices, especially in applications dealing with financial transactions. Parameter tampering can have serious consequences if not properly addressed. It’s crucial for developers to validate all inputs and ensure that any critical operations, like payments, are securely handled on the server side.

Stay safe, and always test your platforms for such vulnerabilities before they go live!

Sulman Farooq S is a passionate cybersecurity enthusiast with over three years of experience in penetration testing and specializes in network, web application, mobile application, and API penetration testing. Follow me on Medium for more insights into cybersecurity and vulnerability assessments.

Stay vigilant and keep your applications secure! Happy (ethical) hacking! 😊😊😊