.png)
1 day ago
4 BOOK THIS SPACE FOR AD
ARTICLE ADWhat is Supreme Court of India ?
The Supreme Court of India is the supreme judicial authority and the highest court of the Republic of India. It is the final court of appeal for all civil and criminal cases in India. It also has the power of judicial review.(Source: wiki)
Hello !! Today, I am excited to share a significant discovery — a price tampering vulnerability in the Supreme Court of India’s E-Filing Module. This loophole allowed attackers to manipulate the court fee amount during the caveat request registration process using parameter tampering in an HTTP request.(currently patched).
Step-by-Step Exploitation Process
Step 1: Choosing a Service
I randomly selected a service that required a court fee payment. Upon selecting the service, I entered my details and proceeded to the payment page.
Step 2: Capturing the HTTP Request
To analyze the request, I used an interception proxy tool (such as Burp Suite) to inspect the HTTP request being sent to the server.
Step 3: Identifying Interesting Parameters
Upon inspecting the captured request, two key parameters caught my attention:
&usr_fee_fixed=510&usr_court_fee=510
The final price of the payment was 510 INR, and this value was fixed on the frontend.
Step 4: Manipulating the Parameters
I modified the values in the intercepted request:
&usr_fee_fixed=2&usr_court_fee=2
Then, I forwarded the modified request to the server.
Bengali (Bangladesh) · 
English (United States) ·