Showing Impact is Your friend (500$+500$ bounties)

Hi There , welcome to another writeup where i will discuss two of business logic vulnerabilities that i discovered by showing impact of normal function , so lets begin.

Target:

Let’s call it redacted.com , it is a website where you can design T-Shirts and products , then sell the products.

1st Vulnerability:

Application has a function called “Sample order” , where you can try your new designs and order them with 20% discount , they say that there is a limit of 1 order per month for every account but is that right?

After you make an order , you get an order id to pay with in the request of paying , i tried to make more than one order without completing it , then make another order , and for the surprise i got another order id , so attacker can use the two order ids in paying request to bypass the limit of sample orders to buy!

2nd Vulnerability:

The same website have a ready-to-use designs , but it is premium for 1$ for each photo , i stucked for the requests to get any request leaking the premium design with its hiqh quality , and yeah i finded the request i wanted , there were a request with parameters to size your design , and it leaks the link of the design in the response with 1024x1080 quality!

So i downloaded the design and use it in the uploading function and yeah i got the design with its original quality without pixel.

The End:

That’s the end of the writeup , just praying to get another catches to write a writeup for it , for any questions just contact me in x , my user is 0x_5wf