Story of my first Bug on #jiomart parameter Temparing

Hello Everyone,

So whats is Parameter Temparing

The Web Parameter Tampering attack is based on the manipulation of parameters exchanged between client and server in order to modify application data, such as user credentials and permissions, price and quantity of products, etc. Usually, this information is stored in cookies, hidden form fields, or URL
Query Strings, and is used to increase application functionality and control.

lets start with #Jiomart First I try to temper the value of product which will added the to cart . I fire the Burpsuite and started to find the parameter values But i cant get any parameter value the added the security

Now at Cart There is Button place A Order I Captured A requests With Burpsuite and still I am not able to get parameter Value

After that I landed on Make Payment Page same thing i Captured the requests with Burpsuite and Now this time i got a value Parameter of Amount

I Changed the amount Parameter to 10 and forwared the requests and it shows me Error Amount is Less than Cart value What Happen at Backend it compare the value of cart with payment amount and if change it throws the error

UFF now what then again i changed the value of amount to cart value and forwarded the requests and i landed on payment Page

I started tha Payment Process and started to Capture the Request Now I got something really Interesting

I changed the total Ordertotal value to 10 and forward the request then i login to my phone pay acc and Boom it changes to 10

After payment it shows the order placed

Thanky you for reading.