Introduction
Hey guys, how are you all doing? We are currently exploring business logic vulnerabilities in a series. “Excessive trust in client-side controls” is our first article on business logic vulnerabilities. We will be using PortSwigger Web Security Labs for practical demonstrations.
Lab Description For Excessive trust in client-side controls
In this lab, user input is not properly validated, which allows us to exploit a logic flaw. The lab provides us with some products that we can buy. The main goal of the lab is to sell products using the business logic. We will manipulate the price of a product called “Lightweight l33t leather jacket” in this lab.
We have been given credentials for Wiener and Peter.
Lab solution
Firstly, we need to access the lab and then log in using Wiener’s account.
After logging in, we will be given $100 credit, which we will use to buy the “Lightweight l33t Leather Jacket” product priced at $1337.
Next, we will view the product by selecting “View product” for the Lightweight “l33t” Leather Jacket.
Then, we will add the product to the cart and intercept the request during the addition. After intercepting the request, we will send the product to the repeater tab.
Then, we will add the product to the cart and intercept the request during the addition. After intercepting the request, we will send the product to the repeater tab.
If you remember, we sent the intercepted request to the repeater tab. In the repeater tab, you will see “name=price” with a value of “1337.00”. Simply change the price value to “1” while leaving everything else as it is.
After making these changes, forward the request. You can see a 302 response. Now, go back to your browser and check your cart. The price of the product is now $0.1.
Finally, click on “Place order” to solve the lab, as you have successfully purchased the product for $0.01.
This concludes our second article on business logic vulnerabilities. We will continue with more in the future. So gyes we have successfully solved our first lab which is Excessive trust in client-side controls. You can find this lab on PortSwigger Web Security.
Congratulations! and don’t forgot to follow us on twitter @masaudsec.