
Vulnerability Description => Parameter tampering is a form of Web-based attack in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user’s authorization.
↓ ↓ ↓ ↓ How to Exploit: ↓ ↓ ↓ ↓
1. Go to Auction website script site (http://198.38.86.159/~prasanth/products/auction/)
⇓ ⇓ ⇓ ⇓

2. Click on register and register using your username, mail address, and password
⇓ ⇓ ⇓ ⇓

3. Come back again Auction website script site and log in into your account
⇓ ⇓ ⇓ ⇓

4. Go to advertising, then click any Buy Now option (etc Header)
⇓ ⇓ ⇓ ⇓

5. Make sure that burp interceptor is on and Then Click on Pay Now
⇓ ⇓ ⇓ ⇓

6. Now find the value that you want to change (etc 30 dollars)
⇓ ⇓ ⇓ ⇓

7. Change the amount value into 1.23 and forward the request
⇓ ⇓ ⇓ ⇓

8. Now off burp interceptor and goto payment gateway
⇓ ⇓ ⇓ ⇓

9. Click on create a new account or log into your account and then you can see money value change to $1.23
⇓ ⇓ ⇓ ⇓

