
Vulnerability Description => Parameter tampering is a form of Web-based attack in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user’s authorization. Parameter tampering can result in product price manipulation.
↓ ↓ ↓ ↓ How to Exploit: ↓ ↓ ↓ ↓
1. Go to Custom T-Shirt Ecommerce Script site (http://readymadescript.org/demo/custom-t-shirt//index.php)
⇓ ⇓ ⇓ ⇓

2. Click on register and register using your essential details
⇓ ⇓ ⇓ ⇓

3. Verify your account
⇓ ⇓ ⇓ ⇓

4. Come back again Custom T-Shirt Ecommerce Script site and log in into your account
⇓ ⇓ ⇓ ⇓

5. Go home, then select any Product for buy and click start design (etc T-shirt)
⇓ ⇓ ⇓ ⇓

6. Customize your shirt, then Save Front side and back side
⇓ ⇓ ⇓ ⇓

7. Click Add to bag and click Process to checkout
⇓ ⇓ ⇓ ⇓

8. Make sure that burp interceptor is on and Fill up billing details then Click Process to checkout
⇓ ⇓ ⇓ ⇓

9. Now find the total value that you want to change (etc: 1020 rupees)
⇓ ⇓ ⇓ ⇓

10. Change the total value into 1 or any value you want and forward the request
⇓ ⇓ ⇓ ⇓

11. Now off burp interceptor and now you can see the money value changed (1020 rupees to 1 rupee)
⇓ ⇓ ⇓ ⇓


Hello to every body, it’s my first pay a quick visit of this web site; this webpage
carries amazing and genuinely fine data in favor of readers.
LikeLiked by 1 person